This topic is locked
Hello my sons computer was alerted by google of infection and he was logged out. Upon looking at the computer I noticed everything is suddenly slow and tried downloading the Eset scanner but after starting it quits. I asked him what he had done he said he downloaded some software with a "crack". here is the FRST Scan. Thank you ahead of time.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-05-2023
Ran by rfarz (administrator) on RAY-PC (19-05-2023 09:13:53)
Running from D:\Downloads\FRST64_3.exe
Loaded Profiles: rfarz
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2965 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe" --single-argument %1
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(AO Kaspersky Lab -> AO Kaspersky Lab) C:\Users\rfarz\AppData\Local\Temp\{a99d6390-435d-4f58-977f-cab08ca30fa7}\954b6bec.exe
(C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
(C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
(C:\Program Files (x86)\Internet Download Manager\IDMan.exe ->) (Farbar) [File not signed] D:\Downloads\FRST64_2.exe
(C:\Program Files (x86)\Jabra\Direct6\jabra-direct.exe ->) (GN AUDIO A/S -> GN Audio A/S) C:\Program Files (x86)\Jabra\Direct6\SoftphoneIntegrations.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [File not signed] C:\Users\rfarz\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.spotify.sdPlugin\com.barraider.spotify.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [File not signed] C:\Users\rfarz\AppData\Roaming\Elgato\StreamDeck\Plugins\tv.twitch.studio.sdPlugin\twitchstudiostreamdeck.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Corsair Memory, Inc. -> ) C:\Program Files\Elgato\StreamDeck\crashpad_handler.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Elgato\StreamDeck\QtWebEngineProcess.exe <5>
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Voicemod Sociedad Limitada -> ) C:\Users\rfarz\AppData\Roaming\Elgato\StreamDeck\Plugins\net.voicemod.windowsdesktop.sdPlugin\voicemodplugin.exe
(C:\Program Files\Elgato\Volume Controller\ElgatoAudioControlServerWatcher.exe ->) (Corsair Memory, Inc. -> ) C:\Program Files\Elgato\Volume Controller\ElgatoAudioControlServer.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Printers\Dell Printer Hub\DLDPHCM.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Printers\Dell Printer Hub\DLDPHSTS.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) () [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(explorer.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(explorer.exe ->) (Corsair Memory, Inc. -> ) C:\Program Files\Elgato\Volume Controller\ElgatoAudioControlServerWatcher.exe
(explorer.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4779.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\rfarz\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\75.0.2.0\crashpad_handler.exe <4>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe <19>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe <8>
(explorer.exe ->) (Intuit, Inc. -> Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
(explorer.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\LogiBolt.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(explorer.exe ->) (ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(explorer.exe ->) (SoftPerfect Pty. Ltd. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe
(explorer.exe ->) (SurfRight B.V. -> SurfRight B.V.) E:\HitmanPro_x64.exe
(explorer.exe ->) (The SABnzbd-Team) [File not signed] [File is in use] C:\Program Files\SABnzbd\SABnzbd.exe
(explorer.exe ->) (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(GitHub, Inc.) [File not signed] C:\Program Files (x86)\Glorious Core\Glorious Core.exe <4>
(GN AUDIO A/S -> GN Audio A/S) C:\Program Files (x86)\Jabra\Direct6\jabra-direct.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Printers\Dell Printer Hub\DLDPHSUP.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_b117548b2e075ba1\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\NumberPadNotificationService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fa77e19594721328\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Paragon Software GmbH -> Paragon Software) C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\paragon_service.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2>
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4779.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Sysinternals - www.sysinternals.com) D:\SysInternals\Process Explorer\procexp64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Paragon Software GmbH -> Paragon Software) C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Linux File Systems for Windows by Paragon Software.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [824240 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [13097512 2019-10-14] (SoftPerfect Pty. Ltd. -> SoftPerfect)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2260560 2021-01-24] (voidtools -> voidtools)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1687616 2022-02-21] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1073144 2021-09-25] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [17739336 2023-05-09] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5052648 2020-03-31] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [DLDPHSTS] => C:\Program Files (x86)\Dell Printers\Dell Printer Hub\DLDPHSTS.exe [39432 2019-07-05] (Dell Inc -> Dell Inc.)
HKLM-x32\...\Run: [DLDPHCM] => C:\Program Files (x86)\Dell Printers\Dell Printer Hub\DLDPHCM.exe [616456 2019-07-05] (Dell Inc -> Dell Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [123232 2022-07-10] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct6\jabra-direct.exe [123464016 2023-03-10] (GN AUDIO A/S -> GN Audio A/S)
HKLM-x32\...\Run: [Glorious Core] => C:\Program Files (x86)\Glorious Core\Glorious Core.exe [136103936 2023-03-06] (GitHub, Inc.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [738936 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM\...\RunOnce: [3c53afc3-9da0-45d7-9f56-404f7afbf6dc] => "C:\Users\rfarz\AppData\Local\Temp\{27c38e0c-fded-4561-90df-06ac5f5693ee}\3c53afc3-9da0-45d7-9f56-404f7afbf6dc.cmd" (No File) <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [f.lux] => C:\Users\rfarz\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [333224 2023-04-12] (Binary Fortress Software Ltd -> Binary Fortress Software)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38274576 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [MicrosoftEdgeAutoLaunch_3348D46C240A89D8121CC290FEE73052] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4152256 2023-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5924104 2023-04-05] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [280880 2023-05-02] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [com.workplace] => C:\Users\rfarz\AppData\Local\Programs\Workplace\Workplace Chat.exe workchat://openAtLogin (No File)
