Persistent issues through fresh install, multiple machines | #microsoft | #hacking | #cybersecurity


Hello and thank you all in advance for your help!

 

I’ve been battling this for months without any success beyond a couple of weeks at best before symptoms and red flags begin returning. I first became aware of the problem in January when I started using a machine again routinely after about a year where I was logging in sparsely at most for basic tasks and quite frankly not paying much attention to the machine’s health. I spent far too many hours trying to save that machine (Lenovo Think Center i5 originally win 7 pro upgraded to win 10 pro) and last month bought a pre-owned pre-owned machine (iBuyPower i7 win10 home). I used two laptops in the process of trying to fix the lenovo and despite keeping them on my phone’s hotspot rather than my home network the lenovo was previously on and unplugged to rule out the router and treating flash drives as one-time-use if I need to install a tool – both ended up with permission issues, unwanted firewall rules, start up processes, questionable registry entries, etc consistent with what I found on the lenovo. Tools I installed via my one-time-use flash drive policy from the laptops (prior to their issues appearing) don’t come up with anything and appear to be susceptible to whatever is going on.

 

 

 

Tools I’ve tried – Malwarebytes (even when I wasn’t paying close attention, I scanned whenever I used the lenovo, pro was installed when I first noticed the issues), CCleaner (also routinely used to clean registry and run whenever I scanned with MB), ADWcleaner (routinely, same policy as MB and CC). Post discovery – Kaspersky boot rescue, win defender offline, Rkill, TDsskiller, Temp File Cleaner (temp files seem to be a source). Registry entries in HKEY_USERSS-1-5-21-(long string) and HKEY_USERSS-1-5-21-(long string)_Classes include references to games I’ve never installed (I had never installed any games on any of the machines) and it looks like my machines were being used as some sort of game server.

 

I wanted a completely fresh start with the iBuypower, shut down lenovo and both laptops, bought a new router, created an install disk with the media creation tool from a friend’s days old pc on a new flash drive on their network, ran diskpart, wiped the ssd © and the data drive, installed windows with clean all drives option and purchased a new copy of windows 10 pro from the MS store, activated, installed all updates, installed bitdefender pro. Life was good – for a couple of weeks… now I’m seeing the same issues on the iBuypower. I never should have let it get to this point, but it has and I chased this to the point where I trust nothing on the machine, I’m likely assigning blame to symptoms and the root cause is probably staring me in the face -this has been a humbling experience. Ironically, after years of using PCs as tools, now I’m just a guy that wants to browse the internet and play some games. In closing, treat me as a novice, but I will follow any instructions to the letter and nothing is out of my comfort zone on a pc.

 

FRST Results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021

Ran by Winston Smith (administrator) on HAL-9000 (27-05-2021 12:22:39)

Running from C:Program FilesFarbar

Loaded Profiles: Winston Smith

Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: English (United States)

Default browser: Brave

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentDiscoverySrv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentProductAgentService.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdagent.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdntwrk.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe <3>

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdtrackersnmh.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdwtxcr.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender VPNbdvpnapp.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender VPNBdVpnService.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe

(Brave Software, Inc. -> Brave Software, Inc.) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe <21>

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_ffc75848a6342fdfjhi_service.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <8>

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:Windowsregedit.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32hvsimgr.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32hvsirdpclient.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32hvsirpcd.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32WindowsPowerShellv1.0powershell.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:WindowsSystem32vmwp.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314Display.NvContainerNVDisplay.Container.exe <2>

(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkResourcesx64nssm.exe <2>

(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkSurfshark.exe

(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkSurfshark.Service.exe

(Surfshark Ltd. -> Surfshark) C:Program Files (x86)SurfsharkSurfshark.ShadowsocksService.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [MouseDriver] => TiltWheelMouse.exe

HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)

HKLM…Run: [BdVpnApp] => C:Program FilesBitdefenderBitdefender VPNBdVpnApp.exe [251496 2021-05-13] (Bitdefender SRL -> Bitdefender)

HKUS-1-5-21-1122837440-1392308684-3391438225-1001…Run: [Surfshark] => C:Program Files (x86)SurfsharkSurfshark.exe [5835576 2021-05-04] (Surfshark Ltd. -> Surfshark)

HKUS-1-5-21-1122837440-1392308684-3391438225-1001…MountPoints2: {267f256f-b59f-11eb-a797-7085c28d32b1} – “F:SETUP.EXE” 

HKUS-1-5-18…Run: [] => [X]

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication90.0.4430.212Installerchrmstp.exe [2021-05-17] (Google LLC -> Google LLC)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program FilesBraveSoftwareBrave-BrowserApplication90.1.24.86Installerchrmstp.exe [2021-05-25] (Brave Software, Inc. -> Brave Software, Inc.)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1694F1C6-B6C8-44D1-83D1-90276BAB9616} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {41DF9EA9-A0EC-4857-8D61-CC700B9F203A} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC)

Task: {4A79C647-15DB-4EBF-B8A5-CDEEBDACFE20} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {4E085685-D1C1-4A42-844F-D6E5DCDAA6D3} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {69BFA093-5892-4E7B-B16A-75F7FD07039A} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender AgentWatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)

Task: {70852859-873B-4AE0-9EA2-DC1AD4362475} – System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {7844BED8-F456-4E4F-B6A2-403F58FDFC60} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC)

Task: {BEB90C98-7A07-49D5-9F18-7031FED170C7} – System32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:Program FilesBitdefenderBitdefender Securitybdagent.exe [954456 2021-05-20] (Bitdefender SRL -> Bitdefender)

Task: {BFBBE493-CD18-4ED2-BA13-D656E1A87EDE} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {C88F3DD4-BC2E-4070-B7F8-972517706C94} – System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WindowsTasksCreateExplorerShellUnelevatedTask.job => C:Windowsexplorer.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip..Interfaces{0ca5e559-250d-49e7-b7b1-1784c34d1d0d}: [NameServer] 9.9.9.9

Tcpip..Interfaces{0ca5e559-250d-49e7-b7b1-1784c34d1d0d}: [DhcpNameServer] 9.9.9.9

Tcpip..Interfaces{d5796d03-315e-4620-ab98-b9aabd6348ca}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:UsersWinston SmithAppDataLocalMicrosoftEdgeUser DataDefault [2021-05-27]

Edge HKLM-x32…EdgeExtension: [pdhdldaneekjpoaldekpgomomeabpnek]

 

FireFox:

========

FF HKLM…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi

FF Extension: (Bitdefender Wallet) – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]

FF HKLM…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi

FF Extension: (Bitdefender Anti-tracker) – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]

FF HKLM…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext

FF Extension: (Bitdefender Antispam Toolbar) – C:Program FilesBitdefenderBitdefender Securitybdtbext [2021-04-28] [Legacy] [not signed]

FF HKLM-x32…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi

FF HKLM-x32…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi

FF HKLM-x32…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext

 

Chrome: 

=======

CHR Profile: C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefault [2021-05-20]

CHR Extension: (Slides) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-05-17]

CHR Extension: (Docs) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-05-17]

CHR Extension: (Google Drive) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-05-17]

CHR Extension: (YouTube) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-17]

CHR Extension: (Sheets) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-05-17]

CHR Extension: (Google Docs Offline) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-17]

CHR Extension: (Bitdefender Anti-tracker) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionskhndhdhbebhaddchcgnalcjlaekbbeof [2021-05-17]

CHR Extension: (Chrome Web Store Payments) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-05-17]

CHR Extension: (Gmail) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-05-17]

CHR Extension: (Chrome Media Router) – C:UsersWinston SmithAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-17]

CHR HKLM-x32…ChromeExtension: [gannpgaobkkhmpomoijebaigcapoeebl]

CHR HKLM-x32…ChromeExtension: [khndhdhbebhaddchcgnalcjlaekbbeof]

 

Brave: 

=======

BRA Profile: C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefault [2021-05-27]

BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave

BRA DefaultSearchKeyword: Default -> :d

BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list

BRA Extension: (TrafficLight) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionscfnpidifppmenkapgihekkeednfoenal [2021-05-15]

BRA Extension: (Bitdefender Wallet) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsgannpgaobkkhmpomoijebaigcapoeebl [2021-05-15]

BRA Extension: (Bitdefender Anti-tracker) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionskhndhdhbebhaddchcgnalcjlaekbbeof [2021-05-15]

BRA Extension: (Brave Local Data Files Updater) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Dataafalakplffnnnlkncjhbmahjfjhmlkal [2021-05-15]

BRA Extension: (Brave Ad Block Updater (Default)) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Datacffkpbalmllkdoenhmdmpbkajipdjfam [2021-05-26]

BRA Extension: (Brave NTP sponsored images) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Datagccbbckogglekeggclmmekihdgdpdgoe [2021-05-27]

BRA Extension: (Brave SpeedReader Updater) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Datajicbkmdloagakknpihibphagfckhjdih [2021-05-15]

BRA Extension: (Brave HTTPS Everywhere Updater) – C:UsersWinston SmithAppDataLocalBraveSoftwareBrave-BrowserUser Dataoofiananboodjbbmdelgdommihjbkfag [2021-05-26]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AfVpnService; C:Program FilesBitdefenderBitdefender VPNhydra.sdk.windows.service.exe [198256 2021-01-26] (Pango Inc. -> AnchorFree Inc.)

