Security concerns of unknown infection or monotoring of my PC | #firefox | #chrome | #microsoftedge

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2021

Ran by Aladin (administrator) on KARMA (BOXX Technologies, Inc. 3DBOXX W4920) (30-06-2021 17:30:51)

Running from C:UsersAladinDownloads

Loaded Profiles: Aladin

Platform: Windows 10 Pro Version 21H1 19043.1081 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() [File not signed] C:UsersAladinAppDataLocalTempWondershare Recoverit Uninstalleruninstaller.exe

(Apple Inc. -> Apple Inc.) C:Program FilesBonjourmDNSResponder.exe

(Apple Inc. -> Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentDiscoverySrv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentProductAgentService.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdagent.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdntwrk.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe <3>

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdwtxag.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityseccenter.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe

(Drobo Inc -> Drobo, Inc.) C:Program Files (x86)DroboDrobo DashboardDDService.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNbootstrapamd64nssm.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNexpressvpndexpressvpnd.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNexpressvpndlightway.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNexpressvpn-uiExpressVPN.exe

(EXPRSVPN LLC -> ExpressVPN) C:Program Files (x86)ExpressVPNexpressvpn-uiExpressVPNNotificationService.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler64.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <12>

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbweCortana.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbweCalculator.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispwi.inf_amd64_c5c61752d6952c21Display.NvContainerNVDisplay.Container.exe <2>

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispwi.inf_amd64_c5c61752d6952c21NVWMInvWmi64.exe <2>

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)

HKLM…Run: [iTunesHelper] => C:Program FilesiTunesiTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)

HKLM…Run: [Bdagent] => C:Program FilesBitdefenderBitdefender Securitybdagent.exe [954456 2021-05-27] (Bitdefender SRL -> Bitdefender)

HKLM-x32…Run: [ExpressVPNNotificationService] => C:Program Files (x86)ExpressVPNexpressvpn-uiExpressVPNNotificationServiceStarter.exe [370032 2021-04-26] (EXPRSVPN LLC -> ExpressVPN)

HKLM…PoliciesExplorer: [UseDefaultTile] 1

HKUS-1-5-21-2554852420-482503577-337377319-1001…Run: [DDAssist] => C:Program Files (x86)DroboDrobo DashboardDDAssist.exe [827408 2019-11-25] (Drobo Inc -> Drobo, Inc.)

HKUS-1-5-21-2554852420-482503577-337377319-1001…Run: [ExpressVPN4] => C:Program Files (x86)ExpressVPNexpressvpn-uiExpressVPN.exe [850288 2021-04-26] (EXPRSVPN LLC -> ExpressVPN)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication91.0.4472.124Installerchrmstp.exe [2021-06-28] (Google LLC -> Google LLC)

GroupPolicy: Restriction ? <==== ATTENTION

GroupPolicyUser: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {03EE7D02-DC53-48E7-B0E8-CDFC204B2202} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {0A315402-0D09-4EC5-AEDA-A02FE41627C7} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154456 2021-05-18] (Google LLC -> Google LLC)

Task: {124F7D44-AB9D-480D-A7A2-A976F850B27A} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender AgentWatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)

Task: {4209F5A7-8893-4A45-85F4-2C3869781C60} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {4ED7279D-7D56-4AF6-A870-6454F0C8FA58} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {74AF1C66-CD23-407D-B88B-8A545CB40CC8} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {76DB7410-9A24-40AA-AB05-7F1897AD137E} – System32TasksAppleAppleSoftwareUpdate => C:Program Files (x86)Apple Software UpdateSoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

Task: {7F33625C-B0D1-4F35-99F5-248A1C1FABCC} – System32TasksAMSkipUAC => C:Program Files (x86)ZemanaAntiMalwareAntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

Task: {A0CC6885-30FF-4CCF-8244-4022117C93E5} – System32TasksnWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA Corporationnviewnwiz.exe [1546032 2021-05-07] (NVIDIA Corporation -> )

Task: {A5A29FF8-A49A-46FD-9723-8FB30B46690B} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {C05F6E76-9F71-4F4D-9A0E-0CF28DBD9F7D} – System32TasksEOSv3 Scheduler onLogOn => C:UsersAladinAppDataLocalESETESETOnlineScannerESETOnlineScanner.exe [18007968 2021-06-06] (ESET, spol. s r.o. -> ESET)

Task: {C440CE53-484F-4346-B432-EF52A0B58B9B} – System32TasksAMHelper => C:Program Files (x86)ZemanaAntiMalwareAntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

Task: {CB7318EA-52A8-44ED-8B76-484C280CDB14} – System32TasksEOSv3 Scheduler onTime => C:UsersAladinAppDataLocalESETESETOnlineScannerESETOnlineScanner.exe [18007968 2021-06-06] (ESET, spol. s r.o. -> ESET)

Task: {D2DBCC25-8E37-43FC-B882-70B9F63B13EA} – System32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:Program FilesBitdefenderBitdefender Securitybdagent.exe [954456 2021-05-27] (Bitdefender SRL -> Bitdefender)

Task: {D9AC6C24-CF06-4E52-A337-E9BA3A0D68B0} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154456 2021-05-18] (Google LLC -> Google LLC)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Winsock: Catalog5 08 C:Program Files (x86)BonjourmdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)

Winsock: Catalog5-x64 08 C:Program FilesBonjourmdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)

Tcpip..Interfaces{7676f8fe-41fe-4fbf-8ff9-a345c9237a6d}: [DhcpNameServer] 10.189.0.1

Tcpip..Interfaces{8cb737bb-a7e9-42df-8a86-7dcc66605d6c}: [DhcpNameServer] 192.168.1.254

Tcpip..Interfaces{ace2cdda-8c3b-4ea3-bb6f-260df3ee09f6}: [DhcpNameServer] 192.168.1.254