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\Run: [Volume Controller SD plugin] => C:\Program Files\Elgato\Volume Controller\ElgatoAudioControlServerWatcher.exe [108072 2023-04-27] (Corsair Memory, Inc. -> )
HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\MountPoints2: {c834e3b0-da0c-11ed-8093-7085c25dac95} - "E:\setup.exe"
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [Free Download Manager] => "C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --hidden (No File)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8237E44A-0054-442C-B6B6-EA0509993955}] -> C:\Program Files (x86)\Google\Chrome Beta\Application\114.0.5735.35\Installer\chrmstp.exe [2023-05-17] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\113.0.5672.127\Installer\chrmstp.exe [2023-05-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\113.1.51.118\Installer\chrmstp.exe [2023-05-17] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2023-04-15]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2023-05-18]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2023-05-18]
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit, Inc. -> Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2023-05-18]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks Enterprise Solutions 23.0\QBW.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2021-02-27]
Startup: C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSI Afterburner.lnk [2022-08-11]
ShortcutTarget: MSI Afterburner.lnk -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Startup: C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2022-08-28]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [File not signed] [File is in use]
Startup: C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send Email.ahk - Shortcut.lnk [2021-12-01]
ShortcutTarget: Send Email.ahk - Shortcut.lnk -> D:\AutoHotKeys\Send Email.ahk () [File not signed]
Startup: C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2020-07-17]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0968483E-29CE-42E8-8A66-5534A0D2682C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0E2E3CEA-0561-4129-8CEA-4073A110DE0D} - System32\Tasks\LinuxFS Updater => C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Updater.exe [1541040 2021-01-28] (Paragon Software GmbH -> Paragon Software)
Task: {10B6F5E0-2ADA-461E-B65D-42E7DCDC53C0} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe/fromtask
Task: {1A80134E-2C43-4000-8C5D-2D9A6ECF71C2} - System32\Tasks\Process Explorer-RAY-PC-rfarz => D:\SYSINTERNALS\PROCESS EXPLORER\PROCEXP64.EXE [1509768 2021-08-18] (Microsoft Corporation -> Sysinternals - www.sysinternals.com)
Task: {1BF5A94A-42EF-4CC2-88F1-627E50F350F0} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {203471E9-B797-4A24-A82F-51232A8DEFFB} - System32\Tasks\Intel\Intel Telemetry 3 => C:\Program Files\Intel\Telemetry 3.0\lrio.exe [5896048 2023-02-09] (Intel Corporation -> Intel Corporation)
Task: {2177DCF1-C558-41E6-8B84-B162FCB3A276} - System32\Tasks\StartIsBack health check => C:\Program Files (x86)\StartIsBack\startscreen.exe [70984 2022-03-31] (Stanislav Zinukhov -> www.startisback.com)
Task: {265DBAD1-2D69-44AC-B512-3A47D6663697} - System32\Tasks\CCleanerSkipUAC - rfarz => C:\Program Files\CCleaner\CCleaner.exe [31990800 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {29B05576-419E-4A15-A5B6-A34D23BA2EAC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-05-19] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {45606C15-ECD3-46DB-BED2-498FB6E29FDD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform)
Task: {4F49BEC4-4A39-4119-A6C2-40189C452687} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {50ACD018-B80F-42CA-A3BB-0F853F74988C} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-02-27] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {51A99D7B-4EDC-4F45-BDF7-96EB406DC4AF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2335600 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {5204C7F8-9572-45E2-8C9C-A520A64A78C4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5C5DC1B4-2C5E-481E-8DD5-E6225D3788FB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {73A30FE8-6521-490C-B2AE-4ECB514964CC} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [32632 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {75D351E8-DB44-4FF5-867F-D24F70E3DB59} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {761A28DE-18E8-4A9C-83C3-84DCEC1D43BE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8612ACC9-4E30-4892-9C55-59CC050803AB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe--automatic
Task: {883179E6-83D3-40DE-B8E3-22BFAD448F27} - System32\Tasks\Meta\Workplace Chat-SL-Helper-S-1-5-21-1156565943-348645102-1018404805-1001 => C:\Users\rfarz\AppData\Local\Programs\Workplace\Workplace ChatHelper.exe [2134264 2023-05-02] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {88B790BE-B6D7-4F83-B11B-E8C18D93AB88} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {89E2BA3E-AE03-4CFC-9FEC-89C799242E00} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8AD6ACFD-3454-4DA2-9BBC-5BB7331BE519} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8DC4C6E9-ECF8-4C02-BCF6-43443ADAF423} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-16] (Google LLC -> Google LLC)
Task: {A228A3B5-684B-40A8-8253-2A1D1AF4D192} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AEEB72E1-EBE9-4D48-BEDF-81F44F515D3F} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-02-27] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {B0FAF4C4-DB43-40AB-8E6A-87AF174AE41F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-16] (Google LLC -> Google LLC)
Task: {BA06A08C-B47F-4DCC-98BD-93A7789A729E} - System32\Tasks\VivaldiUpdateCheck-0717f9a84e98b6ea => D:\Vivaldi\Application\update_notifier.exe [3796880 2023-05-17] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {C209BE05-35A8-45EA-8550-C5918F8F5EED} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804408 2021-12-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {C298B06E-7D8F-414B-8124-306F3C23A031} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C31F833F-F528-42E3-B89E-FA3295E38A1F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5346A2C-133C-4D09-B975-9A577320AE10} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D63A3224-2F74-4210-8F9A-9C137E715AE2} - System32\Tasks\LinuxFS GUI => C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Linux File Systems for Windows by Paragon Software.exe [2584496 2021-01-28] (Paragon Software GmbH -> Paragon Software)