R2 BDAuxSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)

R2 BDProtSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)

R2 bdredline; C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender)

R2 BdVpnService; C:Program FilesBitdefenderBitdefender VPNbdvpnservice.exe [246888 2021-05-13] (Bitdefender SRL -> Bitdefender)

S2 brave; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7391408 2021-05-15] (Malwarebytes Inc -> Malwarebytes)

R2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5393288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 Surfshark Service; C:Program Files (x86)SurfsharkResourcesx64nssm.exe [440120 2020-06-15] (Surfshark Ltd. -> Surfshark)

R2 Surfshark Shadowsocks Service; C:Program Files (x86)SurfsharkResourcesx64nssm.exe [440120 2020-06-15] (Surfshark Ltd. -> Surfshark)

R2 UPDATESRV; C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe [301144 2021-05-20] (Bitdefender SRL -> Bitdefender)

R2 VSSERV; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0NisSrv.exe [2599328 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2104.14-0MsMpEng.exe [128376 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleKmdfFilter; C:WindowsSystem32driversAppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:WindowsSystem32driversAppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

R1 atc; C:WindowsSystem32DRIVERSatc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)

R2 BdDci; C:Windowssystem32DRIVERSbddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)

S0 bdelam; C:WindowsSystem32driversbdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)

R0 bdprivmon; C:WindowsSystem32DRIVERSbdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)

R0 Gemma; C:WindowsSystem32DRIVERSgemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R0 gzflt; C:WindowsSystem32DRIVERSgzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)

R2 Ignis; C:Windowssystem32DRIVERSignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)

S3 logi_generic_hid_filter; C:Windowssystem32driverslogi_generic_hid_filter.sys [56568 2019-03-11] (Logitech Inc -> Logitech)

S3 logi_joy_bus_enum; C:Windowssystem32driverslogi_joy_bus_enum.sys [38136 2021-01-13] (Logitech Inc -> Logitech)

S3 logi_joy_hid_filter; C:Windowssystem32driverslogi_joy_hid_filter.sys [57592 2019-03-11] (Logitech Inc -> Logitech)

S3 logi_joy_hid_lo; C:Windowssystem32driverslogi_joy_hid_lo.sys [46840 2019-03-11] (Logitech Inc -> Logitech)

S3 logi_joy_vir_hid; C:Windowssystem32driverslogi_joy_vir_hid.sys [26672 2021-01-13] (Logitech Inc -> Logitech)

S3 logi_joy_xlcore; C:Windowssystem32driverslogi_joy_xlcore.sys [66808 2021-01-13] (Logitech Inc -> Logitech)

S3 logi_mouse_hid_filter; C:WindowsSystem32driverslogi_mouse_hid_filter.sys [56024 2019-03-11] (Logitech Inc -> Logitech)

R2 MBAMChameleon; C:WindowsSystem32DriversMbamChameleon.sys [220752 2021-05-15] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WindowsSystem32DRIVERSMbamElam.sys [19912 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [248992 2021-05-15] (Malwarebytes Inc -> Malwarebytes)

S3 RzDev_0060; C:WindowsSystem32driversRzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_0078; C:WindowsSystem32driversRzDev_0078.sys [52504 2020-02-17] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_007a; C:WindowsSystem32driversRzDev_007a.sys [52496 2020-02-17] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_007e; C:WindowsSystem32driversRzDev_007e.sys [52288 2020-02-17] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_0209; C:WindowsSystem32driversRzDev_0209.sys [52288 2020-02-17] (Razer USA Ltd. -> Razer Inc)

S3 RzDev_0306; C:WindowsSystem32driversRzDev_0306.sys [52504 2020-02-17] (Razer USA Ltd. -> Razer Inc)

S3 ssbthid; C:WindowsSystem32driversssbthid.sys [45752 2020-10-08] (SteelSeries ApS -> SteelSeries ApS)

S3 ssdevfactory; C:WindowsSystem32driversssdevfactory.sys [48848 2020-12-21] (SteelSeries ApS -> SteelSeries ApS)

S3 sshid; C:WindowsSystem32driverssshid.sys [57440 2020-12-21] (SteelSeries ApS -> SteelSeries ApS)

S3 SurfsharkSplitTunnelDriver; C:Program Files (x86)SurfsharkResourcesx64SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> )

R3 tap0901; C:WindowsSystem32driverstap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)

R3 tapsurfshark; C:WindowsSystem32driverstapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)

R0 trufos; C:WindowsSystem32DRIVERStrufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)

S3 t_mouse.sys; C:WindowsSystem32driverst_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )

S0 WdBoot; C:WindowsSystem32driverswdWdBoot.sys [49560 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WindowsSystem32driverswdWdFilter.sys [421112 2021-05-15] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [73960 2021-05-15] (Microsoft Windows -> Microsoft Corporation)

R3 wintunshark; C:Windowssystem32DRIVERSwintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-05-26 21:19 – 2021-05-26 23:30 – 000008253 _____ C:UsersWinston SmithDesktopNetStat.txt

2021-05-26 12:54 – 2021-05-26 12:54 – 000001575 _____ C:Windowssystem32configVSMIDK

2021-05-26 12:53 – 2021-05-26 12:53 – 000000000 ___SD C:Windowssystem32containers

2021-05-26 12:53 – 2021-05-26 12:53 – 000000000 ____D C:Windowssystem32HvsiSettingsProviders

2021-05-20 16:57 – 2021-05-20 16:57 – 000000000 _____ C:UsersWinston SmithDesktopG1.txt

2021-05-17 14:49 – 2021-05-17 14:54 – 000000000 ____D C:UsersWinston SmithAppDataLocalGoogle

2021-05-17 14:49 – 2021-05-17 14:49 – 000003418 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA

2021-05-17 14:49 – 2021-05-17 14:49 – 000003294 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore

2021-05-17 14:49 – 2021-05-17 14:49 – 000002330 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-05-17 14:49 – 2021-05-17 14:49 – 000002289 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-05-17 14:49 – 2021-05-17 14:49 – 000002289 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2021-05-17 14:49 – 2021-05-17 14:49 – 000000000 ____D C:Program FilesGoogle

2021-05-17 14:49 – 2021-05-17 14:49 – 000000000 ____D C:Program Files (x86)Google

2021-05-17 14:47 – 2021-05-17 14:47 – 001310832 _____ (Google LLC) C:UsersWinston SmithDownloadsChromeSetup.exe

2021-05-17 12:39 – 2021-05-17 12:39 – 000000000 ____D C:UsersWinston SmithAppDataLocalCrashDumps

2021-05-17 11:55 – 2021-05-17 12:01 – 004379204 _____ C:UsersWinston SmithDocumentsATkey_Manual.pdf

2021-05-16 05:33 – 2021-05-17 15:07 – 000000000 ____D C:UsersWinston SmithAppDataLocalD3DSCache

2021-05-16 00:23 – 2021-05-16 00:23 – 000000000 ____D C:Program FilesIntel

2021-05-16 00:23 – 2021-05-16 00:23 – 000000000 _____ C:Rule.txt

2021-05-16 00:23 – 2021-05-16 00:17 – 000432560 _____ (Intel Corporation) C:Windowssystem32PROUnstl.exe

2021-05-16 00:23 – 2021-05-16 00:17 – 000001088 ____N C:Windowssystem32SetupBD.din

2021-05-16 00:17 – 2021-05-16 00:18 – 000000000 ____D C:UsersWinston SmithDownloads26_2