Tcpip..Interfaces{d1e859e5-4a49-4d7d-9aaa-7372ad764f0b}: [NameServer] 10.150.0.1

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:UsersAladinAppDataLocalMicrosoftEdgeUser DataDefault [2021-06-30]

Edge Extension: (True Key by McAfee) – C:UsersAladinAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsgnnbmcifkkjgjdbkilfglpdpmidkgefn [2021-06-04]

Edge HKLM-x32…EdgeExtension: [pdhdldaneekjpoaldekpgomomeabpnek]

 

FireFox:

========

FF HKLM…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi

FF Extension: (Bitdefender Wallet) – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]

FF HKLM…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi

FF Extension: (Bitdefender Anti-tracker) – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]

FF HKLM…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext

FF Extension: (Bitdefender Antispam Toolbar) – C:Program FilesBitdefenderBitdefender Securitybdtbext [2021-04-28] [Legacy] [not signed]

FF HKLM-x32…FirefoxExtensions: [bdwtwe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi

FF HKLM-x32…FirefoxExtensions: [bdtbe@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi

FF HKLM-x32…ThunderbirdExtensions: [bdThunderbird@bitdefender.com] – C:Program FilesBitdefenderBitdefender Securitybdtbext

FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-05-27] (Adobe Inc. -> Adobe Systems Inc.)

 

Chrome: 

=======

CHR Profile: C:UsersAladinAppDataLocalGoogleChromeUser DataDefault [2021-06-30]

CHR Extension: (Slides) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-05-18]

CHR Extension: (Docs) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-05-18]

CHR Extension: (Google Drive) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-05-18]

CHR Extension: (YouTube) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-18]

CHR Extension: (Sheets) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-05-18]

CHR Extension: (ExpressVPN: VPN proxy for a better internet) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsfgddmllnllkalaagkghckoinaemmogpe [2021-06-22]

CHR Extension: (Bitdefender Wallet) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsgannpgaobkkhmpomoijebaigcapoeebl [2021-05-18]

CHR Extension: (Google Docs Offline) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-23]

CHR Extension: (Bitdefender Anti-tracker) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionskhndhdhbebhaddchcgnalcjlaekbbeof [2021-05-18]

CHR Extension: (Chrome Web Store Payments) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-05-18]

CHR Extension: (Gmail) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-05-18]

CHR Extension: (Chrome Media Router) – C:UsersAladinAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-06]

CHR Profile: C:UsersAladinAppDataLocalGoogleChromeUser DataSystem Profile [2021-05-27]

CHR HKLM-x32…ChromeExtension: [gannpgaobkkhmpomoijebaigcapoeebl]

CHR HKLM-x32…ChromeExtension: [khndhdhbebhaddchcgnalcjlaekbbeof]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

R2 Apple Mobile Device Service; C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)

R2 BDAuxSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)

R2 BDProtSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)

R2 bdredline; C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender)

R2 DDService; C:Program Files (x86)DroboDrobo DashboardDDService.exe [3202584 2019-11-25] (Drobo Inc -> Drobo, Inc.)

R2 ExpressVPNService; C:Program Files (x86)ExpressVPNbootstrapamd64nssm.exe [437104 2021-04-26] (EXPRSVPN LLC -> ExpressVPN)

R2 NVWMI; C:WindowsSystem32DriverStoreFileRepositorynv_dispwi.inf_amd64_c5c61752d6952c21NVWMInvWmi64.exe [4440864 2021-05-07] (NVIDIA Corporation -> NVIDIA Corporation)

R2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)

S3 rkrtservice; C:Program FilesRogueKillerRogueKillerSvc.exe [13921616 2021-06-28] (Adlice -> )

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5395360 2021-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 UPDATESRV; C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe [301144 2021-05-27] (Bitdefender SRL -> Bitdefender)

R2 VSSERV; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [798640 2020-10-02] (Bitdefender SRL -> Bitdefender)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0NisSrv.exe [2644776 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe [136656 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynv_dispwi.inf_amd64_c5c61752d6952c21Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynv_dispwi.inf_amd64_c5c61752d6952c21Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 amsdk; C:Windowssystem32driversamsdk.sys [232792 2021-06-02] (Zemana D.O.O. Sarajevo -> Copyright 2018.)

S3 AppleKmdfFilter; C:WindowsSystem32driversAppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 AppleLowerFilter; C:WindowsSystem32driversAppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

R1 atc; C:WindowsSystem32DRIVERSatc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)

R2 BdDci; C:Windowssystem32DRIVERSbddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)

S0 bdelam; C:WindowsSystem32driversbdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)

R0 bdprivmon; C:WindowsSystem32DRIVERSbdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)

R3 expressvpnsplittunnel; C:Program Files (x86)ExpressVPNsplittunnelexpressvpnsplittunnel.sys [37024 2021-04-26] (ExprsVPN LLC -> ExpressVPN)

R3 expressvpnwintun; C:WindowsSystem32driversexpressvpn-wintun.sys [46824 2021-04-26] (Express VPN International Ltd. -> ExpressVPN)

R0 Gemma; C:WindowsSystem32DRIVERSgemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R0 gzflt; C:WindowsSystem32DRIVERSgzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)

R1 HWiNFO32; C:WindowsSysWOW64driversHWiNFO64A.SYS [27552 2021-05-18] (Martin Malik – REALiX -> REALiX™)

R2 Ignis; C:Windowssystem32DRIVERSignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)

R3 mv91cons; C:WindowsSystem32driversmv91cons.sys [33504 2021-05-18] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.)

R0 mvs91xx; C:WindowsSystem32driversmvs91xx.sys [342760 2021-05-18] (Marvell Semiconductor, Inc. -> Marvell Semiconductor, Inc.)