Task: {D7193F9D-BAA0-4C63-BDB3-9BC466F82DCD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DB33EC89-0801-421D-B3A5-A9A8BCF6DBA6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [732064 2023-05-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {DDDB239B-1ACF-4585-BD8A-3594B802CA5B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157664 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3489DCB-3270-4DE7-A65B-D395819EA814} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E3EE8783-51B4-4222-81C7-73DF226A8D96} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2023-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4FDB983-2AC4-4CA0-9FE1-BAA46C0F5591} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {E779C6CB-C6B6-41AE-B451-CA795A221A47} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E96F5430-9388-46DF-98C8-21D8CB4E0615} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2B70739-096D-4FD5-8528-61E3D6414A1B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF3A6D2C-3C66-4CAD-BEE3-7B65C4ADD5C4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{626f78af-846f-45c9-b283-e6fcad0565f8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{efb5f2cd-ee7a-4bef-8da7-c1bda62d9b82}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f23a42f2-4a7d-44fd-a96c-8f4a8dca9680}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: D:\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\rfarz\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-19]
Edge DownloadDir: Default -> D:\Downloads
Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\rfarz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2023-04-26]
Edge Extension: (Edge relevant text changes) - C:\Users\rfarz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-26]
Edge Extension: (IDM Integration Module) - C:\Users\rfarz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2023-04-28]
Edge Extension: (AdGuard AdBlocker) - C:\Users\rfarz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2023-04-15]
Edge HKU\S-1-5-21-1156565943-348645102-1018404805-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2023-04-05]
FireFox:
========
FF DefaultProfile: ausnedha.default
FF ProfilePath: C:\Users\rfarz\AppData\Roaming\Mozilla\Firefox\Profiles\ausnedha.default [2020-07-21]
FF ProfilePath: C:\Users\rfarz\AppData\Roaming\Mozilla\Firefox\Profiles\wfbm3m7t.default-release-1678678860076 [2023-05-19]
FF Extension: (IDM Integration Module) - C:\Users\rfarz\AppData\Roaming\Mozilla\Firefox\Profiles\wfbm3m7t.default-release-1678678860076\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2023-05-02]
FF Extension: (WhatRuns) - C:\Users\rfarz\AppData\Roaming\Mozilla\Firefox\Profiles\wfbm3m7t.default-release-1678678860076\Extensions\{66d854c2-fd1b-4857-bd0a-7d220e4834da}.xpi [2023-04-27]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2021-09-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2021-09-25]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\rfarz\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\rfarz\AppData\Roaming\IDM\idmmzcc5 [2023-04-18] [Legacy] [not signed]
FF HKU\S-1-5-21-1156565943-348645102-1018404805-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2021-11-05] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2021-11-05] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2021-11-05] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2021-11-05] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2021-11-05] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1156565943-348645102-1018404805-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2023-04-19] (TD Ameritrade, Inc -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-1156565943-348645102-1018404805-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2023-04-19] (TD Ameritrade, Inc -> TD Ameritrade)
Chrome:
=======
CHR Profile: C:\Users\rfarz\AppData\Local\Google\Chrome\User Data\Default [2023-05-02]
CHR Extension: (Foxit PDF Creator) - C:\Users\rfarz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-05-02]
CHR Extension: (Google Docs Offline) - C:\Users\rfarz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-02]
CHR Extension: (IDM Integration Module) - C:\Users\rfarz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rfarz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-05-02]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx [2021-09-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-05]
CHR HKU\S-1-5-21-1156565943-348645102-1018404805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx [2021-09-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-05]
StartMenuInternet: Google Chrome Beta - C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
Brave:
=======
BRA Profile: C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-04-28]
BRA Extension: (MetaMask) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-02-03]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-02-03]
BRA Extension: (Brave NTP background images) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-09-09]
BRA Extension: (Wallet Data Files Updater) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-02-03]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-11-22]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-03-30]
BRA Extension: (Brave NTP sponsored images) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2023-02-03]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-01-22]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-02-03]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-30]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-01-22]
BRA Extension: (Crypto Wallets) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2021-05-05]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\rfarz\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-02-03]
Vivaldi:
=======
VIV Profile: C:\Users\rfarz\AppData\Local\Vivaldi\User Data\Default [2023-04-28]
VIV Extension: (Foxit PDF Creator) - C:\Users\rfarz\AppData\Local\Vivaldi\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-01-12]
StartMenuInternet: (HKU\S-1-5-21-1156565943-348645102-1018404805-1001) Vivaldi.3R77OPDDZK3LV5ODS73YC5AGXU - "D:\Vivaldi\Application\vivaldi.exe"
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"hitmanpro37" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\hitmanpro37 => \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys <==== ATTENTION (Rootkit!/Locked Service)
S4 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10341560 2020-03-31] (Acronis International GmbH -> )
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1254784 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6383744 2020-07-17] (Acronis International GmbH -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-02-27] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-02-27] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\113.1.51.118\brave_vpn_helper.exe [3031064 2023-05-17] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [317808 2015-02-03] (Dell Inc. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\112.0.5615.26\remoting_host.exe [74520 2023-03-13] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749376 2023-05-14] (Microsoft Corporation -> Microsoft Corporation)
S3 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [19792 2023-05-02] (Docker Inc -> Docker Inc.)