2021-05-16 00:06 – 2021-05-16 00:14 – 710281897 _____ C:UsersWinston SmithDownloads26_2.zip

2021-05-15 22:44 – 2021-05-16 06:13 – 000000000 ____D C:ProgramDataSurfshark

2021-05-15 22:44 – 2021-05-15 22:44 – 000001025 _____ C:UsersPublicDesktopSurfshark.lnk

2021-05-15 22:44 – 2021-05-15 22:44 – 000001025 _____ C:ProgramDataDesktopSurfshark.lnk

2021-05-15 22:44 – 2021-05-15 22:44 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSurfshark

2021-05-15 22:44 – 2021-05-15 22:44 – 000000000 ____D C:ProgramDataCaphyon

2021-05-15 22:44 – 2021-05-15 22:44 – 000000000 ____D C:Program Files (x86)Surfshark

2021-05-15 22:43 – 2021-05-17 16:03 – 000000000 ____D C:UsersWinston SmithAppDataRoamingSurfshark

2021-05-15 22:43 – 2021-05-15 22:43 – 000000000 ____D C:Program FilesSurfshark

2021-05-15 21:56 – 2021-05-15 21:56 – 026893576 _____ (Surfshark) C:UsersWinston SmithDownloadsSurfsharkSetup.exe

2021-05-15 16:57 – 2021-05-15 16:57 – 000001086 _____ C:UsersPublicDesktopRevo Uninstaller.lnk

2021-05-15 16:57 – 2021-05-15 16:57 – 000001086 _____ C:ProgramDataDesktopRevo Uninstaller.lnk

2021-05-15 16:57 – 2021-05-15 16:57 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRevo Uninstaller

2021-05-15 16:57 – 2021-05-15 16:57 – 000000000 ____D C:Program FilesVS Revo Group

2021-05-15 16:56 – 2021-05-15 16:56 – 007495512 _____ (VS Revo Group ) C:UsersWinston SmithDownloadsrevosetup.exe

2021-05-15 16:47 – 2021-05-15 16:48 – 000001870 _____ C:UsersWinston SmithDesktopRkill.txt

2021-05-15 16:46 – 2021-05-15 16:47 – 000069182 _____ C:TDSSKiller.3.1.0.28_15.05.2021_13.46.41_log.txt

2021-05-15 16:44 – 2021-05-15 16:44 – 040488656 _____ (Adlice Software ) C:UsersWinston SmithDownloadsRogueKiller_setup.exe

2021-05-15 16:43 – 2021-05-15 16:48 – 000000000 ____D C:Program FilesrKill

2021-05-15 16:40 – 2021-05-15 16:40 – 000000000 ____D C:Program FilesKaspesky

2021-05-15 16:38 – 2021-05-15 16:40 – 000000000 ____D C:UsersWinston SmithDownloadstdsskiller

2021-05-15 16:36 – 2021-05-15 16:36 – 004962800 _____ C:UsersWinston SmithDownloadstdsskiller.zip

2021-05-15 16:10 – 2021-05-26 14:37 – 070254592 _____ C:Windowssystem32configSOFTWARE

2021-05-15 16:08 – 2021-05-15 16:10 – 000000000 ____D C:WindowsMicrosoft Antimalware

2021-05-15 15:28 – 2021-05-27 12:22 – 000000000 ____D C:Program FilesFarbar

2021-05-15 15:27 – 2021-05-27 12:22 – 000000000 ____D C:FRST

2021-05-15 15:24 – 2021-05-15 15:24 – 000000000 ____D C:UsersWinston SmithAppDataLocalOneDrive

2021-05-15 14:57 – 2021-05-15 14:57 – 000000000 ____D C:Program FilesAdwCleaner

2021-05-15 14:55 – 2021-05-15 14:59 – 000000000 ____D C:AdwCleaner

2021-05-15 14:40 – 2021-05-15 14:40 – 000000000 ____D C:UsersWinston SmithAppDataLocalmbam

2021-05-15 14:39 – 2021-05-15 14:39 – 000248992 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys

2021-05-15 14:39 – 2021-05-15 14:39 – 000220752 _____ (Malwarebytes) C:Windowssystem32DriversMbamChameleon.sys

2021-05-15 14:39 – 2021-05-15 14:39 – 000199128 _____ (Malwarebytes) C:Windowssystem32Driversmbae64.sys

2021-05-15 14:39 – 2021-05-15 14:39 – 000019912 _____ (Malwarebytes) C:Windowssystem32DriversMbamElam.sys

2021-05-15 14:39 – 2021-05-15 14:39 – 000000000 ____D C:ProgramDataMalwarebytes

2021-05-15 14:39 – 2021-05-15 14:39 – 000000000 ____D C:Program FilesMalwarebytes

2021-05-15 14:38 – 2021-05-15 14:38 – 002078632 _____ (Malwarebytes) C:UsersWinston SmithDownloadsMBSetup.exe

2021-05-15 14:32 – 2021-05-15 17:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRack – Cleaners

2021-05-15 14:22 – 2021-05-15 14:22 – 000000000 ____D C:UsersWinston SmithAppDataRoamingMicrosoftWindowsStart MenuProgramsSYStools-Rack

2021-05-15 14:19 – 2021-05-15 14:20 – 000000000 ____D C:Program Files (x86)SYStools-Rack

2021-05-15 14:09 – 2021-05-15 14:09 – 000208256 _____ C:ProgramDatavpn.1621102141.bdinstall.v2.bin

2021-05-15 14:09 – 2021-05-15 14:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender VPN

2021-05-15 14:09 – 2021-05-15 14:09 – 000000000 ____D C:ProgramDataBitdefender VPN

2021-05-15 14:09 – 2021-05-15 14:09 – 000000000 ____D C:ProgramDataAnchorFree_Inc

2021-05-15 14:08 – 2021-05-15 14:08 – 000774428 _____ C:ProgramDatacl.1621101941.bdinstall.v2.bin

2021-05-15 14:08 – 2021-05-15 14:08 – 000104068 _____ C:ProgramDatacl.kit.1621101934.bdinstall.v2.bin

2021-05-15 14:08 – 2021-05-15 14:08 – 000003420 _____ C:Windowssystem32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C

2021-05-15 14:08 – 2021-05-15 14:08 – 000000000 ____D C:ProgramData48C4687D-9760-4F5B-BAB3-60351B0841E4

2021-05-15 14:06 – 2021-05-15 14:06 – 000003802 _____ C:Windowssystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864

2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:Windowssystem32elambkup

2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender Security

2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataGemma

2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataBDLogging

2021-05-15 14:06 – 2021-05-15 14:06 – 000000000 ____D C:ProgramDataAtc

2021-05-15 14:06 – 2021-02-26 16:40 – 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:Windowssystem32Driversatc.sys

2021-05-15 14:06 – 2021-02-16 18:31 – 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:Windowssystem32Driversgemma.sys

2021-05-15 14:06 – 2020-12-18 05:33 – 000022976 _____ (Bitdefender) C:Windowssystem32Driversbdelam.sys

2021-05-15 14:06 – 2020-12-04 19:15 – 000802976 _____ (Bitdefender) C:Windowssystem32Driversbddci.sys

2021-05-15 14:06 – 2020-01-17 06:03 – 000046056 _____ (© Bitdefender SRL) C:Windowssystem32Driversbdprivmon.sys

2021-05-15 14:05 – 2021-05-15 14:22 – 000000000 ____D C:ProgramDataBitdefender

2021-05-15 14:05 – 2021-05-15 14:09 – 000000000 ____D C:Program FilesBitdefender

2021-05-15 14:05 – 2021-05-15 14:05 – 000118136 _____ C:ProgramDataagent.1621101897.bdinstall.v2.bin

2021-05-15 14:05 – 2021-05-15 14:05 – 000000000 ____D C:UsersWinston SmithAppDataRoamingBitdefender

2021-05-15 14:05 – 2021-05-15 14:05 – 000000000 ____D C:Program FilesCommon FilesBitdefender

2021-05-15 14:05 – 2021-02-26 21:31 – 000641728 _____ (Bitdefender) C:Windowssystem32Driverstrufos.sys

2021-05-15 14:05 – 2020-10-07 14:30 – 000185312 _____ (Bitdefender) C:Windowssystem32Driversignis.sys