R3 RkFlt; C:WindowsSystem32driversrkflt.sys [42056 2021-06-25] (Adlice -> )

S3 tapexpressvpn; C:WindowsSystem32driverstapexpressvpn.sys [52904 2021-04-26] (ExprsVPN LLC -> The OpenVPN Project)

U3 TrueSight; C:WindowsSystem32driverstruesight.sys [38032 2021-06-25] (Adlice -> )

R0 trufos; C:WindowsSystem32DRIVERStrufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)

S0 WdBoot; C:WindowsSystem32driverswdWdBoot.sys [49568 2021-06-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WindowsSystem32driverswdWdFilter.sys [425184 2021-06-13] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [76000 2021-06-13] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-06-30 17:23 – 2021-06-30 17:23 – 000000000 ____D C:UsersAladinAppDataLocalDBG

2021-06-30 17:23 – 2021-06-30 17:23 – 000000000 ____D C:UsersAladinAppDataLocalbdch

2021-06-30 17:23 – 2021-06-30 17:23 – 000000000 ____D C:ProgramDatabdch

2021-06-30 00:52 – 2021-06-30 00:52 – 000059203 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1625039535191.pdf

2021-06-30 00:50 – 2021-06-30 00:50 – 000445493 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1625039436517.pdf

2021-06-29 19:16 – 2021-06-29 19:16 – 000004113 _____ C:UsersAladinDesktopexpressvpn_diagnostic_information_20210629_191646.txt

2021-06-29 18:50 – 2021-06-29 18:51 – 000024779 _____ C:UsersAladinDownloadsAddition.txt

2021-06-29 18:48 – 2021-06-30 17:31 – 000019771 _____ C:UsersAladinDownloadsFRST.txt

2021-06-29 18:47 – 2021-06-30 17:31 – 000000000 ____D C:FRST

2021-06-29 18:46 – 2021-06-29 18:47 – 002300416 _____ (Farbar) C:UsersAladinDownloadsFRST64.exe

2021-06-28 18:55 – 2021-06-28 18:55 – 000000610 _____ C:UsersAladinDownloadsauction.ics

2021-06-28 18:29 – 2021-06-28 18:29 – 000000000 ____H C:Windowssystem32DriversMsft_User_WpdMtpDr_01_11_00.Wdf

2021-06-28 18:16 – 2021-06-28 18:16 – 000001816 _____ C:UsersPublicDesktopiTunes.lnk

2021-06-28 18:16 – 2021-06-28 18:16 – 000001816 _____ C:ProgramDataDesktopiTunes.lnk

2021-06-28 18:16 – 2021-06-28 18:16 – 000000000 ____D C:UsersAladinAppDataLocalApple Inc

2021-06-28 18:16 – 2021-06-28 18:16 – 000000000 ____D C:UsersAladinAppDataLocalApple Computer

2021-06-28 18:16 – 2021-06-28 18:16 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

2021-06-28 18:16 – 2021-06-28 18:16 – 000000000 ____D C:Program FilesiTunes

2021-06-28 18:06 – 2021-06-28 18:06 – 027515952 _____ (Adlice Software ) C:UsersAladinDownloadsUCheck_setup.exe

2021-06-27 10:50 – 2021-06-28 18:30 – 000000000 ____D C:UsersAladinAppDataRoamingApple Computer

2021-06-26 20:26 – 2021-06-28 18:16 – 000000000 ____D C:ProgramDataApple Computer

2021-06-26 20:25 – 2021-06-26 20:25 – 000002535 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsApple Software Update.lnk

2021-06-26 20:25 – 2021-06-26 20:25 – 000000000 ____D C:Windowssystem32TasksApple

2021-06-26 20:25 – 2021-06-26 20:25 – 000000000 ____D C:UsersAladinAppDataLocalApple

2021-06-26 20:25 – 2021-06-26 20:25 – 000000000 ____D C:ProgramDataApple

2021-06-26 20:25 – 2021-06-26 20:25 – 000000000 ____D C:Program FilesCommon FilesApple

2021-06-26 20:25 – 2021-06-26 20:25 – 000000000 ____D C:Program FilesBonjour

2021-06-26 20:25 – 2021-06-26 20:25 – 000000000 ____D C:Program Files (x86)Bonjour

2021-06-26 20:25 – 2021-06-26 20:25 – 000000000 ____D C:Program Files (x86)Apple Software Update

2021-06-26 20:24 – 2021-06-26 20:24 – 200998888 _____ (Apple Inc.) C:UsersAladinDownloadsiTunes64Setup.exe

2021-06-26 17:36 – 2021-06-26 17:36 – 000348179 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1624754171007.pdf

2021-06-26 17:35 – 2021-06-26 17:35 – 000348179 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1624754158623.pdf

2021-06-25 16:57 – 2021-06-25 16:57 – 001528109 _____ C:UsersAladinDownloadsECE-TRANS-180a13e.pdf

2021-06-25 01:36 – 2021-06-25 01:36 – 002371072 _____ C:Windowssystem32rdpnano.dll

2021-06-25 01:36 – 2021-06-25 01:36 – 002260992 _____ C:Windowssystem32TextInputMethodFormatter.dll

2021-06-25 01:36 – 2021-06-25 01:36 – 001823304 _____ (Microsoft Corporation) C:Windowssystem32winload.efi

2021-06-25 01:36 – 2021-06-25 01:36 – 001393504 _____ (Microsoft Corporation) C:Windowssystem32winresume.efi

2021-06-25 01:36 – 2021-06-25 01:36 – 001314128 _____ (Microsoft Corporation) C:Windowssystem32SecConfig.efi

2021-06-25 01:36 – 2021-06-25 01:36 – 000570880 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl

2021-06-25 01:36 – 2021-06-25 01:36 – 000452608 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl

2021-06-25 01:36 – 2021-06-25 01:36 – 000097792 _____ C:Windowssystem32Driverscimfs.sys