S4 Disk Savvy Enterprise; C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe [982528 2020-02-12] () [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [333224 2023-04-12] (Binary Fortress Software Ltd -> Binary Fortress Software)
R2 DLDPHSUP; C:\Program Files (x86)\Dell Printers\Dell Printer Hub\DLDPHSUP.exe [24584 2019-07-05] (Dell Inc -> Dell Inc.)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [9853528 2022-10-13] (Electronic Arts, Inc. -> Electronic Arts)
S4 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2021-10-28] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{37E21927-424B-41A9-ACB3-343A50B573E6} [21312 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2260560 2021-01-24] (voidtools -> voidtools)
R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe [2363008 2021-09-24] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GoogleChromeBetaElevationService; C:\Program Files (x86)\Google\Chrome Beta\Application\114.0.5735.35\elevation_service.exe [1742616 2023-05-16] (Google LLC -> Google LLC)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11458168 2022-04-14] (Logitech Inc -> Logitech, Inc.)
S3 LxssManagerUser; C:\WINDOWS\system32\lxss\wslclient.dll [393216 2023-05-10] (Microsoft Windows -> Microsoft Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9094440 2023-04-05] (Malwarebytes Inc. -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1918976 2020-03-31] (Acronis International GmbH -> )
R2 NumberPadNotificationService; C:\WINDOWS\system32\NumberPadNotificationService.exe [1058632 2020-12-15] (Microsoft Corporation -> Microsoft Corporation)
R2 ParagonLinuxFSMounter; C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\paragon_service.exe [4072488 2021-01-28] (Paragon Software GmbH -> Paragon Software)
S4 Rockstar Service; D:\Games\Rockstar Games\Launcher\RockstarService.exe [1382016 2020-11-28] (Rockstar Games, Inc. -> Rockstar Games)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7395256 2020-03-31] (Acronis International GmbH -> )
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16971576 2023-03-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7095824 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\113.1.51.118\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fa77e19594721328\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fa77e19594721328\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U3 3c7f33e9; C:\WINDOWS\System32\Drivers\3c7f33e9.sys [299544 2023-05-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AsrDrv101; C:\WINDOWS\SysWOW64\Drivers\AsrDrv101.sys [22280 2020-11-13] (ASROCK Incorporation -> ASRock Incorporation)
S3 AsrDrv106; C:\WINDOWS\SysWOW64\Drivers\AsrDrv106.sys [49984 2023-04-19] (ASROCK INC. -> ASRock Incorporation)
S3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows ® Win 7 DDK provider)
R2 Dokan; C:\WINDOWS\System32\DRIVERS\dokan.sys [77216 2021-01-28] (Paragon Software GmbH -> Windows ® Win 7 DDK provider)
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fiio_usbaudio; C:\WINDOWS\System32\drivers\fiio_usbaudio.sys [404024 2022-02-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 fiio_usbaudioks; C:\WINDOWS\System32\drivers\fiio_usbaudioks.sys [54872 2022-02-28] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [687768 2020-07-17] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2020-07-17] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [182832 2020-07-17] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 IDMWFP; C:\WINDOWS\System32\drivers\idmwfp.sys [171512 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
U0 klupd_3c7f33e9a_arkmon; C:\WINDOWS\System32\Drivers\klupd_3c7f33e9a_arkmon.sys [367904 2023-05-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_3c7f33e9a_arkmon_7FDCEA8C; C:\KVRT2020_Data\Temp\7FDCEA8C56F988BD5FC6927812234FA0\klupd_3c7f33e9a_arkmon.sys [367904 2023-05-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_3c7f33e9a_klark; C:\WINDOWS\System32\Drivers\klupd_3c7f33e9a_klark.sys [350848 2023-05-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U0 klupd_3c7f33e9a_klbg; C:\WINDOWS\System32\Drivers\klupd_3c7f33e9a_klbg.sys [179864 2023-05-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_3c7f33e9a_mark; C:\WINDOWS\System32\Drivers\klupd_3c7f33e9a_mark.sys [259440 2023-05-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44488 2021-11-03] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [33528 2022-03-30] (WDKTestCert builder,132743893872553407 -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [21704 2022-03-30] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [62904 2022-03-30] (WDKTestCert builder,132743893872553407 -> Logitech)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl9acd168f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90B55B1C-2741-4CFF-B681-9671C6F6B613}\MpKslDrv.sys [212264 2023-05-19] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2021-03-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [113664 2019-10-02] (SoftPerfect Pty. Ltd. -> Windows ® Win 7 DDK provider)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [95632 2022-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_007a; C:\WINDOWS\System32\drivers\RzDev_007a.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S0 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [133944 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [883256 2020-07-17] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [171968 2020-07-17] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [693768 2020-07-17] (Acronis International GmbH -> Acronis International GmbH)
S3 ToppingUsbAudio; C:\WINDOWS\System32\drivers\ToppingUsbAudio.sys [400952 2020-12-15] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ToppingUsbAudioks; C:\WINDOWS\System32\drivers\ToppingUsbAudioks.sys [53816 2020-12-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 UsbDk; C:\WINDOWS\System32\Drivers\UsbDk.sys [103128 2020-03-13] (Red Hat, Inc. -> Red Hat Inc.)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [240704 2022-03-22] (Oracle Corporation -> Oracle Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [817672 2022-02-19] (Microsoft Windows Hardware Compatibility Publisher -> IDRIX)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [330176 2020-07-17] (Acronis International GmbH -> Acronis International GmbH)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [67072 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2020-07-17] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [105912 2021-08-16] (VMware, Inc. -> VMware, Inc.)
S4 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [38320 2022-02-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
S4 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
S4 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-05-19 15:53 - 2023-05-19 09:14 - 000000000 ____D C:\FRST