2021-05-15 14:05 – 2020-09-03 08:20 – 000195232 _____ (BitDefender LLC) C:Windowssystem32Driversgzflt.sys

2021-05-15 14:04 – 2021-05-15 14:08 – 000000000 ____D C:Program FilesBitdefender Agent

2021-05-15 14:04 – 2021-05-15 14:04 – 013568464 _____ C:UsersWinston SmithDownloadsbitdefender_windows_3101ff80-da9a-493e-a4d2-5aee6a7731f9.exe

2021-05-15 14:04 – 2021-05-15 14:04 – 000000000 ____D C:ProgramDataBitdefender Agent

2021-05-15 13:59 – 2021-05-25 23:36 – 000002371 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk

2021-05-15 13:58 – 2021-05-15 13:59 – 000000000 ____D C:UsersWinston SmithAppDataLocalBraveSoftware

2021-05-15 13:58 – 2021-05-15 13:58 – 001243504 _____ (BraveSoftware Inc.) C:UsersWinston SmithDownloadsBraveBrowserSetup.exe

2021-05-15 13:58 – 2021-05-15 13:58 – 000003438 _____ C:Windowssystem32TasksBraveSoftwareUpdateTaskMachineUA

2021-05-15 13:58 – 2021-05-15 13:58 – 000003314 _____ C:Windowssystem32TasksBraveSoftwareUpdateTaskMachineCore

2021-05-15 13:58 – 2021-05-15 13:58 – 000000000 ____D C:Program FilesBraveSoftware

2021-05-15 13:58 – 2021-05-15 13:58 – 000000000 ____D C:Program Files (x86)BraveSoftware

2021-05-15 13:27 – 2021-05-15 13:47 – 000000000 ____D C:UsersWinston SmithAppDataRoamingBitwarden

2021-05-15 13:27 – 2021-05-15 13:27 – 000000862 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBitwarden.lnk

2021-05-15 13:27 – 2021-05-15 13:27 – 000000000 ____D C:UsersWinston SmithAppDataLocalbitwarden-updater

2021-05-15 13:25 – 2021-05-15 13:25 – 000710864 _____ (Bitwarden Inc.) C:UsersWinston SmithDownloadsBitwarden-Installer-1.26.3.exe

2021-05-15 13:19 – 2021-05-15 13:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalSteam

2021-05-15 13:19 – 2021-05-15 13:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalCEF

2021-05-15 13:18 – 2021-05-15 13:18 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSteam

2021-05-15 12:38 – 2021-05-15 12:55 – 000003214 __RSH C:ProgramDatantuser.pol

2021-05-15 12:15 – 2021-05-15 12:15 – 000000000 ___HD C:OneDriveTemp

2021-05-15 12:10 – 2021-05-15 12:10 – 002755584 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb

2021-05-15 12:10 – 2021-05-15 12:10 – 002755584 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb

2021-05-15 12:10 – 2021-05-15 12:10 – 001314120 _____ (Microsoft Corporation) C:Windowssystem32SecConfig.efi

2021-05-15 12:10 – 2021-05-15 12:10 – 001163776 _____ C:Windowssystem32MBR2GPT.EXE

2021-05-15 12:10 – 2021-05-15 12:10 – 000700928 _____ C:Windowssystem32FsNVSDeviceSource.dll

2021-05-15 12:10 – 2021-05-15 12:10 – 000164168 _____ C:Windowssystem32cmdiag.exe

2021-05-15 12:10 – 2021-05-15 12:10 – 000157184 _____ C:Windowssystem32uwfcsp.dll

2021-05-15 12:10 – 2021-05-15 12:10 – 000153600 _____ C:Windowssystem32uwfcfgmgmt.dll

2021-05-15 12:10 – 2021-05-15 12:10 – 000103936 _____ C:Windowssystem32cmimageworker.exe

2021-05-15 12:10 – 2021-05-15 12:10 – 000060928 _____ C:Windowssystem32runexehelper.exe

2021-05-15 12:10 – 2021-05-15 12:10 – 000014848 _____ C:Windowssystem32hnsproxy.dll

2021-05-15 12:10 – 2021-05-15 12:10 – 000011351 _____ C:Windowssystem32DrtmAuthTxt.wim

2021-05-15 12:09 – 2021-05-15 12:09 – 001823816 _____ (Microsoft Corporation) C:Windowssystem32winload.efi

2021-05-15 12:09 – 2021-05-15 12:09 – 001393504 _____ (Microsoft Corporation) C:Windowssystem32winresume.efi

2021-05-15 12:09 – 2021-05-15 12:09 – 000165888 _____ C:Windowssystem32DataStoreCacheDumpTool.exe

2021-05-15 12:09 – 2021-05-15 12:09 – 000013312 _____ C:Windowssystem32agentactivationruntimestarter.exe

2021-05-15 12:04 – 2021-05-15 12:04 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-05-15 12:02 – 2021-05-15 12:03 – 000000000 ____D C:Windowssystem32MRT

2021-05-15 12:02 – 2021-05-15 12:02 – 000000000 ___HD C:$WinREAgent

2021-05-14 16:53 – 2021-05-17 11:14 – 000000000 ____D C:UsersWinston SmithAppDataLocalPlaceholderTileLogoFolder

2021-05-14 16:09 – 2021-05-14 16:09 – 000000000 ____D C:UsersWinston SmithAppDataLocalLowTemp

2021-05-10 12:58 – 2021-05-10 12:58 – 000000000 ____D C:UsersWinston SmithAppDataLocalElevatedDiagnostics

2021-05-10 12:52 – 2021-05-10 12:58 – 000240422 _____ C:Windowsntbtlog.txt

2021-05-10 12:52 – 2021-05-10 12:52 – 000000214 _____ C:WindowsTasksCreateExplorerShellUnelevatedTask.job

2021-04-30 20:50 – 2021-04-30 20:50 – 001718626 _____ (pendrivelinux.com) C:UsersWinston SmithDownloadsYUMI-2.0.8.7.exe

2021-04-30 15:01 – 2021-04-30 15:01 – 000000000 ____H C:Windowssystem32DriversMsft_User_WpdFs_01_11_00.Wdf

2021-04-30 14:50 – 2021-04-30 14:50 – 000000000 ____D C:UsersWinston SmithAppDataLocalPeerDistRepub

2021-04-30 14:36 – 2021-04-30 14:36 – 000000000 ____D C:UsersWinston SmithAppDataLocalComms

2021-04-30 14:21 – 2021-05-15 12:20 – 000000000 ___RD C:UsersWinston SmithOneDrive

2021-04-30 14:21 – 2021-05-14 16:52 – 000003396 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-1122837440-1392308684-3391438225-1001

2021-04-30 14:21 – 2021-04-30 14:21 – 000000000 ____D C:ProgramDataMicrosoft OneDrive

2021-04-30 14:19 – 2021-05-26 14:27 – 000000000 ____D C:UsersWinston SmithAppDataLocalPackages

2021-04-30 14:19 – 2021-05-15 12:14 – 000000000 ____D C:UsersWinston SmithAppDataLocalConnectedDevicesPlatform

2021-04-30 14:19 – 2021-05-15 12:05 – 000000000 __RHD C:UsersPublicAccountPictures

2021-04-30 14:19 – 2021-05-15 12:01 – 000000000 ____D C:ProgramDataPackages

2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ___RD C:UsersWinston Smith3D Objects

2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ____D C:UsersWinston SmithAppDataRoamingAdobe

2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalVirtualStore

2021-04-30 14:19 – 2021-04-30 14:19 – 000000000 ____D C:UsersWinston SmithAppDataLocalPublishers

2021-04-30 14:18 – 2021-05-14 16:52 – 000002398 _____ C:UsersWinston SmithAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-04-30 14:18 – 2021-05-10 12:47 – 000000000 ____D C:UsersWinston Smith

2021-04-30 14:18 – 2021-04-30 14:18 – 000000020 ___SH C:UsersWinston Smithntuser.ini

2021-04-30 14:12 – 2021-05-26 21:06 – 000795742 _____ C:Windowssystem32PerfStringBackup.INI

2021-04-30 14:08 – 2021-04-30 14:08 – 000000000 _SHDL C:UsersDefault User

2021-04-30 14:08 – 2021-04-30 14:08 – 000000000 _SHDL C:UsersAll Users

2021-04-30 14:08 – 2021-04-30 14:08 – 000000000 _SHDL C:Documents and Settings

2021-04-30 11:20 – 2021-05-27 11:20 – 000000000 ____D C:Windowssystem32SleepStudy