2021-06-25 01:36 – 2021-06-25 01:36 – 000084992 _____ (Microsoft Corporation) C:Windowssystem32wscui.cpl

2021-06-25 01:36 – 2021-06-25 01:36 – 000079688 _____ C:Windowssystem32hvsifiletrust.dll

2021-06-25 01:36 – 2021-06-25 01:36 – 000067584 _____ (Microsoft Corporation) C:WindowsSysWOW64wscui.cpl

2021-06-25 01:36 – 2021-06-25 01:36 – 000060928 _____ C:Windowssystem32runexehelper.exe

2021-06-25 01:36 – 2021-06-25 01:36 – 000011333 _____ C:Windowssystem32DrtmAuthTxt.wim

2021-06-25 01:22 – 2021-06-25 16:18 – 000042056 _____ C:Windowssystem32Driversrkflt.sys

2021-06-25 01:22 – 2021-06-25 16:18 – 000038032 _____ C:Windowssystem32Driverstruesight.sys

2021-06-24 18:18 – 2021-06-24 18:40 – 000000000 ____D C:UsersAladinAppDataRoamingTeamViewer

2021-06-24 18:18 – 2021-06-24 18:18 – 000000000 ____D C:UsersAladinAppDataLocalTeamViewer

2021-06-23 22:36 – 2021-06-23 22:36 – 000228225 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1624512974502.pdf

2021-06-22 20:07 – 2021-06-22 20:08 – 000000000 ____D C:UsersAladinDesktop8A docs

2021-06-20 23:42 – 2021-06-20 23:42 – 000176705 _____ C:UsersAladinDownloadsPlease_DocuSign_benefits_signature_authoriza.pdf

2021-06-20 23:42 – 2021-06-20 23:42 – 000176705 _____ C:UsersAladinDesktopPlease_DocuSign_benefits_signature_authoriza.pdf

2021-06-20 16:53 – 2021-06-26 20:22 – 000000000 ____D C:UsersAladinDesktopgusto and guide line bank withdrawls

2021-06-20 16:46 – 2021-06-20 16:46 – 002464027 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1624232778330.pdf

2021-06-20 16:44 – 2021-06-20 16:44 – 002110902 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1624232665172.pdf

2021-06-20 15:12 – 2021-06-20 15:12 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-06-15 18:08 – 2021-06-29 01:21 – 000000000 ____D C:UsersAladinDesktopAAA Arbitration response

2021-06-15 18:08 – 2021-06-15 18:08 – 010798669 _____ C:UsersAladinDownloadsVladimir_Mikshansky_v._Tesla,_Inc._-_Case_01-20-0009-6190.zip

2021-06-15 18:08 – 2021-06-15 18:08 – 000112259 _____ C:UsersAladinDownloads2021-06-15 AAA Letter .pdf

2021-06-13 20:59 – 2021-06-13 20:59 – 000088571 _____ C:UsersAladinDesktopurgently rates.pdf

2021-06-11 23:22 – 2021-06-11 23:22 – 000011688 _____ C:UsersAladinDownloadsUrgent.ly Rates.eml

2021-06-11 11:10 – 2021-06-11 11:10 – 002755584 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb

2021-06-11 11:10 – 2021-06-11 11:10 – 002755584 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb

2021-06-10 18:14 – 2021-06-20 16:45 – 000000000 ____D C:UsersAladinDesktopaaa

2021-06-10 14:52 – 2021-06-10 14:52 – 000116080 _____ C:UsersAladinDownloads40211-EuropeanCollisionCenter_Accident.pdf

2021-06-09 22:43 – 2021-06-09 22:43 – 000000910 _____ C:UsersAladinDownloadsAET9061121ACH.csv

2021-06-09 19:48 – 2021-06-09 19:50 – 016553809 _____ C:UsersAladinDownloadsprocessed-video-forward-1623192780000.mp4

2021-06-07 00:11 – 2021-06-07 00:11 – 000127870 _____ C:UsersAladinDownloadsNationalSecurity–Jan 21, 2014_hyperlink_from_FAQ_03282017.pdf

2021-06-06 16:23 – 2021-06-06 16:23 – 000468480 _____ () C:UsersAladinDownloadsCKScanner.exe

2021-06-06 16:16 – 2021-06-06 16:16 – 000000000 ____D C:UsersAladinAppDataLocalApps2.0

2021-06-05 16:14 – 2021-06-28 18:14 – 000000899 _____ C:UsersPublicDesktopRogueKiller.lnk

2021-06-05 16:14 – 2021-06-28 18:14 – 000000899 _____ C:ProgramDataDesktopRogueKiller.lnk

2021-06-05 16:14 – 2021-06-28 18:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRogueKiller

2021-06-05 16:14 – 2021-06-28 18:14 – 000000000 ____D C:Program FilesRogueKiller

2021-06-05 16:13 – 2021-06-27 18:58 – 000003842 _____ C:Windowssystem32TasksEOSv3 Scheduler onLogOn

2021-06-05 16:13 – 2021-06-27 18:58 – 000003400 _____ C:Windowssystem32TasksEOSv3 Scheduler onTime

2021-06-05 16:13 – 2021-06-05 16:19 – 000000000 ____D C:ProgramDataRogueKiller

2021-06-05 15:39 – 2021-06-05 15:40 – 040488656 _____ (Adlice Software ) C:UsersAladinDownloadsRogueKiller_setup.exe

2021-06-05 15:35 – 2021-06-27 18:58 – 000001379 _____ C:UsersAladinAppDataRoamingMicrosoftWindowsStart MenuProgramsESET Online Scanner.lnk

2021-06-05 15:35 – 2021-06-23 00:35 – 000001273 _____ C:UsersAladinDesktopESET Online Scanner.lnk

2021-06-05 15:35 – 2021-06-05 15:35 – 000000000 ____D C:UsersAladinAppDataLocalESET