2023-05-19 07:03 - 2023-05-19 07:03 - 000000496 _____ C:\WINDOWS\system32\.crusader
2023-05-19 06:58 - 2023-05-19 07:03 - 000000000 ____D C:\ProgramData\HitmanPro
2023-05-19 06:54 - 2023-05-19 09:11 - 000000000 ____D C:\KVRT2020_Data
2023-05-19 06:49 - 2023-05-19 15:44 - 000000000 ____D C:\Users\rfarz\AppData\Local\NPE
2023-05-19 06:49 - 2023-05-19 06:49 - 000000000 ____D C:\ProgramData\Norton
2023-05-19 06:16 - 2023-05-19 09:11 - 000001389 _____ C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-05-19 00:39 - 2023-05-19 00:39 - 000000000 ____D C:\Users\rfarz\AppData\Local\PackageManagement
2023-05-19 00:39 - 2023-05-19 00:39 - 000000000 ____D C:\Program Files\PackageManagement
2023-05-18 19:58 - 2023-05-18 19:58 - 070179820 _____ C:\Users\rfarz\AppData\Local\brave.zip
2023-05-18 19:57 - 2023-05-18 19:57 - 000587776 _____ (Igor Pavlov) C:\Users\rfarz\AppData\Local\7za.exe
2023-05-18 14:55 - 2023-05-18 14:55 - 165871844 _____ C:\Users\rfarz\AppData\Roaming\brave.zip
2023-05-18 14:54 - 2023-05-18 14:54 - 000587776 _____ (Igor Pavlov) C:\Users\rfarz\AppData\Roaming\7za.exe
2023-05-18 14:33 - 2023-05-18 14:33 - 000000000 ____D C:\Users\rfarz\ghxrtmd
2023-05-18 04:24 - 2023-05-18 05:01 - 000000000 ____D C:\ProgramData\SQL Anywhere 17
2023-05-18 04:11 - 2023-05-18 04:11 - 000000000 ____D C:\WINDOWS\system32\GPUCache
2023-05-18 04:06 - 2023-05-18 04:06 - 000000000 ____D C:\WINDOWS\Intuit
2023-05-18 04:06 - 2023-05-18 04:06 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\SQL Anywhere 17
2023-05-18 04:05 - 2023-05-18 04:05 - 000002289 _____ C:\Users\Public\Desktop\QuickBooks Enterprise Solutions 23.0.lnk
2023-05-18 04:05 - 2023-05-18 04:05 - 000000000 ____D C:\WINDOWS\SysWOW64\spool
2023-05-18 04:05 - 2023-05-18 04:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2023-05-18 04:03 - 2023-05-19 06:15 - 000000000 ____D C:\Users\rfarz\AppData\Local\Intuit
2023-05-18 04:02 - 2023-05-18 04:05 - 000000116 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2023-05-18 04:02 - 2023-05-18 04:03 - 000000000 ____D C:\Program Files\Common Files\Intuit
2023-05-18 04:02 - 2023-05-18 04:03 - 000000000 ____D C:\Program Files (x86)\Intuit
2023-05-18 04:02 - 2023-05-18 04:02 - 000000000 ____D C:\Program Files\Intuit
2023-05-18 03:59 - 2023-05-19 00:02 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\HK
2023-05-18 03:59 - 2023-01-31 13:09 - 650978304 _____ (Intuit, Inc. ) C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XcmyzmfyjvlXubdl.exe
2023-05-17 17:49 - 2023-05-17 17:49 - 000000000 ____D C:\Users\rfarz\.vscode-cli
2023-05-10 18:00 - 2023-05-10 18:00 - 000000000 ____D C:\Users\rfarz\.p2
2023-05-10 18:00 - 2023-05-10 18:00 - 000000000 ____D C:\Users\rfarz\.eclipse
2023-05-10 17:59 - 2023-05-10 17:59 - 000000000 ____D C:\Users\rfarz\AppData\Local\GitHubDesktop
2023-05-10 17:56 - 2023-05-10 17:56 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\JetBrains
2023-05-10 17:56 - 2023-05-10 17:56 - 000000000 ____D C:\Users\rfarz\AppData\Local\JetBrains
2023-05-10 17:56 - 2023-05-10 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2023-05-10 17:55 - 2023-05-10 17:55 - 000000000 ____D C:\Program Files\JetBrains
2023-05-10 14:14 - 2023-05-10 14:14 - 000000000 ____D C:\ProgramData\obs-studio
2023-05-10 14:14 - 2023-05-10 14:14 - 000000000 ____D C:\Program Files\Elgato
2023-05-10 01:44 - 2023-05-10 01:44 - 000000000 ___HD C:\$WinREAgent
2023-05-08 17:06 - 2023-05-08 17:15 - 000000000 ____D C:\Temp
2023-05-07 21:23 - 2023-05-07 21:23 - 000143260 _____ C:\Users\rfarz\OneDrive\Documents\return-instructions.pdf
2023-05-06 12:54 - 2023-05-08 01:58 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\draw.io
2023-05-06 12:54 - 2023-05-06 12:54 - 000001813 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\draw.io.lnk
2023-05-06 12:54 - 2023-05-06 12:54 - 000001801 _____ C:\Users\Public\Desktop\draw.io.lnk
2023-05-06 12:54 - 2023-05-06 12:54 - 000000000 ____D C:\Users\rfarz\AppData\Local\draw.io-updater
2023-05-06 12:54 - 2023-05-06 12:54 - 000000000 ____D C:\Program Files\draw.io
2023-05-02 16:54 - 2023-05-02 16:54 - 000000000 ____D C:\Users\rfarz\OneDrive\Documents\GitHub
2023-05-02 16:53 - 2023-05-10 17:59 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\GitHub Desktop
2023-05-02 16:53 - 2023-05-02 16:53 - 000000178 _____ C:\Users\rfarz\.gitconfig
2023-05-02 16:41 - 2023-05-02 16:41 - 000000000 ____D C:\Users\rfarz\AppData\Local\fanal
2023-05-02 15:37 - 2023-05-10 14:11 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Docker Desktop
2023-05-02 15:33 - 2023-05-10 14:12 - 000000000 ____D C:\Program Files\Hyper-V
2023-05-02 15:33 - 2023-05-02 15:33 - 000000000 ___SD C:\WINDOWS\system32\containers
2023-05-02 15:33 - 2023-05-02 15:33 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2023-05-02 15:31 - 2023-05-02 15:31 - 000002113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk
2023-05-02 15:29 - 2023-05-02 15:31 - 000000000 ____D C:\Program Files\Docker
2023-05-02 15:25 - 2023-05-18 17:47 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-05-02 15:25 - 2023-05-18 17:47 - 000002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-05-02 15:13 - 2023-05-02 15:13 - 000000000 ____D C:\Users\rfarz\.wdm
2023-04-28 13:52 - 2023-04-28 13:52 - 000001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2023.lnk
2023-04-28 04:36 - 2023-04-28 04:36 - 000000005 _____ C:\Users\rfarz\.node_repl_history
2023-04-28 04:36 - 2023-04-28 04:36 - 000000000 ____D C:\Users\rfarz\AppData\Local\npm-cache
2023-04-28 04:30 - 2023-04-28 04:30 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2023-04-28 04:30 - 2023-04-28 04:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2023-04-28 04:30 - 2023-04-28 04:30 - 000000000 ____D C:\Program Files\Application Verifier
2023-04-28 04:30 - 2023-04-28 04:30 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2023-04-28 04:28 - 2023-05-17 17:53 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2023-04-28 04:28 - 2023-04-28 04:32 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2023-04-28 04:28 - 2023-04-28 04:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2023-04-28 04:27 - 2023-04-28 04:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2023-04-28 04:27 - 2023-04-28 04:27 - 000001440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2023-04-28 04:27 - 2023-04-28 04:27 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Visual Studio Setup
2023-04-28 04:27 - 2023-04-28 04:27 - 000000000 ____D C:\ProgramData\shimgen
2023-04-28 04:27 - 2023-04-28 04:27 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2023-04-28 04:26 - 2023-05-02 17:15 - 000000000 ____D C:\Python311
2023-04-28 04:24 - 2023-04-28 04:24 - 000000000 ____D C:\Users\rfarz\AppData\Local\NuGet
2023-04-28 03:27 - 2023-04-28 03:27 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Python
2023-04-28 03:20 - 2023-04-28 03:20 - 000000000 ____D C:\Users\rfarz\AppData\Local\pip
2023-04-28 03:05 - 2023-04-28 03:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2023-04-28 03:05 - 2023-04-28 03:05 - 000000000 ____D C:\Program Files\Git
