Highly suspect I'm being spied on by a creepy ex-roommate.
I've suspected for a long time, due to on/off again lagging, after which I would do some digging (I've used ever tool avail I think, but mostly Sysinternals Process Explorer) & find unrecognizable activity, A LOT of which refers to RPC/remote desktop/manifests/synchronous copies/VSS/loading-unloading/deleting logs after it's done.
I was going to put off doing this, hoping to get a new laptop soon, however yesterday by accident I was logged into my eBay account & after tooling around found page of logins w/device type, and noticed a LINUX LOGIN. The creepy roommate was ON LINUX. After that initial login, a succession of "unspecified device" logins (or something like that, can't remember exact words but basically whomever was hacking my account learned how to ghost their system details).
My gut feeling - he's polluted my system with some kind of malware which has infected many points.
He was pretty well-versed in IT (since that's all he did, all day, every day) & I suspect (only) he loaded something via USB or maybe even somehow via our wireless, which is autorunning and somehow either sending an image to the print spooler (WMI / powershell), also some strange virtual disk activity, and a partition I don't remember creating (might be used for cache).
I've opened a lot of dll's mui files etc in notepad & while mostly mumble jumble, super suspicious - since I have a standalone PC (of course I connect to the internet, but nobody shares my network or devices).
Also, I was very lazy back then - logged in as admin, left PC on, long delay for password to kick in.
ALSO WORTH MENTIONING - due to my increasing level of paranoia, I turned off many/if not all uneeded services.
Let me know if I need to turn back on/rerun reports.
I REALLY REALLY REALLY APPRECIATE THIS FORUM, AND YOUR HELP! I have prob spent 50+ hours tooling around, reading articles on digital forensics, prob have downloaded at least half dozen apps by now ... to no avail. SO GRATEFUL FOR YOU GUYS! THANK YOU!!!!
*PS. only FRST .txt doc fit, so attached Addition.txt per instructions. THANK YOU!*
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2021 01
Ran by My PC (administrator) on MYPC-PC (Hewlett-Packard HP Pavilion g4 Notebook PC) (09-05-2021 01:23:43)
Running from C:\Users\My PC\Downloads
Loaded Profiles: My PC & Virus_TestUser
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe
(June Fabrics Technology Inc. -> ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\My PC\Downloads\ProcessExplorer\procexp64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3657560 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-872009499-554787128-1037911315-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-872009499-554787128-1037911315-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Windows x64\Print Processors\hpcpp103: C:\Windows\System32\spool\prtprocs\x64\hpcpp103.dll [323584 2010-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [54944 2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP 0053 Status Monitor: C:\Windows\system32\hpinksts0053LM.dll [485048 2016-10-14] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2600 series): C:\Windows\system32\HPDiscoPM0053.dll [983176 2018-04-17] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\LIDIL hpzllwn7: C:\Windows\system32\hpzllwn7.dll [51712 2009-07-13] (Microsoft Windows -> Hewlett-Packard Company)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2011-03-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\...\Authentication\Credential Providers: [AutorunsDisabled] ->
Startup: C:\Users\My PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2020-10-15]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
GroupPolicyUsers\S-1-5-21-872009499-554787128-1037911315-1001\User: Restriction <==== ATTENTION
Policies: C:\Users\My PC\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Virus_TestUser\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {04D9F079-7FB1-4D0F-B965-8BD52BD7B33D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive -> No File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService -> No File <==== ATTENTION
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> No File <==== ATTENTION
Task: {38395E21-0897-4D82-86B7-9809101C4349} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor -> No File <==== ATTENTION
Task: {4C9C130E-739D-43FF-BFBA-9DCA9555A714} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask -> No File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> No File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask -> No File <==== ATTENTION