2021-04-30 11:20 – 2021-05-26 21:02 – 000008192 ___SH C:DumpStack.log.tmp

2021-04-30 11:20 – 2021-05-26 21:02 – 000000006 ____H C:WindowsTasksSA.DAT

2021-04-30 11:20 – 2021-05-25 23:35 – 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-04-30 11:20 – 2021-05-15 12:13 – 000258688 _____ C:Windowssystem32FNTCACHE.DAT

2021-04-30 11:20 – 2021-05-15 12:09 – 000000000 ____D C:Windowssystem32Driverswd

2021-04-30 11:20 – 2021-05-15 12:04 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-04-30 11:20 – 2021-05-15 12:04 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-04-30 11:20 – 2021-04-30 16:15 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2021-04-30 11:20 – 2021-04-30 11:20 – 000000000 ____D C:Windowssystem32lxss

2021-04-30 11:20 – 2021-04-30 11:20 – 000000000 ____D C:Windowssystem32DriversNVIDIA Corporation

2021-04-30 11:20 – 2021-04-30 11:20 – 000000000 ____D C:WindowsServiceProfiles

2021-04-30 03:21 – 2021-04-30 14:11 – 000000000 ____D C:WindowsPanther

2021-04-30 03:19 – 2021-04-30 03:19 – 000000000 ____D C:Program FilesSteelSeries

2021-04-30 03:18 – 2021-04-30 03:18 – 000008192 _____ C:Windowssystem32configuserdiff

2021-04-30 03:18 – 2021-04-30 03:18 – 000000000 ____D C:Program Files (x86)Razer

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64winrm

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64WCN

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64sysprep

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64slmgr

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64Printing_Admin_Scripts

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64MailContactsCalendarSync

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64409

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32winrm

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32WCN

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32slmgr

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32Printing_Admin_Scripts

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32MailContactsCalendarSync

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32409

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSetup

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsOCR

2021-04-30 03:17 – 2021-04-30 03:17 – 000000000 ____D C:WindowsDigitalLocker

2021-04-30 03:15 – 2021-05-27 12:23 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-04-30 03:15 – 2021-05-26 22:38 – 000000000 ____D C:WindowsINF

2021-04-30 03:15 – 2021-05-26 21:46 – 000000000 ___HD C:Program FilesWindowsApps

2021-04-30 03:15 – 2021-05-26 21:46 – 000000000 ____D C:WindowsAppReadiness

2021-04-30 03:15 – 2021-05-26 14:26 – 000000000 ____D C:Windowssystem32NDF

2021-04-30 03:15 – 2021-05-17 14:49 – 000000000 ___RD C:Program Files (x86)

2021-04-30 03:15 – 2021-05-17 11:32 – 000000000 ____D C:WindowsLiveKernelReports

2021-04-30 03:15 – 2021-05-15 23:10 – 000000000 ____D C:WindowsSystemResources

2021-04-30 03:15 – 2021-05-15 23:10 – 000000000 ____D C:Windowssystem32setup

2021-04-30 03:15 – 2021-05-15 23:10 – 000000000 ____D C:WindowsPolicyDefinitions

2021-04-30 03:15 – 2021-05-15 14:39 – 000000000 ___HD C:WindowsELAMBKUP

2021-04-30 03:15 – 2021-05-15 14:11 – 000000000 ___SD C:WindowsDownloaded Program Files

2021-04-30 03:15 – 2021-05-15 14:11 – 000000000 ___RD C:WindowsOffline Web Pages

2021-04-30 03:15 – 2021-05-15 12:37 – 000000000 ___HD C:Windowssystem32GroupPolicy

2021-04-30 03:15 – 2021-05-15 12:15 – 000000000 ___RD C:WindowsImmersiveControlPanel

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ___RD C:WindowsPrintDialog

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64WinMetadata

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64setup

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64oobe

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsSysWOW64Dism

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32WinMetadata

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32SystemResetPlatform

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32oobe

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowssystem32Dism

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsProvisioning

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:WindowsDiagTrack

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Windowsbcastdvr

2021-04-30 03:15 – 2021-05-15 12:12 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-04-30 03:15 – 2021-05-15 12:08 – 000000000 ____D C:Program FilesWindows Defender

2021-04-30 03:15 – 2021-05-14 16:52 – 000000000 ____D C:Windowsappcompat

2021-04-30 03:15 – 2021-05-10 13:42 – 000000000 ____D C:Windowssystem32MsDtc

2021-04-30 03:15 – 2021-05-10 12:47 – 000000000 ____D C:Windowssystem32configTxR

2021-04-30 03:15 – 2021-04-30 16:58 – 000000000 ____D C:ProgramDataUSOPrivate

2021-04-30 03:15 – 2021-04-30 14:36 – 000000000 ____D C:WindowsServiceState

2021-04-30 03:15 – 2021-04-30 14:18 – 000000000 ____D C:Windowssystem32WinBioDatabase

2021-04-30 03:15 – 2021-04-30 14:11 – 000000000 ____D C:Windowssystem32spool

2021-04-30 03:15 – 2021-04-30 14:07 – 000000000 ____D C:WindowsCSC

2021-04-30 03:15 – 2021-04-30 11:20 – 000000000 ____D C:Windowssystem32DriversDriverData

2021-04-30 03:15 – 2021-04-30 05:06 – 000028672 _____ C:Windowssystem32configBCD-Template

2021-04-30 03:15 – 2021-04-30 03:21 – 000000000 ____D C:WindowsContainers

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:WindowsSysWOW64F12

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:WindowsSysWOW64DiagSvcs

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:Windowssystem32F12

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:Windowssystem32dsc

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ___SD C:Windowssystem32DiagSvcs

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64MUI

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsSysWOW64Com

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32WinBioPlugIns

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32Sysprep

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32PerceptionSimulation

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32MUI

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32migwiz

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Windowssystem32Com

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsIME

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:WindowsHelp

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesWindows Photo Viewer

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesWindows NT

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesCommon FilesSystem

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program Files (x86)Windows Photo Viewer

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program Files (x86)Windows NT

2021-04-30 03:15 – 2021-04-30 03:17 – 000000000 ____D C:Program Files (x86)Windows Defender

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __SHD C:WindowsBitLockerDiscoveryVolumeContents

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __SHD C:Program FilesWindows Sidebar

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __SHD C:Program Files (x86)Windows Sidebar

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __RSD C:WindowsMedia

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 __RHD C:UsersPublicLibraries

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:WindowsSysWOW64Nui

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:WindowsSysWOW64Configuration

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32UNP

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32Nui

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32Configuration

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___SD C:Windowssystem32AppV

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ___HD C:WindowsLanguageOverlayCache

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsWeb

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsWaaS

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsVss

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowstracing

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsTAPI

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64SMI

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64ras

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64PerceptionSimulation

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64NDF

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Msdtc

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64migwiz

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Keywords

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Ipmi

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64InputMethod

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64inetsrv

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64IME

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64icsxml

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64GroupPolicyUsers

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64GroupPolicy

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64downlevel

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64Bthprops

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64AppLocker

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSysWOW64AdvancedInstallers

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSystemApps

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32winevt

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ti-et

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ta-lk

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ta-in

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32si-lk

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ShellExperiences

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Sgrm

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32SecureBootUpdates

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ras

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ProximityToast

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32PointOfService

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32osa-Osge-001

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32my-mm

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Keywords

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Ipmi

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32InputMethod

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32inetsrv

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32IME

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32icsxml

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ias

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Hydrogen

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32GroupPolicyUsers

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ff-Adlm-SN

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32DriverState

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32downlevel

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32DDFs

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32ContainerSettingsProviders

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32configsystemprofile

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32configRegBack

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32configJournal

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32Bthprops

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32appraiser

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32AppLocker

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32am-et

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32AdvancedInstallers

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSystem

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSKB

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsShellExperiences

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsShellComponents

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowssecurity

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowsschemas

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsSchCache

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsResources

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Windowsrescache

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsRemotePackages

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsRegistration

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsPLA

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsPerformance

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsModemLogs

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsL2Schemas

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsInputMethod

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsIdentityCRL

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsGlobalization

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsGameBarPresenceWriter

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsCursors

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:WindowsBranding

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:ProgramDataWindowsHolographicDevices

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:ProgramDataUSOShared

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesWindows Security

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesWindows Portable Devices

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesWindows Multimedia Platform