2023-04-28 02:49 - 2023-04-28 02:50 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2023-04-28 02:45 - 2023-04-28 02:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2023-04-27 23:28 - 2023-04-27 16:21 - 030117801 _____ C:\Users\rfarz\OneDrive\Documents\WhatsApp Video 2023-04-27 at 14.15.41.mp4
2023-04-27 21:42 - 2023-04-28 13:54 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\com.adobe.dunamis
2023-04-27 21:42 - 2023-04-27 21:42 - 000000000 ____D C:\Users\rfarz\AppData\LocalLow\Adobe
2023-04-27 21:39 - 2023-04-27 21:39 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk
2023-04-27 21:36 - 2023-04-27 21:36 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-04-27 21:34 - 2023-04-28 13:54 - 000000000 ____D C:\Users\rfarz\AppData\Local\Adobe
2023-04-27 21:34 - 2023-04-28 13:52 - 000000000 ____D C:\ProgramData\Adobe
2023-04-19 08:14 - 2023-04-19 08:14 - 000000000 ____D C:\ProgramData\Intel Telemetry
2023-04-19 03:35 - 2023-04-19 03:35 - 000003840 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2023-04-19 03:21 - 2023-04-19 03:21 - 000002685 _____ C:\Users\Public\Desktop\Intel® Extreme Tuning Utility.lnk
2023-04-19 03:21 - 2023-04-19 03:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2023-04-19 03:21 - 2023-04-19 03:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2023-04-19 03:13 - 2023-04-19 03:13 - 000000000 ____D C:\Users\rfarz\OneDrive\Documents\MAXON
2023-04-19 03:13 - 2023-04-19 03:13 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Maxon
2023-04-19 03:10 - 2023-04-19 03:10 - 000049984 _____ (ASRock Incorporation) C:\WINDOWS\SysWOW64\Drivers\AsrDrv106.sys
2023-04-19 03:10 - 2023-04-19 03:10 - 000001397 _____ C:\Users\Public\Desktop\F-Stream Tuning.lnk
2023-04-19 03:10 - 2023-04-19 03:10 - 000000000 ____D C:\WINDOWS\ASRock
2023-04-19 03:10 - 2023-04-19 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fatal1ty Utility
2023-04-19 03:09 - 2023-04-19 03:09 - 000000000 ____D C:\Program Files (x86)\Fatal1ty Utility
2023-04-19 00:40 - 2023-04-19 00:40 - 000000000 ____D C:\Program Files (x86)\Java
2023-04-19 00:40 - 2023-03-17 04:39 - 000170656 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2023-04-19 00:28 - 2023-04-19 02:36 - 000000000 ____D C:\Users\rfarz\.rssowl2
2023-04-19 00:27 - 2023-04-19 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2023-04-19 00:27 - 2023-04-19 00:27 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Sun
2023-04-19 00:26 - 2023-04-19 00:40 - 000000000 ____D C:\Program Files (x86)\RSSOwl
2023-04-19 00:26 - 2023-04-19 00:26 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSSOwl
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-05-19 16:08 - 2023-02-09 10:45 - 000000000 ____D C:\Program Files\TeamViewer
2023-05-19 16:08 - 2022-10-13 01:02 - 000000000 ____D C:\Intel
2023-05-19 16:08 - 2022-09-15 22:46 - 000000000 ____D C:\ProgramData\VMware
2023-05-19 16:08 - 2022-09-15 21:01 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2023-05-19 16:08 - 2022-08-26 20:55 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2023-05-19 16:08 - 2022-05-01 18:10 - 000008192 ___SH C:\DumpStack.log.tmp
2023-05-19 16:08 - 2021-10-21 13:56 - 000000000 ____D C:\Users\rfarz\AppData\Local\LogiBolt
2023-05-19 16:08 - 2020-07-16 08:31 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2023-05-19 16:08 - 2020-07-16 01:39 - 000000000 ____D C:\ProgramData\NVIDIA
2023-05-19 16:08 - 2020-07-16 01:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-05-19 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-05-19 16:08 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-05-19 16:08 - 2018-04-08 02:19 - 000000000 __SHD C:\Users\rfarz\IntelGraphicsProfiles
2023-05-19 16:07 - 2022-01-13 16:15 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\DMCache
2023-05-19 16:07 - 2020-07-21 22:35 - 000000000 ____D C:\Users\rfarz\AppData\Local\Everything
2023-05-19 16:07 - 2020-07-18 16:03 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Everything
2023-05-19 16:07 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-05-19 15:55 - 2021-02-26 14:14 - 000000000 ____D C:\Program Files\CCleaner
2023-05-19 15:52 - 2020-07-21 22:43 - 000000000 ____D C:\Users\rfarz\AppData\Local\DisplayFusion
2023-05-19 15:45 - 2020-12-05 21:45 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-05-19 15:31 - 2020-07-16 01:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-05-19 09:14 - 2021-03-29 13:55 - 000000000 ____D C:\Users\rfarz\AppData\Local\Dell Printer Hub
2023-05-19 09:14 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\registration
2023-05-19 09:13 - 2022-02-09 14:30 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-05-19 09:12 - 2020-07-16 01:47 - 000844898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-05-19 09:12 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2023-05-19 09:11 - 2020-07-19 11:21 - 000000000 ____D C:\Users\rfarz\AppData\Local\CrashDumps
2023-05-19 09:10 - 2020-07-16 10:48 - 000000524 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2023-05-19 09:10 - 2020-07-16 08:23 - 000000000 ____D C:\Program Files (x86)\Google
2023-05-19 09:09 - 2022-10-23 13:14 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Jabra Direct
2023-05-19 09:09 - 2022-04-07 02:39 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Glorious Core
2023-05-19 07:19 - 2021-02-11 11:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-05-19 07:19 - 2020-07-21 22:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-05-19 07:18 - 2020-12-05 21:44 - 000000000 ____D C:\WINDOWS\pss
2023-05-19 07:17 - 2020-07-21 22:15 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-05-19 06:58 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-05-19 06:49 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-05-19 06:16 - 2020-07-19 17:28 - 000000000 ____D C:\Users\rfarz\AppData\Local\ESET
2023-05-19 06:15 - 2021-08-25 20:33 - 000000000 ____D C:\ProgramData\Intuit
2023-05-19 06:15 - 2018-04-08 01:42 - 000000000 ___SD C:\Users\rfarz\AppData\Roaming\Microsoft\Credentials
2023-05-19 06:14 - 2020-07-16 01:38 - 000460624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-05-19 06:13 - 2022-03-24 05:08 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\qBittorrent
2023-05-19 06:13 - 2020-08-08 11:04 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\discord
2023-05-19 05:41 - 2022-03-30 03:14 - 000000000 ____D C:\Users\rfarz\AppData\Local\Discord
2023-05-19 05:30 - 2021-05-05 19:03 - 000000971 _____ C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2023-05-19 01:55 - 2021-08-03 16:32 - 000000000 ____D C:\Users\rfarz\.azure
2023-05-19 01:50 - 2021-08-02 19:42 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Code
2023-05-19 00:25 - 2018-04-08 01:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-05-18 23:35 - 2022-09-15 22:47 - 000000000 ____D C:\Users\rfarz\AppData\Local\VMware