Task: {6FA42F62-7EA3-477B-A24E-669EE8E9FCAA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> No File <==== ATTENTION
Task: {783A069B-B0F3-49C1-9D45-5C22787CED8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask -> No File <==== ATTENTION
Task: {7B347AEE-DB5C-4781-87F8-C5DDCC6C6AA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {941BE6E6-04FB-444C-BADD-BDC0FBE4AC0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost -> No File <==== ATTENTION
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam -> No File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader -> No File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager -> No File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {C0E0A229-DDCB-4EE5-8F68-BB7F3A6CBB95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {C3803321-5B5F-4C10-9141-14D503A10B0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {C41BEFA0-2512-40AF-9D50-7C3EB60A0D15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D42AED48-1E50-450E-AAA1-821734ADFB09}: [DhcpNameServer] 8.8.8.8
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FireFox:
========
FF DefaultProfile: zzxfwcgm.default
FF ProfilePath: C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\zzxfwcgm.default [2020-12-29]
FF ProfilePath: C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release [2021-05-09]
FF Extension: (Pinterest Overlay Killer) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\@pinterestoverlaykiller.xpi [2020-12-31]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\firefox@ghostery.com.xpi [2021-05-08]
FF Extension: (HTTPS Everywhere) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\https-everywhere@eff.org.xpi [2021-04-26]
FF Extension: (Privacy Badger) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-02-14]
FF Extension: (IDM Integration Module) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2021-03-05]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2020-12-31]
FF Extension: (LastPass: Free Password Manager) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\support@lastpass.com.xpi [2021-05-06]
FF Extension: (Tab Session Manager) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2021-04-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2021-05-07] [Legacy] [not signed]
FF HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\My PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\My PC\AppData\Roaming\IDM\idmmzcc5 [2021-01-26] [Legacy] [not signed]
FF HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-07-31] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
Vivaldi:
=======
VIV Profile: C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice [2021-05-08] <==== ATTENTION
VIV HomePage: bernice -> vivaldi://startpage
VIV Extension: (Adobe Acrobat) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-28]
VIV Extension: (LastPass: Free Password Manager) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-04-28]
VIV Extension: (Otto – Pomodoro timer and website blocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\jbojhemhnilgooplglkfoheddemkodld [2021-04-28]
VIV Extension: (Fair AdBlocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2021-04-28]
VIV Extension: (Privacy Badger) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-04-28]
VIV Profile: C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default [2021-05-09]
VIV DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
VIV DefaultSearchKeyword: Default -> duckduckgo.com
VIV DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
VIV DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
VIV Extension: (Session Buddy) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2021-05-07]
VIV Extension: (Adobe Acrobat) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-05-07]
VIV Extension: (LastPass: Free Password Manager) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-05-07]
VIV Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-05-07]
VIV Extension: (Privacy Badger) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-05-07]
VIV Profile: C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile [2021-05-08] <==== ATTENTION
VIV Extension: (Session Buddy) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-11-12]
VIV Extension: (Adobe Acrobat) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-08]
VIV Extension: (Blur) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2021-04-05]