2021-06-05 15:34 – 2021-06-05 15:34 – 011697056 _____ (ESET) C:UsersAladinDownloadsesetonlinescanner.exe

2021-06-05 15:33 – 2021-06-05 15:33 – 000001405 _____ C:UsersAladinDesktopJRT.txt

2021-06-05 15:26 – 2021-06-05 15:27 – 000085093 _____ C:UsersAladinDownloadsMTB.txt

2021-06-05 15:26 – 2021-06-05 15:26 – 001790024 _____ (Malwarebytes) C:UsersAladinDownloadsJRT.exe

2021-06-05 15:26 – 2021-06-05 15:26 – 000892416 _____ (Farbar) C:UsersAladinDownloadsMiniToolBox.exe

2021-06-04 14:46 – 2021-06-04 15:14 – 000000000 ____D C:UsersAladinDesktop7106 accident

2021-06-04 12:44 – 2021-06-04 12:44 – 000000000 ____D C:Windowssystem32TasksAgent Activation Runtime

2021-06-04 12:36 – 2021-06-04 12:36 – 000104044 _____ C:ProgramDatavpn.uninstall.1622835282.bdinstall.v2.bin

2021-06-04 11:21 – 2021-06-25 01:20 – 000040960 _____ C:Windowssystem32Drivershitmanpro37.sys

2021-06-04 11:20 – 2021-06-04 11:20 – 000002566 _____ C:UsersAladinDocumentsvlads pc encryption file .pfx

2021-06-04 10:36 – 2021-06-26 17:50 – 000000000 ____D C:UsersAladinDesktoptransit pros

2021-06-03 00:48 – 2021-06-03 00:48 – 000288033 _____ C:UsersAladinDownloadsC153MInitial Call Pricing By Archive Report_1622706477707.pdf

2021-06-03 00:11 – 2021-06-03 00:11 – 000014875 _____ C:UsersAladinDownloadsexport (1).csv

2021-06-02 23:52 – 2021-06-02 23:52 – 000019218 _____ C:UsersAladinDownloadsexport.csv

2021-06-02 23:25 – 2021-06-02 23:25 – 000001962 _____ C:UsersPublicDesktopHitmanPro.lnk

2021-06-02 23:25 – 2021-06-02 23:25 – 000001962 _____ C:ProgramDataDesktopHitmanPro.lnk

2021-06-02 23:25 – 2021-06-02 23:25 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHitmanPro

2021-06-02 22:09 – 2021-06-02 23:56 – 000000000 ____D C:Program FilesHitmanPro

2021-06-02 22:09 – 2021-06-02 23:27 – 000000000 ____D C:ProgramDataHitmanPro

2021-06-02 22:07 – 2021-06-02 22:08 – 000000000 ____D C:AdwCleaner

2021-06-02 21:57 – 2021-06-02 21:57 – 000243155 _____ C:UsersAladinDownloadsAGREEMENT19840-1622696275.pdf

2021-06-02 21:55 – 2021-06-30 17:32 – 001022827 _____ C:WindowsZAM.krnl.trace

2021-06-02 21:55 – 2021-06-02 21:55 – 000232792 _____ (Copyright 2018.) C:Windowssystem32Driversamsdk.sys

2021-06-02 21:55 – 2021-06-02 21:55 – 000003540 _____ C:Windowssystem32TasksAMHelper

2021-06-02 21:55 – 2021-06-02 21:55 – 000002644 _____ C:Windowssystem32TasksAMSkipUAC

2021-06-02 21:55 – 2021-06-02 21:55 – 000001329 _____ C:UsersPublicDesktopZemana AntiMalware.lnk

2021-06-02 21:55 – 2021-06-02 21:55 – 000001329 _____ C:ProgramDataDesktopZemana AntiMalware.lnk

2021-06-02 21:55 – 2021-06-02 21:55 – 000000000 ____D C:UsersAladinAppDataLocalZemana

2021-06-02 21:55 – 2021-06-02 21:55 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsZemana AntiMalware

2021-06-02 21:55 – 2021-06-02 21:55 – 000000000 ____D C:Program Files (x86)Zemana

2021-06-02 21:54 – 2021-06-29 18:23 – 000000000 ____D C:UsersAladinAppDataLocalAMSDK

2021-06-02 21:53 – 2021-06-02 23:24 – 011332032 _____ (SurfRight B.V.) C:UsersAladinDownloadsHitmanPro_x64.exe

2021-06-02 21:52 – 2021-06-02 21:52 – 008534696 _____ (Malwarebytes) C:UsersAladinDownloadsAdwCleaner.exe

2021-06-02 21:51 – 2021-06-02 21:51 – 000000000 ____D C:UsersAladinAppDataLocalCrashDumps

2021-06-02 21:49 – 2021-06-02 21:49 – 013922376 _____ (Zemana Ltd. ) C:UsersAladinDownloadsAntiMalware_Setup.exe

2021-06-02 21:49 – 2021-06-02 21:49 – 000000000 ____D C:UsersAladinAppDataLocalmbam

2021-06-02 21:47 – 2021-06-02 21:47 – 000000000 ____D C:Program FilesMalwarebytes

2021-06-02 21:46 – 2021-06-02 21:47 – 005054744 _____ (AO Kaspersky Lab) C:UsersAladinDownloadstdsskiller.exe

2021-06-02 21:46 – 2021-06-02 21:46 – 001802704 _____ (Bleeping Computer, LLC) C:UsersAladinDownloadsrkill.exe

2021-06-02 21:45 – 2021-06-02 21:45 – 002040904 _____ (Malwarebytes) C:UsersAladinDownloadsMBSetup-076981.076981-Consumer.exe

2021-06-02 17:01 – 2021-06-02 17:01 – 000080475 _____ C:UsersAladinDesktopDevModeRunAsUserConfig.msc