2023-05-18 22:47 - 2020-07-16 08:24 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-05-18 22:47 - 2020-07-16 08:24 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-05-18 22:12 - 2022-09-15 22:47 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\VMware
2023-05-18 22:10 - 2022-09-15 22:46 - 000000000 ____D C:\Program Files (x86)\VMware
2023-05-18 22:08 - 2023-01-09 15:23 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Workplace
2023-05-18 22:08 - 2023-01-09 15:23 - 000000000 ____D C:\Users\rfarz\AppData\Local\Workplace
2023-05-18 19:06 - 2020-07-16 08:23 - 000000000 ____D C:\Users\rfarz\AppData\Local\Google
2023-05-18 14:33 - 2020-07-16 01:40 - 000000000 ____D C:\Users\rfarz
2023-05-18 04:13 - 2020-07-16 10:49 - 000000000 ____D C:\Users\rfarz\AppData\Local\D3DSCache
2023-05-18 01:12 - 2020-07-17 18:42 - 000000000 ____D C:\Users\rfarz\AppData\Local\Spotify
2023-05-17 18:05 - 2020-07-17 18:42 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Spotify
2023-05-17 17:50 - 2022-03-31 20:20 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\foobar2000
2023-05-17 17:50 - 2020-03-21 15:49 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2023-05-17 17:14 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-05-17 17:14 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-05-17 16:47 - 2020-07-16 08:24 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome Beta.lnk
2023-05-17 12:44 - 2021-02-27 01:50 - 000002335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-05-17 06:47 - 2021-08-06 02:41 - 000002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-05-14 03:55 - 2020-07-21 21:19 - 000000000 ____D C:\Program Files\Microsoft Office
2023-05-14 00:24 - 2022-10-23 13:14 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\JabraSDK
2023-05-12 19:38 - 2023-01-16 12:11 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-05-12 19:38 - 2020-11-07 16:51 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-05-12 00:12 - 2022-08-16 20:29 - 000000874 _____ C:\Users\Public\Desktop\Hue Sync.lnk
2023-05-12 00:12 - 2022-08-16 20:29 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\HueSync
2023-05-12 00:12 - 2022-08-16 20:29 - 000000000 ____D C:\Program Files\Hue Sync
2023-05-12 00:12 - 2019-10-19 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hue Sync
2023-05-11 13:32 - 2020-11-07 16:51 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-11 13:32 - 2020-11-07 16:51 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-05-11 00:34 - 2021-11-01 22:51 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Playnite
2023-05-11 00:28 - 2020-09-11 12:47 - 000000000 ____D C:\Program Files\HWiNFO64
2023-05-11 00:28 - 2018-06-04 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2023-05-10 17:59 - 2020-07-18 20:21 - 000000000 ____D C:\Users\rfarz\AppData\Local\SquirrelTemp
2023-05-10 17:59 - 2019-10-18 08:14 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2023-05-10 15:29 - 2021-11-01 22:51 - 000000000 ____D C:\Users\rfarz\AppData\Local\Playnite
2023-05-10 14:14 - 2021-10-18 03:13 - 000001116 _____ C:\Users\Public\Desktop\Stream Deck.lnk
2023-05-10 14:12 - 2022-08-24 01:21 - 000097890 _____ C:\WINDOWS\SysWOW64\PCPELog.txt
2023-05-10 14:12 - 2020-12-30 00:56 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-05-10 14:12 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-05-10 14:12 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-05-10 14:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-05-10 14:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-05-10 14:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-05-10 14:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-05-10 14:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-05-10 01:50 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-05-10 01:48 - 2020-07-16 01:40 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-05-10 01:44 - 2020-07-16 03:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-05-10 01:41 - 2020-07-16 03:48 - 159583304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-05-09 16:29 - 2020-07-16 10:45 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\MMC
2023-05-08 16:43 - 2020-07-16 01:40 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Windows
2023-05-08 10:08 - 2021-08-02 19:44 - 000000000 ____D C:\Users\rfarz\AppData\Local\Docker
2023-05-08 01:59 - 2020-07-21 21:23 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Excel
2023-05-08 01:01 - 2020-08-05 13:16 - 000000000 ____D C:\Users\rfarz\AppData\Local\Deployment
2023-05-03 14:47 - 2021-12-14 16:59 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-05-02 17:15 - 2020-07-16 21:00 - 000000000 ____D C:\ProgramData\Package Cache
2023-05-02 16:41 - 2020-06-25 18:16 - 000000000 ____D C:\Users\rfarz\.docker
2023-05-02 16:23 - 2021-02-19 11:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-05-02 15:40 - 2021-08-02 19:44 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Docker
2023-05-02 15:33 - 2020-08-06 15:38 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Slack
2023-05-02 15:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\schemas
2023-05-02 15:31 - 2023-03-14 19:35 - 000345096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll
2023-05-02 15:31 - 2023-03-14 19:35 - 000295488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM138.dll
2023-05-02 15:31 - 2022-12-13 12:16 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll
2023-05-02 15:31 - 2022-08-09 15:07 - 000371448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2023-05-02 15:31 - 2022-07-12 10:23 - 000073056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcip.sys
2023-05-02 15:31 - 2022-06-15 02:15 - 000505168 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmDataStore.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000375136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000282464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000243552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000204128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000203088 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmtpm.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000195920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000176992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvc.exe
2023-05-02 15:31 - 2022-06-15 02:15 - 000156008 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdebug.dll
2023-05-02 15:31 - 2022-06-15 02:15 - 000088912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmhgs.dll
2023-05-02 15:31 - 2022-05-11 00:33 - 000214864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmsvcext.sys
2023-05-02 15:31 - 2021-08-02 19:46 - 000000000 ____D C:\ProgramData\DockerDesktop
2023-05-02 15:31 - 2021-08-02 19:46 - 000000000 ____D C:\ProgramData\Docker
2023-05-02 15:31 - 2021-04-13 13:32 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsp.sys