VIV Extension: (Pinterest Save Button) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-04-23]
VIV Extension: (Todoist for Chrome) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2021-04-19]
VIV Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-02-27]
VIV Extension: (Privacy Badger) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-02-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-06-30] (SurfRight B.V. -> SurfRight B.V.)
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> )
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [319320 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 76736615; C:\Windows\system32\drivers\76736615.sys [255928 2020-10-23] (Malwarebytes Corporation -> Malwarebytes)
R3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-08-18] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-05-16] (Martin Malik - REALiX -> REALiX(tm))
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [43088 2014-08-14] (Mainline Net Holdings Limited -> NT Kernel Resources)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [216184 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [550912 2019-05-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S4 tap-pia-0901; C:\Windows\System32\DRIVERS\tap-pia-0901.sys [29416 2018-08-27] (WDKTestCert kim,131775960494491927 -> The OpenVPN Project) [File not signed]
S4 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-01-30] (The OpenVPN Project) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-02-19] (Adlice -> )
R1 wdfsconnect2017; C:\Windows\system32\drivers\wdfsconnect2017.sys [468096 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 wdvpnpbus; C:\Windows\System32\DRIVERS\wdvpnpbus.sys [20608 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S0 58592667; system32\drivers\01987930.sys [X]
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-09 01:05 - 2021-05-09 01:05 - 000001359 _____ C:\Users\My PC\Desktop\MRINFO.EXE - Shortcut.lnk
2021-05-09 01:05 - 2021-05-09 01:05 - 000000862 _____ C:\Users\My PC\Desktop\msctf.dll - Shortcut.lnk
2021-05-09 00:49 - 2021-05-09 00:49 - 002298880 _____ (Farbar) C:\Users\My PC\Downloads\FRST64(1).exe
2021-05-09 00:24 - 2021-05-09 00:34 - 000001372 _____ C:\Windows\Sandboxie.ini
2021-05-09 00:24 - 2021-05-09 00:23 - 000000896 _____ C:\Users\My PC\Desktop\Sandboxed Web Browser.lnk
2021-05-09 00:23 - 2021-05-09 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-05-09 00:18 - 2021-05-09 00:18 - 063319765 _____ C:\Users\My PC\Documents\DeviceDisplayObjectProvider.dmp
2021-05-09 00:14 - 2021-05-09 00:14 - 016424799 _____ C:\Users\My PC\Documents\csrss.dmp
2021-05-08 22:32 - 2021-05-08 22:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-05-08 22:30 - 2021-05-08 22:30 - 000333096 _____ (Mozilla) C:\Users\My PC\Downloads\Firefox Installer(2).exe
2021-05-08 18:46 - 2021-05-08 18:46 - 000109166 _____ C:\Users\My PC\Downloads\VAPE COUPON.pdf
2021-05-08 18:12 - 2021-05-08 18:12 - 000179947 _____ C:\Users\My PC\Documents\CantChgPermissions.odt
2021-05-08 15:51 - 2021-05-08 15:52 - 000000992 _____ C:\Users\My PC\Downloads\Add-Restore_Security_Tab.reg
2021-05-08 14:42 - 2021-05-08 14:44 - 000000000 ____D C:\Users\My PC\Documents\REG SUSP
2021-05-08 14:18 - 2021-05-08 14:18 - 012612953 _____ C:\Users\My PC\Documents\lsm.dmp
2021-05-08 14:16 - 2021-05-09 00:04 - 018404761 _____ C:\Users\My PC\Documents\winlogon.dmp
2021-05-08 04:59 - 2021-05-08 05:00 - 000136262 _____ C:\TDSSKiller.2.8.16.0_08.05.2021_04.59.33_log.txt
2021-05-08 04:55 - 2021-05-08 04:55 - 000000000 __SHD C:\found.008
2021-05-08 04:48 - 2021-05-08 04:49 - 000136112 _____ C:\TDSSKiller.2.8.16.0_08.05.2021_04.48.24_log.txt
2021-05-08 04:47 - 2021-05-08 04:47 - 002218636 _____ C:\Users\My PC\Downloads\tdsskiller.zip
2021-05-08 04:47 - 2021-05-08 04:47 - 000000000 ____D C:\Users\My PC\Downloads\tdsskiller
2021-05-08 04:26 - 2021-05-08 04:26 - 000255928 _____ (Malwarebytes) C:\Users\My PC\Downloads\76736615.sys
2021-05-08 03:46 - 2021-05-08 03:46 - 042655262 _____ C:\Users\My PC\Documents\installer.DMP
2021-05-08 03:40 - 2021-05-08 03:40 - 000555556 _____ C:\Users\My PC\Documents\comsysapp.DMP
2021-05-07 22:01 - 2021-05-07 22:01 - 212883403 _____ C:\Users\My PC\Documents\explorer.exe2.DMP
2021-05-07 22:00 - 2021-05-07 22:00 - 032055768 _____ C:\Users\My PC\Documents\explorer.exe1.DMP
2021-05-07 21:29 - 2021-05-07 23:55 - 000000000 ____D C:\Users\My PC\Documents\NEW AUTORUNS
2021-05-07 21:29 - 2021-05-07 21:29 - 005825970 _____ C:\Users\My PC\Documents\NEW AUTORUNS.arn