2021-06-02 16:44 – 2021-06-02 16:58 – 000008340 __RSH C:ProgramDatantuser.pol

2021-05-31 23:05 – 2021-05-31 23:05 – 000910264 _____ C:WindowsSysWOW64PerfStringBackup.INI

2021-05-31 23:04 – 2021-05-31 23:04 – 000000000 ___SD C:Windowssystem32containers

2021-05-31 23:04 – 2021-05-31 23:04 – 000000000 ____D C:Program FilesReference Assemblies

2021-05-31 23:04 – 2021-05-31 23:04 – 000000000 ____D C:Program FilesMSBuild

2021-05-31 23:04 – 2021-05-31 23:04 – 000000000 ____D C:Program Files (x86)Reference Assemblies

2021-05-31 23:04 – 2021-05-31 23:04 – 000000000 ____D C:Program Files (x86)MSBuild

2021-05-31 23:04 – 2021-05-31 23:04 – 000000000 ____D C:inetpub

2021-05-31 22:39 – 2021-05-31 22:45 – 000000000 ____D C:UsersAladinAppDataLocalExpressVPN

2021-05-31 22:39 – 2021-05-31 22:39 – 000002330 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsExpressVPN.lnk

2021-05-31 22:39 – 2021-05-31 22:39 – 000002160 _____ C:UsersPublicDesktopExpressVPN.lnk

2021-05-31 22:39 – 2021-05-31 22:39 – 000002160 _____ C:ProgramDataDesktopExpressVPN.lnk

2021-05-31 22:39 – 2021-05-31 22:39 – 000000000 ____D C:ProgramDataExpressVPN

2021-05-31 22:39 – 2021-05-31 22:39 – 000000000 ____D C:Program Files (x86)ExpressVPN

2021-05-31 22:37 – 2021-05-31 22:37 – 038609320 _____ (ExpressVPN) C:UsersAladinDownloadsexpressvpn_windows_10.2.4.11_release.exe

2021-05-31 22:34 – 2021-05-31 22:34 – 000000273 _____ C:UsersAladinDesktopaetrandomlinks.txt

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-06-30 17:27 – 2019-12-07 02:14 – 000000000 ___HD C:WindowsELAMBKUP

2021-06-30 17:26 – 2021-05-29 14:23 – 000000000 ____D C:ProgramDataWondershare

2021-06-30 17:26 – 2021-05-29 14:23 – 000000000 ____D C:Program Files (x86)Wondershare

2021-06-30 17:19 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32WinBioDatabase

2021-06-30 17:19 – 2019-12-07 02:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-06-30 17:19 – 2019-12-07 02:03 – 000065536 _____ C:Windowssystem32configELAM

2021-06-30 01:08 – 2021-05-24 17:57 – 000000000 ____D C:ProgramDataNVIDIA

2021-06-30 00:20 – 2021-05-17 18:39 – 000000000 ____D C:Windowssystem32SleepStudy

2021-06-29 19:01 – 2019-12-07 02:14 – 000000000 ____D C:WindowsAppReadiness

2021-06-29 18:51 – 2019-12-07 02:13 – 000000000 ____D C:WindowsINF

2021-06-29 18:02 – 2021-05-17 18:39 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-06-29 18:02 – 2021-05-17 18:39 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-06-28 18:29 – 2019-12-07 02:14 – 000000000 ____D C:WindowsServiceState

2021-06-28 18:15 – 2021-05-18 19:58 – 000002319 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-06-28 18:15 – 2021-05-18 19:58 – 000002278 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-06-28 18:15 – 2021-05-18 19:58 – 000002278 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2021-06-25 21:18 – 2021-05-24 18:52 – 000000000 ____D C:UsersAladinAppDataLocalElevatedDiagnostics

2021-06-25 16:51 – 2021-05-17 18:39 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-06-25 16:51 – 2019-12-07 02:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-06-25 16:22 – 2021-05-17 18:45 – 000935798 _____ C:Windowssystem32PerfStringBackup.INI

2021-06-25 16:18 – 2021-05-17 18:39 – 000008192 ___SH C:DumpStack.log.tmp

2021-06-25 16:18 – 2021-05-17 18:39 – 000000006 ____H C:WindowsTasksSA.DAT

2021-06-25 01:46 – 2019-12-07 02:03 – 000524288 _____ C:Windowssystem32configBBI

2021-06-25 01:43 – 2021-05-17 18:39 – 000266200 _____ C:Windowssystem32FNTCACHE.DAT

2021-06-25 01:43 – 2019-12-07 02:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ___RD C:WindowsImmersiveControlPanel

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64setup

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64oobe

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64Dism

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSystemResources

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32setup

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32oobe

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32Dism

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:WindowsProvisioning

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:WindowsPolicyDefinitions

2021-06-25 01:43 – 2019-12-07 02:14 – 000000000 ____D C:Windowsbcastdvr

2021-06-25 01:41 – 2019-12-07 02:03 – 000000000 ____D C:WindowsCbsTemp

2021-06-22 20:02 – 2021-05-17 18:49 – 000000000 ____D C:UsersAladinAppDataLocalVirtualStore

2021-06-13 20:08 – 2021-05-17 18:39 – 000000000 ____D C:Windowssystem32Driverswd

2021-06-11 17:42 – 2021-05-17 18:49 – 000000000 ____D C:UsersAladinAppDataLocalConnectedDevicesPlatform

2021-06-11 17:28 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32migwiz

2021-06-09 22:37 – 2021-05-17 19:06 – 000000000 ____D C:Windowssystem32MRT

2021-06-09 22:32 – 2021-05-17 19:06 – 132447432 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe

2021-06-09 15:12 – 2019-12-07 02:14 – 000000000 ____D C:Windowsregistration

2021-06-09 15:09 – 2021-05-18 20:07 – 000002136 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk

2021-06-04 12:53 – 2021-05-18 19:50 – 000000000 ____D C:Program FilesBitdefender

2021-06-04 12:36 – 2021-05-17 18:49 – 000000000 ____D C:UsersAladinAppDataLocalPackages

2021-06-02 23:57 – 2021-05-17 19:06 – 000000000 ____D C:UsersAladinAppDataLocalPlaceholderTileLogoFolder

2021-06-02 22:08 – 2021-05-18 20:25 – 000000000 ____D C:UsersAladinAppDataRoamingIObit

2021-06-02 16:40 – 2019-12-07 02:14 – 000000000 ___HD C:Windowssystem32GroupPolicy

2021-06-01 16:56 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32AppLocker

2021-05-31 23:04 – 2021-05-26 17:37 – 000000000 ____D C:Windowssystem32HvsiSettingsProviders

2021-05-31 23:04 – 2019-12-07 02:14 – 000000000 ____D C:WindowsSysWOW64inetsrv

2021-05-31 23:04 – 2019-12-07 02:14 – 000000000 ____D C:Windowssystem32inetsrv

2021-05-31 23:01 – 2021-04-09 06:50 – 001499136 _____ (Microsoft Corporation) C:Windowssystem32Driversvfpext.sys

2021-05-31 23:01 – 2021-04-09 06:50 – 000660816 _____ (Microsoft Corporation) C:Windowssystem32vmuidevices.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000546616 _____ (Microsoft Corporation) C:Windowssystem32vmpmem.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000530256 _____ (Microsoft Corporation) C:Windowssystem32vmserial.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000507728 _____ (Microsoft Corporation) C:Windowssystem32vmusrv.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000407352 _____ (Microsoft Corporation) C:Windowssystem32VmSynthNic.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000405840 _____ (Microsoft Corporation) C:Windowssystem32vmprox.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000402768 _____ (Microsoft Corporation) C:Windowssystem32vmsynthstor.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000392704 _____ (Microsoft Corporation) C:Windowssystem32vmvpci.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000381776 _____ (Microsoft Corporation) C:Windowssystem32vmsmb.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000374072 _____ C:Windowssystem32vp9fs.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000370400 _____ (Microsoft Corporation) C:Windowssystem32ActivationVdev.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000320000 _____ (Microsoft Corporation) C:Windowssystem32vfpctrl.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000317264 _____ (Microsoft Corporation) C:Windowssystem32vmiccore.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000292664 _____ (Microsoft Corporation) C:Windowssystem32vmdynmem.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000286520 _____ (Microsoft Corporation) C:Windowssystem32vmsif.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000261432 _____ (Microsoft Corporation) C:Windowssystem32VmCrashDump.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000260408 _____ (Microsoft Corporation) C:Windowssystem32hcsdiag.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000246608 _____ (Microsoft Corporation) C:Windowssystem32vmflexio.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000237368 _____ (Microsoft Corporation) C:Windowssystem32CExecSvc.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000211768 _____ (Microsoft Corporation) C:Windowssystem32vmbusvdev.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000209208 _____ (Microsoft Corporation) C:Windowssystem32gpupvdev.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000208896 _____ (Microsoft Corporation) C:Windowssystem32iisRtl.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000191288 _____ C:Windowssystem32HvsiSettingsWorker.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000175928 _____ (Microsoft Corporation) C:Windowssystem32vmickrnl.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000169472 _____ (Microsoft Corporation) C:WindowsSysWOW64iisRtl.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000158208 _____ (Microsoft Corporation) C:Windowssystem32hnsdiag.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000152912 _____ C:Windowssystem32IsolatedWindowsEnvironmentUtils.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000146256 _____ (Microsoft Corporation) C:Windowssystem32uwfux.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000129360 _____ (Microsoft Corporation) C:Windowssystem32vmvirtio.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000129336 _____ (Microsoft Corporation) C:Windowssystem32rdp4vs.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000122168 _____ (Microsoft Corporation) C:Windowssystem32vmsifcore.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000119296 _____ C:Windowssystem32hvsiproxyapp.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000111920 _____ C:WindowsSysWOW64IsolatedWindowsEnvironmentUtils.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000109384 _____ (Microsoft Corporation) C:Windowssystem32vmwpevents.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000092672 _____ (Microsoft Corporation) C:Windowssystem32ProjectedFSLib.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000089912 _____ C:Windowssystem32HvsiMachinePolicies.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000087552 _____ C:Windowssystem32hvsiDspdvcclient.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000079184 _____ (Microsoft Corporation) C:Windowssystem32vmwpctrl.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000071680 _____ C:Windowssystem32wdagtool.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000066896 _____ (Microsoft Corporation) C:Windowssystem32Drivershvsifltr.sys

2021-05-31 23:01 – 2021-04-09 06:50 – 000061264 _____ C:WindowsSysWOW64hvsifiletrust.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000057856 _____ (Microsoft Corporation) C:Windowssystem32admwprox.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000053248 _____ (Microsoft Corporation) C:Windowssystem32ahadmin.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000048640 _____ (Microsoft Corporation) C:WindowsSysWOW64admwprox.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000046392 _____ (Microsoft Corporation) C:WindowsSysWOW64hvsimgrps.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000044344 _____ C:Windowssystem32AuditSettingsProvider.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000038912 _____ (Microsoft Corporation) C:Windowssystem32vfpapi.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000036176 _____ (Microsoft Corporation) C:Windowssystem32Drivershvsocketcontrol.sys

2021-05-31 23:01 – 2021-04-09 06:50 – 000027960 _____ (Microsoft Corporation) C:Windowssystem32vmsifproxystub.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000026112 _____ (Microsoft Corporation) C:WindowsSysWOW64ahadmin.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000021328 _____ (Microsoft Corporation) C:Windowssystem32Drivershnswfpdriver.sys