2023-05-02 15:31 - 2021-02-26 22:38 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2023-05-02 15:31 - 2021-02-03 20:08 - 000183104 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2023-05-02 15:31 - 2021-01-13 01:10 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2023-05-02 15:31 - 2021-01-13 01:10 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgclientservice.dll
2023-05-02 15:31 - 2020-11-02 18:08 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2023-05-02 15:31 - 2020-07-16 02:35 - 000671744 _____ C:\WINDOWS\system32\hgattest.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 001579818 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2023-05-02 15:31 - 2019-12-07 02:10 - 001152064 _____ C:\WINDOWS\system32\WindowsHyperVCluster.V2.mof
2023-05-02 15:31 - 2019-12-07 02:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2023-05-02 15:31 - 2019-12-07 02:10 - 000182560 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsp.exe
2023-05-02 15:31 - 2019-12-07 02:10 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2023-05-02 15:31 - 2019-12-07 02:10 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\HgsClientWmi.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000077624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtpm.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000073744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmmsprox.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000057856 _____ C:\WINDOWS\system32\hgsclientplugin.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000056320 _____ C:\WINDOWS\system32\vmstaging.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000044040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ramparser.sys
2023-05-02 15:31 - 2019-12-07 02:10 - 000043640 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmplatformca.exe
2023-05-02 15:31 - 2019-12-07 02:10 - 000040960 _____ C:\WINDOWS\SysWOW64\vmstaging.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AttestationWmiProvider.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2023-05-02 15:31 - 2019-12-07 02:10 - 000016384 _____ C:\WINDOWS\system32\hgclientserviceps.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostGuardianServiceClientResources.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.dll
2023-05-02 15:31 - 2019-12-07 02:10 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2023-05-02 15:25 - 2021-08-06 02:41 - 000000000 ____D C:\Program Files\Google
2023-05-02 13:58 - 2020-07-16 01:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-05-01 23:45 - 2021-05-05 18:02 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Telegram Desktop
2023-04-28 13:52 - 2021-10-21 13:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-04-28 13:52 - 2021-10-21 13:55 - 000000000 ____D C:\Program Files\Adobe
2023-04-28 13:52 - 2020-07-16 01:44 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Adobe
2023-04-28 04:32 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-04-28 04:28 - 2020-07-16 02:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-04-28 04:24 - 2020-12-15 13:33 - 000000000 ____D C:\ProgramData\chocolatey
2023-04-28 00:50 - 2021-06-17 18:46 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\vlc
2023-04-28 00:08 - 2020-08-05 17:43 - 000000000 ____D C:\Users\rfarz\AppData\Local\TweetDuck
2023-04-27 23:01 - 2022-10-20 15:45 - 000000000 ____D C:\Users\rfarz\dwhelper
2023-04-27 18:09 - 2020-07-16 01:41 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Crypto
2023-04-24 15:37 - 2020-07-21 21:29 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Microsoft\Word
2023-04-19 17:55 - 2020-10-09 15:00 - 000000000 ____D C:\Program Files\thinkorswim
2023-04-19 17:55 - 2018-04-08 14:41 - 000000000 ____D C:\Users\rfarz\.thinkorswim
2023-04-19 03:23 - 2020-07-16 01:38 - 000000000 ____D C:\ProgramData\Intel
2023-04-19 03:21 - 2020-07-17 12:04 - 000000000 ____D C:\Program Files\Intel
2023-04-19 03:10 - 2020-07-17 12:04 - 000000000 ____D C:\Program Files (x86)\Intel
2023-04-19 02:56 - 2021-08-05 22:11 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\Bitwarden
2023-04-19 02:44 - 2023-03-30 22:59 - 000000000 ____D C:\Program Files\Blackmagic Design
2023-04-19 02:38 - 2022-03-31 19:34 - 000000000 ____D C:\Users\rfarz\AppData\Local\FreeCommanderXE
2023-04-19 00:41 - 2022-02-24 06:22 - 000000000 ____D C:\ProgramData\Oracle
2023-04-19 00:03 - 2020-08-08 19:11 - 000000000 ____D C:\Users\rfarz\AppData\Roaming\MPC-BE
==================== Files in the root of some directories ========
2022-10-08 06:57 - 2022-10-08 06:57 - 000513168 _____ (Intuit Inc.) C:\Program Files\Common Files\GraphSeriesCol.dll
2023-05-18 14:54 - 2023-05-18 14:54 - 000587776 _____ (Igor Pavlov) C:\Users\rfarz\AppData\Roaming\7za.exe
2023-05-18 14:55 - 2023-05-18 14:55 - 165871844 _____ () C:\Users\rfarz\AppData\Roaming\brave.zip
2022-09-16 04:58 - 2022-09-16 04:59 - 000003197 _____ () C:\Users\rfarz\AppData\Roaming\ConEmu.xml
2021-03-01 09:56 - 2021-03-01 10:01 - 000000509 _____ () C:\Users\rfarz\AppData\Roaming\SineMoraEX.dat
2022-03-31 19:05 - 2023-04-18 14:03 - 000000128 _____ () C:\Users\rfarz\AppData\Roaming\winscp.rnd
2023-05-18 19:57 - 2023-05-18 19:57 - 000587776 _____ (Igor Pavlov) C:\Users\rfarz\AppData\Local\7za.exe
2023-05-18 19:58 - 2023-05-18 19:58 - 070179820 _____ () C:\Users\rfarz\AppData\Local\brave.zip
2020-12-12 19:37 - 2021-01-09 22:38 - 000004608 _____ () C:\Users\rfarz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2023-03-31 02:15 - 2023-03-31 02:16 - 000000458 _____ () C:\Users\rfarz\AppData\Local\kdeglobals
2023-03-30 22:42 - 2023-03-30 22:42 - 000008337 _____ () C:\Users\rfarz\AppData\Local\kdenlive-layoutsrc
2023-03-30 22:42 - 2023-03-31 02:58 - 000005652 _____ () C:\Users\rfarz\AppData\Local\kdenliverc
2022-09-16 03:54 - 2022-09-16 03:57 - 000006130 _____ () C:\Users\rfarz\AppData\Local\krita-sysinfo.log
2022-09-16 03:54 - 2022-09-16 03:57 - 000001132 _____ () C:\Users\rfarz\AppData\Local\krita.log
2022-09-16 03:57 - 2022-09-16 03:57 - 000000039 _____ () C:\Users\rfarz\AppData\Local\kritadisplayrc
2022-09-16 03:54 - 2022-09-16 03:57 - 000016549 _____ () C:\Users\rfarz\AppData\Local\kritarc
2020-07-19 11:18 - 2020-07-19 11:18 - 000000001 _____ () C:\Users\rfarz\AppData\Local\llftool.4.40.agreement
2020-07-19 11:19 - 2020-07-19 11:19 - 000000019 _____ () C:\Users\rfarz\AppData\Local\llftool.license
2020-07-17 19:57 - 2023-03-04 06:07 - 000000128 _____ () C:\Users\rfarz\AppData\Local\PUTTY.RND
2022-09-16 03:58 - 2022-09-16 03:58 - 000000975 _____ () C:\Users\rfarz\AppData\Local\recently-used.xbel
2023-03-30 22:42 - 2023-03-30 22:42 - 000005122 _____ () C:\Users\rfarz\AppData\Local\user-places.xbel
2023-03-30 22:42 - 2023-03-30 22:42 - 000004450 _____ () C:\Users\rfarz\AppData\Local\user-places.xbel.bak
2023-03-30 22:42 - 2023-03-30 22:42 - 000000000 _____ () C:\Users\rfarz\AppData\Local\user-places.xbel.tbcache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Back to top
you to the Malware Removal Forum. I will be helping you with your malware issues.