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesModifiableWindowsApps

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program FilesCommon FilesServices

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program Files (x86)Windows Portable Devices

2021-04-30 03:15 – 2021-04-30 03:15 – 000000000 ____D C:Program Files (x86)Windows Multimedia Platform

2021-04-30 03:15 – 2021-04-30 03:14 – 000215943 _____ C:WindowsSysWOW64dssec.dat

2021-04-30 03:15 – 2021-04-30 03:14 – 000215943 _____ C:Windowssystem32dssec.dat

2021-04-30 03:15 – 2021-04-30 03:14 – 000020908 _____ C:Windowssystem32OEMDefaultAssociations.xml

2021-04-30 03:15 – 2021-04-30 03:14 – 000017635 _____ C:Windowssystem32Driversetcservices

2021-04-30 03:15 – 2021-04-30 03:14 – 000003683 _____ C:Windowssystem32Driversetclmhosts.sam

2021-04-30 03:15 – 2021-04-30 03:14 – 000003103 _____ C:WindowsSysWOW64mmc.exe.config

2021-04-30 03:15 – 2021-04-30 03:14 – 000003103 _____ C:Windowssystem32mmc.exe.config

2021-04-30 03:15 – 2021-04-30 03:14 – 000001358 _____ C:Windowssystem32Driversetcprotocol

2021-04-30 03:15 – 2021-04-30 03:14 – 000000858 _____ C:Windowssystem32DefaultQuestions.json

2021-04-30 03:15 – 2021-04-30 03:14 – 000000741 _____ C:WindowsSysWOW64NOISE.DAT

2021-04-30 03:15 – 2021-04-30 03:14 – 000000741 _____ C:Windowssystem32NOISE.DAT

2021-04-30 03:15 – 2021-04-30 03:14 – 000000407 _____ C:Windowssystem32Driversetcnetworks

2021-04-30 03:15 – 2021-04-30 03:14 – 000000219 _____ C:Windowssystem.ini

2021-04-30 03:15 – 2021-04-30 03:14 – 000000092 _____ C:Windowswin.ini

2021-04-30 03:12 – 2021-05-26 12:53 – 000000000 ____D C:WindowsCbsTemp

2021-04-30 03:11 – 2021-05-26 14:37 – 014417920 _____ C:Windowssystem32configSYSTEM

2021-04-30 03:11 – 2021-05-26 14:37 – 000524288 _____ C:Windowssystem32configDEFAULT

2021-04-30 03:11 – 2021-05-26 14:37 – 000524288 _____ C:Windowssystem32configBBI

2021-04-30 03:11 – 2021-05-26 14:37 – 000131072 _____ C:Windowssystem32configSAM

2021-04-30 03:11 – 2021-05-26 14:37 – 000032768 _____ C:Windowssystem32configSECURITY

2021-04-30 03:11 – 2021-05-26 13:59 – 000065536 _____ C:Windowssystem32configELAM

2021-04-30 03:11 – 2021-05-15 12:11 – 000000000 ____D C:Windowsservicing

2021-04-30 03:11 – 2021-04-30 03:15 – 000000000 ____D C:Windowssystem32SMI

2021-04-29 23:52 – 2021-04-29 23:52 – 000581120 _____ (Microsoft Corporation) C:Windowssystem32PhotoScreensaver.scr

2021-04-29 23:52 – 2021-04-29 23:52 – 000575488 _____ (Microsoft Corporation) C:WindowsSysWOW64hhctrl.ocx

2021-04-29 23:52 – 2021-04-29 23:52 – 000499200 _____ (Microsoft Corporation) C:WindowsSysWOW64PhotoScreensaver.scr

2021-04-29 23:52 – 2021-04-29 23:52 – 000480256 _____ C:Windowssystem32AssignedAccessCsp.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000469504 _____ (Microsoft Corporation) C:WindowsSysWOW64appwiz.cpl

2021-04-29 23:52 – 2021-04-29 23:52 – 000374072 _____ C:Windowssystem32vp9fs.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000304128 _____ (Microsoft Corporation) C:Windowssystem32ksproxy.ax

2021-04-29 23:52 – 2021-04-29 23:52 – 000266240 _____ (Microsoft Corporation) C:Windowssystem32mpg2splt.ax

2021-04-29 23:52 – 2021-04-29 23:52 – 000234496 _____ (Microsoft Corporation) C:WindowsSysWOW64ksproxy.ax

2021-04-29 23:52 – 2021-04-29 23:52 – 000204800 _____ (Microsoft Corporation) C:WindowsSysWOW64mpg2splt.ax

2021-04-29 23:52 – 2021-04-29 23:52 – 000191288 _____ C:Windowssystem32HvsiSettingsWorker.exe

2021-04-29 23:52 – 2021-04-29 23:52 – 000170496 _____ (Microsoft Corporation) C:Windowssystem32VBICodec.ax

2021-04-29 23:52 – 2021-04-29 23:52 – 000152912 _____ C:Windowssystem32IsolatedWindowsEnvironmentUtils.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000138056 _____ C:Windowssystem32HvsiManagementApi.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000135168 _____ (Microsoft Corporation) C:WindowsSysWOW64VBICodec.ax

2021-04-29 23:52 – 2021-04-29 23:52 – 000119296 _____ C:Windowssystem32hvsiproxyapp.exe

2021-04-29 23:52 – 2021-04-29 23:52 – 000111920 _____ C:WindowsSysWOW64IsolatedWindowsEnvironmentUtils.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000101704 _____ C:WindowsSysWOW64HvsiManagementApi.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000095744 _____ C:Windowssystem32VirtualMonitorManager.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000089912 _____ C:Windowssystem32HvsiMachinePolicies.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000087552 _____ C:Windowssystem32hvsiDspdvcclient.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000084992 _____ (Microsoft Corporation) C:Windowssystem32wscui.cpl

2021-04-29 23:52 – 2021-04-29 23:52 – 000079688 _____ C:Windowssystem32hvsifiletrust.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000072704 _____ (Microsoft Corporation) C:WindowsSysWOW64tdc.ocx

2021-04-29 23:52 – 2021-04-29 23:52 – 000071680 _____ C:Windowssystem32wdagtool.exe

2021-04-29 23:52 – 2021-04-29 23:52 – 000067584 _____ (Microsoft Corporation) C:WindowsSysWOW64wscui.cpl

2021-04-29 23:52 – 2021-04-29 23:52 – 000061264 _____ C:WindowsSysWOW64hvsifiletrust.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000053760 _____ C:WindowsSysWOW64BWContextHandler.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000045880 _____ C:Windowssystem32HvSocket.dll

2021-04-29 23:52 – 2021-04-29 23:52 – 000044344 _____ C:Windowssystem32AuditSettingsProvider.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 004898144 _____ (Microsoft Corporation) C:Windowssystem32rtmpltfm.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 003860832 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmpltfm.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 002260992 _____ C:Windowssystem32TextInputMethodFormatter.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 002260480 _____ (The ICU Project) C:Windowssystem32icu.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 002254336 _____ C:Windowssystem32dwmscene.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 001354080 _____ (Microsoft Corporation) C:Windowssystem32rtmpal.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 001333760 _____ C:WindowsSysWOW64TextInputMethodFormatter.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 001091936 _____ (Microsoft Corporation) C:Windowssystem32rtmcodecs.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 001032544 _____ (Microsoft Corporation) C:Windowssystem32ortcengine.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000980320 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmpal.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000915296 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmcodecs.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000732000 _____ (Microsoft Corporation) C:WindowsSysWOW64ortcengine.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000729600 _____ (Microsoft Corporation) C:Windowssystem32hhctrl.ocx

2021-04-29 23:51 – 2021-04-29 23:51 – 000707016 _____ C:Windowssystem32TextShaping.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000643072 _____ C:Windowssystem32WindowManagementAPI.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000611952 _____ C:WindowsSysWOW64TextShaping.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000595968 _____ (Microsoft Corporation) C:Windowssystem32appwiz.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000544768 _____ (Microsoft Corporation) C:Windowssystem32mmsys.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000455680 _____ C:WindowsSysWOW64WindowManagementAPI.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000446976 _____ (Microsoft Corporation) C:WindowsSysWOW64mmsys.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000422912 _____ (Microsoft Corporation) C:WindowsSysWOW64winspool.drv