2021-05-31 23:01 – 2021-04-09 06:50 – 000019456 _____ (Microsoft Corporation) C:Windowssystem32iisreset.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000016384 _____ (Microsoft Corporation) C:WindowsSysWOW64iisreset.exe

2021-05-31 23:01 – 2021-04-09 06:50 – 000015872 _____ (Microsoft Corporation) C:Windowssystem32wamregps.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000015360 _____ (Microsoft Corporation) C:Windowssystem32VmComputeProxy.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000014848 _____ (Microsoft Corporation) C:Windowssystem32cngkeyhelper.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000013312 _____ (Microsoft Corporation) C:Windowssystem32iisrstap.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000011264 _____ (Microsoft Corporation) C:WindowsSysWOW64wamregps.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000011264 _____ (Microsoft Corporation) C:WindowsSysWOW64cngkeyhelper.dll

2021-05-31 23:01 – 2021-04-09 06:50 – 000009728 _____ (Microsoft Corporation) C:WindowsSysWOW64iisrstap.dll

2021-05-31 23:01 – 2021-04-09 06:48 – 000206152 _____ (Microsoft Corporation) C:Windowssystem32Driversvpcivsp.sys

2021-05-31 23:01 – 2021-04-09 06:48 – 000041264 _____ (Microsoft Corporation) C:Windowssystem32Driversvkrnlintvsc.sys

2021-05-31 23:01 – 2019-12-07 02:10 – 000346624 _____ (Microsoft Corporation) C:Windowssystem32nfscimprov.dll

2021-05-31 23:01 – 2019-12-07 02:10 – 000211968 _____ (Microsoft Corporation) C:Windowssystem32nfscommgmt.dll

2021-05-31 23:01 – 2019-12-07 02:10 – 000199176 _____ (Microsoft Corporation) C:Windowssystem32uwfmgr.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000153600 _____ (Microsoft Corporation) C:Windowssystem32nfsadmin.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000110080 _____ (Microsoft Corporation) C:Windowssystem32rpcinfo.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000093510 _____ C:Windowssystem32nfsmgmt.msc

2021-05-31 23:01 – 2019-12-07 02:10 – 000088064 _____ (Microsoft Corporation) C:Windowssystem32showmount.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000085512 _____ (Microsoft Corporation) C:Windowssystem32wcsetupagent.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000071680 _____ (Microsoft Corporation) C:Windowssystem32BootExpCfg.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000052024 _____ (Microsoft Corporation) C:Windowssystem32UwfServicingSvc.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000045368 _____ (Microsoft Corporation) C:Windowssystem32uwfservicingscr.scr

2021-05-31 23:01 – 2019-12-07 02:10 – 000036664 _____ (Microsoft Corporation) C:Windowssystem32UwfServicingShell.exe

2021-05-31 23:01 – 2019-12-07 02:10 – 000028984 _____ (Microsoft Corporation) C:Windowssystem32UtilityVmSysprep.dll

2021-05-31 23:01 – 2019-12-07 02:10 – 000022840 _____ (Microsoft Corporation) C:Windowssystem32uwfresources.dll

2021-05-31 23:01 – 2019-12-07 02:10 – 000012088 _____ (Microsoft Corporation) C:Windowssystem32c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll

2021-05-31 23:01 – 2019-12-07 02:10 – 000011776 _____ (Microsoft Corporation) C:Windowssystem32shelllauncherproviderevents.dll

2021-05-31 23:01 – 2019-12-07 02:10 – 000007168 _____ (Microsoft Corporation) C:Windowssystem32nfsrc.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000222008 _____ (Microsoft Corporation) C:Windowssystem32NetMgmtIF.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000151352 _____ C:Windowssystem32nmscrub.exe

2021-05-31 23:01 – 2019-12-07 02:09 – 000142648 _____ (Microsoft Corporation) C:Windowssystem32nmbind.exe

2021-05-31 23:01 – 2019-12-07 02:09 – 000123704 _____ (Microsoft Corporation) C:Windowssystem32Driversvmbkmclr.sys

2021-05-31 23:01 – 2019-12-07 02:09 – 000061240 _____ (Microsoft Corporation) C:Windowssystem32Driverspvhdparser.sys

2021-05-31 23:01 – 2019-12-07 02:09 – 000058888 _____ (Microsoft Corporation) C:Windowssystem32Driversl2bridge.sys

2021-05-31 23:01 – 2019-12-07 02:09 – 000049192 _____ (Microsoft Corporation) C:Windowssystem32Driversvhdparser.sys

2021-05-31 23:01 – 2019-12-07 02:09 – 000041784 _____ (Microsoft Corporation) C:Windowssystem32NvAgent.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000039440 _____ (Microsoft Corporation) C:Windowssystem32Driverspassthruparser.sys

2021-05-31 23:01 – 2019-12-07 02:09 – 000037112 _____ (Microsoft Corporation) C:Windowssystem32sbresources.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000031544 _____ (Microsoft Corporation) C:Windowssystem32vmcomputeeventlog.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000027448 _____ (Microsoft Corporation) C:Windowssystem32VrdUmed.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000012816 _____ (Microsoft Corporation) C:Windowssystem32f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000012600 _____ (Microsoft Corporation) C:Windowssystem32d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000012600 _____ (Microsoft Corporation) C:Windowssystem32c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000012304 _____ (Microsoft Corporation) C:Windowssystem32 7409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll

2021-05-31 23:01 – 2019-12-07 02:09 – 000006658 _____ C:Windowssystem32VmChipset Third-Party Notices.txt

2021-05-31 23:01 – 2019-12-07 02:07 – 000044344 _____ (Microsoft Corporation) C:Windowssystem32Driversvkrnlintvsp.sys

2021-05-31 22:39 – 2021-05-17 19:09 – 000000000 ____D C:ProgramDataPackage Cache

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================




Original Source by [author_name]

Leave a Reply

Your email address will not be published. Required fields are marked *

five + two =