2021-04-29 23:51 – 2021-04-29 23:51 – 000363520 _____ C:Windowssystem32Windows.Internal.UI.Shell.WindowTabManager.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000330752 _____ C:WindowsSysWOW64ssdm.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000306688 _____ C:Windowssystem32HeatCore.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000266752 _____ (Microsoft Corporation) C:Windowssystem32bthprops.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000266240 _____ C:WindowsSysWOW64Windows.Internal.UI.Shell.WindowTabManager.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000243200 _____ (Microsoft Corporation) C:Windowssystem32timedate.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000240640 _____ C:WindowsSysWOW64CoreMas.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000238592 _____ (Microsoft Corporation) C:Windowssystem32intl.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000235520 _____ C:WindowsSysWOW64HeatCore.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000231248 _____ C:Windowssystem32containerdevicemanagement.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000221184 _____ (Microsoft Corporation) C:WindowsSysWOW64bthprops.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000190976 _____ C:Windowssystem32BthpanContextHandler.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000182272 _____ (Microsoft Corporation) C:WindowsSysWOW64timedate.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000178688 _____ (Microsoft Corporation) C:WindowsSysWOW64intl.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000152064 _____ C:Windowssystem32EoAExperiences.exe

2021-04-29 23:51 – 2021-04-29 23:51 – 000112128 _____ (Microsoft Corporation) C:WindowsSysWOW64activeds.tlb

2021-04-29 23:51 – 2021-04-29 23:51 – 000112128 _____ (Microsoft Corporation) C:Windowssystem32activeds.tlb

2021-04-29 23:51 – 2021-04-29 23:51 – 000102912 _____ (Microsoft Corporation) C:Windowssystem32ncpa.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000100864 _____ (Microsoft Corporation) C:WindowsSysWOW64ncpa.cpl

2021-04-29 23:51 – 2021-04-29 23:51 – 000091136 _____ C:Windowssystem32Driverscimfs.sys

2021-04-29 23:51 – 2021-04-29 23:51 – 000087552 _____ (Microsoft Corporation) C:Windowssystem32tdc.ocx

2021-04-29 23:51 – 2021-04-29 23:51 – 000067072 _____ C:Windowssystem32BWContextHandler.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000056672 _____ (Microsoft Corporation) C:Windowssystem32rtmmvrortc.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000055376 _____ (Microsoft Corporation) C:WindowsSysWOW64rtmmvrortc.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000048640 _____ (Adobe Systems) C:Windowssystem32atmlib.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000047472 _____ C:WindowsSysWOW64umpdc.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000039936 _____ (Adobe Systems) C:WindowsSysWOW64atmlib.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000029696 _____ (The ICU Project) C:Windowssystem32icuuc.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000025088 _____ (The ICU Project) C:Windowssystem32icuin.dll

2021-04-29 23:51 – 2021-04-29 23:51 – 000023552 _____ (Microsoft Corporation) C:WindowsSysWOW64msacm32.drv

2021-04-29 23:51 – 2021-04-29 23:51 – 000010752 _____ C:WindowsSysWOW64agentactivationruntimestarter.exe

2021-04-29 23:51 – 2021-04-29 23:51 – 000001370 _____ C:Windowssystem32ThirdPartyNoticesBySHS.txt

2021-04-29 23:50 – 2021-04-29 23:50 – 004227116 _____ C:Windowssystem32DefaultHrtfs.bin

2021-04-29 23:50 – 2021-04-29 23:50 – 000562688 _____ (Microsoft Corporation) C:Windowssystem32winspool.drv

2021-04-29 23:50 – 2021-04-29 23:50 – 000455168 _____ C:Windowssystem32ssdm.dll

2021-04-29 23:50 – 2021-04-29 23:50 – 000287232 _____ C:Windowssystem32CoreMas.dll

2021-04-29 23:50 – 2021-04-29 23:50 – 000197632 _____ C:Windowssystem32IHDS.dll

2021-04-29 23:50 – 2021-04-29 23:50 – 000089088 _____ C:Windowssystem32windows.applicationmodel.conversationalagent.proxystub.dll

2021-04-29 23:50 – 2021-04-29 23:50 – 000074240 _____ C:Windowssystem32rdsxvmaudio.dll

2021-04-29 23:50 – 2021-04-29 23:50 – 000073216 _____ C:Windowssystem32windows.applicationmodel.conversationalagent.internal.proxystub.dll

2021-04-29 23:50 – 2021-04-29 23:50 – 000064552 _____ C:Windowssystem32umpdc.dll

2021-04-29 23:50 – 2021-04-29 23:50 – 000030208 _____ (Microsoft Corporation) C:Windowssystem32msacm32.drv

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-05-14 15:04 – 2021-04-14 03:03 – 000000000 ___HD C:$SysReset

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

Addition Results:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2021

Ran by Winston Smith (27-05-2021 12:24:42)

Running from C:Program FilesFarbar

Windows 10 Pro Version 20H2 19042.985 (X64) (2021-04-30 18:11:04)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1122837440-1392308684-3391438225-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-1122837440-1392308684-3391438225-503 – Limited – Disabled)

Guest (S-1-5-21-1122837440-1392308684-3391438225-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-1122837440-1392308684-3391438225-504 – Limited – Disabled)

Winston Smith (S-1-5-21-1122837440-1392308684-3391438225-1001 – Administrator – Enabled) => C:UsersWinston Smith

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Bitdefender Antivirus (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Disabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

FW: Bitdefender Firewall (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 25.0.1.181 – Bitdefender)

Bitdefender Total Security (HKLM…Bitdefender) (Version: 25.0.19.75 – Bitdefender)

Bitdefender VPN (HKLM…Bitdefender VPN) (Version: 25.4.2.36 – Bitdefender)

Bitwarden (HKLM…173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.26.3 – Bitwarden Inc.)

Brave (HKLM-x32…BraveSoftware Brave-Browser) (Version: 90.1.24.86 – Brave Software Inc)

Google Chrome (HKLM-x32…Google Chrome) (Version: 90.0.4430.212 – Google LLC)

Google Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 – Google LLC) Hidden

Intel® Network Connections 26.2.0.1 (HKLM…PROSetDX) (Version: 26.2.0.1 – Intel)

Malwarebytes version 4.3.3.116 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 – Malwarebytes)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 90.0.818.66 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-1122837440-1392308684-3391438225-1001…OneDriveSetup.exe) (Version: 21.073.0411.0002 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 – Microsoft Corporation)

Revo Uninstaller 2.2.5 (HKLM…{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.5 – VS Revo Group, Ltd.)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

Surfshark (HKLM-x32…{65CF9983-D382-4451-9A12-152D7ADA9395}) (Version: 2.8.3999 – Surfshark) Hidden

Surfshark (HKLM-x32…Surfshark 2.8.3999) (Version: 2.8.3999 – Surfshark)

Surfshark TAP Driver Windows (HKLM-x32…{9F9505BB-72D3-4E0E-8438-3C32D8375843}) (Version: 1.0 – Surfshark)

Surfshark TUN Driver Windows (HKLM…{D8B32360-DF13-4386-9C95-CE3657D4582B}) (Version: 1.0 – Surfshark)

 

Packages:

=========

ATKey for Windows -> C:Program FilesWindowsAppsCCD7B6D7.AuthenTrendProKey.BLE_2.0.63.0_x64__ryhvpf98a35rp [2021-05-17] (AuthenTrend Technology Inc.)

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)

Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0 [2021-05-26] (Spotify AB) [Startup Task]

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-05-15] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_3784df9edffd3314nvshext.dll [2021-03-26] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-05-15] (Malwarebytes Corporation -> Malwarebytes)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2020-10-12 13:54 – 2020-10-12 13:54 – 000324096 _____ () [File not signed] C:Program Files (x86)SurfsharkResourcesx64Surfshark.Firewall.dll

2020-11-20 03:06 – 2020-11-20 03:06 – 004035072 _____ () [File not signed] C:Program Files (x86)SurfsharkResourcesx64SurfsharkWg.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page = 

HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = 

HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = 

HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Local Page = 

BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securitybdtbie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)

BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)

BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:Program FilesBitdefenderBitdefender Securityantispam32bdtbie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)

Toolbar: HKLM – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender Securitypmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)

Toolbar: HKLM-x32 – Bitdefender Wallet – {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} – C:Program FilesBitdefenderBitdefender SecurityAntispam32pmbxie.dll [2021-05-20] (Bitdefender SRL -> Bitdefender)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2021-04-30 03:15 – 2021-05-27 12:20 – 000000822 _____ C:Windowssystem32driversetchosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-1122837440-1392308684-3391438225-1001Control PanelDesktop\Wallpaper -> C:WindowswebwallpaperWindowsimg0.jpg

DNS Servers: 9.9.9.9

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM…StartupApprovedRun: => “MouseDriver”

HKLM…StartupApprovedRun: => “Logitech Download Assistant”

HKUS-1-5-21-1122837440-1392308684-3391438225-1001…StartupApprovedRun: => “OneDrive”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{19E11198-9944-4D9F-9C7F-F476A9233045}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{220A3018-E6C5-4ACC-9BEE-C1774D3B8241}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{85779EDE-EB23-4655-9679-8CE3F7DE5F73}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{A8BA7E55-8628-4EF3-85D4-D48D65CD8A5F}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{71C0411F-8B17-4485-B5E2-401212921182}] => (Allow) G:SteamSteam.exe => No File

FirewallRules: [{22E0219B-993D-484E-8BED-7966EB3ADA31}] => (Allow) G:SteamSteam.exe => No File

FirewallRules: [{541A6925-1652-4873-B163-7535BAE3D3C0}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{A2011472-3B81-45C5-BCC4-B9DC275259C2}] => (Allow) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{B8FEED4E-D830-4B23-BE5D-3DA567256310}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{DD14EBA4-0BCE-4714-99C9-861BC1C6A39E}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{35E3F563-A6D9-43E0-8185-2F7D6DDEB1FC}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{3683B4C4-386B-4269-A56D-977A0BBFAB69}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{BD4E8F53-439C-4FF9-A04B-5D5766AE7C43}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{41138384-A831-48B6-A5F0-B26ADA42D9CD}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{D0732CD2-0006-419C-A327-CF608B5F675C}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{B9569097-DDC9-43D6-BEC0-B85C740A09C8}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.668.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

 

==================== Restore Points =========================

 

15-05-2021 12:03:34 Windows Modules Installer

15-05-2021 16:38:09 5-15-preclean

15-05-2021 17:06:09 Revo Uninstaller’s restore point – RogueKiller version 14.8.6.0

15-05-2021 22:43:52 Installed Surfshark

16-05-2021 00:23:18 Installed Intel® Network Connections.

16-05-2021 05:44:37 Revo Uninstaller’s restore point – Cortana

16-05-2021 06:00:40 Revo Uninstaller’s restore point – Xbox Game Bar

16-05-2021 06:04:30 Revo Uninstaller’s restore point – Microsoft Edge

16-05-2021 06:05:14 Revo Uninstaller’s restore point – Microsoft Edge

16-05-2021 06:05:51 Revo Uninstaller’s restore point – Microsoft Edge

16-05-2021 06:06:55 Revo Uninstaller’s restore point – Microsoft Edge

16-05-2021 06:13:33 Revo Uninstaller’s restore point – Microsoft Edge

16-05-2021 06:17:00 Revo Uninstaller’s restore point – Microsoft Edge

16-05-2021 06:20:21 Revo Uninstaller’s restore point – Microsoft Edge

16-05-2021 06:31:46 Revo Uninstaller’s restore point – Microsoft Solitaire Collection

26-05-2021 12:52:45 Windows Modules Installer

 

==================== Faulty Device Manager Devices ============

 

Name: Generic Bluetooth Adapter

Description: Generic Bluetooth Adapter

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: GenericAdapter

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (05/26/2021 11:40:08 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={3D588F8B-25E2-49B2-9819-CC27A4B10B1C}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

Error: (05/26/2021 11:40:03 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={E78019A0-0612-4BB2-ADB4-35A75E0C1D02}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

Error: (05/26/2021 11:39:58 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={A37358C3-E542-4B19-A3CE-4DF15ED02BFA}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

Error: (05/26/2021 11:39:52 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={07F54186-6861-419A-9D1C-7AC1EC1DDEDF}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

Error: (05/26/2021 11:39:37 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={370AF094-AD52-454C-A84E-7090E290ADA6}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

Error: (05/26/2021 11:39:32 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={3365600C-D445-46F3-B105-6D8ED9DBF1B7}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

Error: (05/26/2021 11:39:27 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={08F0D1E5-3E70-4116-AEF0-E5F0C32BF51B}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

Error: (05/26/2021 11:39:22 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={55CF7806-EFF4-446F-81CE-E46F3F8CAD7A}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 868.

 

 

System errors:

=============

Error: (05/26/2021 11:39:07 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport DeviceNetBT_Tcpip_{37F3BB35-F722-4328-B9BB-755EC36F0D0E} because another computer on the network has the same name.  The server could not start.

 

Error: (05/26/2021 11:39:07 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport DeviceNetBT_Tcpip_{2CC77596-4A8B-4777-8168-24440F668A70} because another computer on the network has the same name.  The server could not start.

 

Error: (05/26/2021 11:39:07 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport DeviceNetBT_Tcpip_{4C524602-04DE-4265-8ED3-34ADED9FE7DE} because another computer on the network has the same name.  The server could not start.

 

Error: (05/26/2021 10:25:52 PM) (Source: nvlddmkm) (EventID: 14) (User: )

Description: Event-ID 14

 

Error: (05/26/2021 09:09:52 PM) (Source: DCOM) (EventID: 10001) (User: HAL-9000)

Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.964.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXc2415ab8qmchmrznxwpax4mw6b3qz5ay.mca as Unavailable/Unavailable. The error:

“2147942402”

Happened while starting this command:

“C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdge.exe” -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

 

Error: (05/26/2021 09:05:35 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport DeviceNetBT_Tcpip_{7568BA80-31D2-4D08-B3BF-5DDE50F22C77} because another computer on the network has the same name.  The server could not start.

 

Error: (05/26/2021 09:05:35 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport DeviceNetBT_Tcpip_{37F3BB35-F722-4328-B9BB-755EC36F0D0E} because another computer on the network has the same name.  The server could not start.

 

Error: (05/26/2021 09:05:35 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport DeviceNetBT_Tcpip_{6410557B-E577-43B0-A9F8-B25EEF764F62} because another computer on the network has the same name.  The server could not start.

 

 

Windows Defender:

================

Date: 2021-05-20 16:30:34

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-05-20 16:19:24

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-05-15 15:47:05

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-05-15 13:43:55

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-05-15 13:39:51

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-05-14 16:47:36

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 0.0.0.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 0.0.0.0

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

 

Date: 2021-05-14 16:22:35

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 0.0.0.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 0.0.0.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved 

 

Date: 2021-05-14 16:22:35

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 0.0.0.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiSpyware

Update Type: Full

Current Engine Version: 

Previous Engine Version: 0.0.0.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved 

 

Date: 2021-05-14 16:22:35

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 0.0.0.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 0.0.0.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved 

 

Date: 2021-05-14 16:22:35

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 0.0.0.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 0.0.0.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved 

 

CodeIntegrity:

===============

Date: 2021-05-26 21:21:50

Description: 

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume4WindowsInstaller{AC44C09E-6D45-4F0F-8749-C3DF69A55FDE}ARPPRODUCTICON.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2021-05-26 21:04:37

Description: 

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume4Program FilesMalwarebytesAnti-MalwareMBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. P1.50 03/21/2018

Motherboard: ASRock Z370 Pro4-IB

Processor: Intel® Core™ i7-8700K CPU @ 3.70GHz

Percentage of memory in use: 34%

Total physical RAM: 32702.4 MB

Available physical RAM: 21579.72 MB

Total Virtual: 37566.4 MB

Available Virtual: 23520.9 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:222.97 GB) (Free:183.88 GB) (Protected) NTFS

Drive d: (New Volume) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS

Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked) 

Drive g: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked) 

Drive w: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked) 

 

\?Volume{92de8726-0409-4285-a2a2-2301c39c3832} () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS

\?Volume{629458e4-0000-0000-0000-010000000000} (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.51 GB) NTFS

\?Volume{e0945509-11f4-4013-b63a-bffe3f438e95} (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: EF084E29)

 

Partition: GPT.

 

==========================================================

Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)

Partition 1: (Not Active) – (Size=8 GB) – (Type=07 NTFS)

 

==================== End of Addition.txt =======================

 





Original Source link

Leave a Reply

Your email address will not be published.

seventy five + = 82