2021-05-07 20:57 - 2021-05-07 20:57 - 005845094 _____ C:\Users\My PC\Documents\PreNWAutoruns.arn
2021-05-07 15:28 - 2021-05-07 15:28 - 000004135 _____ C:\Users\My PC\Downloads\Invoice_Jan-16-21_Feb-14-21 (1).html.gz
2021-05-07 15:26 - 2021-05-07 15:26 - 000004958 _____ C:\Users\My PC\Downloads\Invoice_Nov-16-20_Dec-14-20.html.gz
2021-05-07 15:26 - 2021-05-07 15:26 - 000004135 _____ C:\Users\My PC\Downloads\Invoice_Jan-16-21_Feb-14-21.html.gz
2021-05-07 15:25 - 2021-05-07 15:25 - 000005379 _____ C:\Users\My PC\Downloads\Invoice_Dec-16-20_Jan-14-21.html.gz
2021-05-07 15:12 - 2021-05-07 15:12 - 000002080 _____ C:\Users\My PC\Downloads\Invoice_Dec-16-20_Jan-15-21.csv
2021-05-07 15:11 - 2021-05-07 15:11 - 000001073 _____ C:\Users\My PC\Downloads\Invoice_Jan-16-21_Feb-15-21.csv
2021-05-07 15:10 - 2021-05-07 15:10 - 000216061 _____ C:\Users\My PC\Downloads\Financial Statement-Feb-19-21 (1).pdf
2021-05-07 14:53 - 2021-05-07 14:53 - 000213907 _____ C:\Users\My PC\Downloads\Financial Statement-Jan-18-21.pdf
2021-05-07 14:52 - 2021-05-07 14:53 - 000216061 _____ C:\Users\My PC\Downloads\Financial Statement-Feb-19-21.pdf
2021-05-07 14:52 - 2021-05-07 14:52 - 000245188 _____ C:\Users\My PC\Downloads\Financial Statement-Mar-19-21.pdf
2021-05-07 14:51 - 2021-05-07 14:51 - 000245193 _____ C:\Users\My PC\Downloads\Financial Statement-Apr-17-21.pdf
2021-05-06 20:45 - 2021-05-06 20:45 - 000605969 _____ C:\Users\My PC\Downloads\2020_TaxReturn (1).pdf
2021-05-06 17:40 - 2021-05-06 17:40 - 000612795 _____ C:\Users\My PC\Downloads\2020_TaxReturn.pdf
2021-05-06 07:48 - 2021-05-06 07:48 - 000944117 _____ C:\Users\My PC\Downloads\rotorooter.htm
2021-05-06 07:48 - 2021-05-06 07:48 - 000000000 ____D C:\Users\My PC\Downloads\rotorooter_files
2021-05-06 04:35 - 2021-05-06 04:35 - 000045882 _____ C:\Users\My PC\Downloads\2020 Individual Tax Return Tax Plan.pdf
2021-05-05 21:45 - 2021-05-05 20:11 - 000000178 _____ C:\Users\My PC\Documents\status[1]
2021-05-05 21:45 - 2021-05-05 09:34 - 000006766 _____ C:\Users\My PC\Documents\dnserrordiagoff_webOC[1]
2021-05-05 21:45 - 2021-05-05 09:34 - 000002168 _____ C:\Users\My PC\Documents\ErrorPageTemplate[1]
2021-05-05 21:43 - 2021-05-05 20:11 - 000000806 _____ C:\Users\My PC\Documents\shepherd_ff_avast_com[1].txt
2021-05-05 00:44 - 2021-05-05 00:44 - 000000000 ____D C:\Users\My PC\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2021-05-05 00:03 - 2021-05-05 00:03 - 000622562 _____ C:\Users\My PC\Documents\svchostpluplaypowerwmiprvse.dmp
2021-05-04 17:20 - 2021-05-04 17:20 - 005653352 _____ C:\Users\My PC\Documents\MYPC-PCnetwork safe.arn
2021-05-04 17:20 - 2021-05-04 17:20 - 000254216 _____ C:\Users\My PC\Documents\ctfmon.dmp
2021-05-04 17:12 - 2021-05-04 17:12 - 000000400 _____ C:\Users\My PC\Desktop\TODAY SAVED.txt
2021-05-03 14:04 - 2021-05-03 14:04 - 000000000 ____D C:\Users\My PC\Downloads\Turo_data_export_20210503
2021-05-03 14:03 - 2021-05-03 14:03 - 014156819 _____ C:\Users\My PC\Downloads\Turo_data_export_20210503.zip
2021-05-03 12:51 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Downloads\volatility_2.6_win64_standalone
2021-05-03 12:50 - 2021-05-03 12:50 - 015565657 _____ C:\Users\My PC\Downloads\volatility_2.6_win64_standalone.zip
2021-05-03 12:42 - 2021-05-03 12:42 - 000218944 _____ C:\Users\My PC\Documents\conhost1.dmp
2021-05-03 12:41 - 2021-05-03 12:42 - 017953814 _____ C:\Users\My PC\Documents\conhost.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424909 _____ C:\Users\My PC\Documents\rundll325.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424685 _____ C:\Users\My PC\Documents\rundll322.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424541 _____ C:\Users\My PC\Documents\rundll323.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424525 _____ C:\Users\My PC\Documents\rundll324.dmp
2021-05-03 12:40 - 2021-05-03 12:40 - 000423629 _____ C:\Users\My PC\Documents\rundll321.dmp
2021-05-03 12:30 - 2021-05-03 12:30 - 000000000 ____D C:\Users\My PC\Downloads\getservices
2021-05-03 12:21 - 2021-05-03 12:21 - 000130337 _____ C:\Users\My PC\Downloads\getservices.zip
2021-05-03 11:30 - 2021-05-03 11:30 - 000000000 ____D C:\Users\My PC\Documents\ROGUEKILLER
2021-05-01 11:45 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Downloads\cports-x64
2021-05-01 11:44 - 2021-05-01 11:44 - 000131251 _____ C:\Users\My PC\Downloads\cports-x64.zip
2021-05-01 11:11 - 2021-05-01 11:11 - 006433958 _____ C:\Users\My PC\Downloads\snort3_demo-3.1.4.0.tar.gz
2021-05-01 03:06 - 2021-05-01 03:06 - 000000000 ____D C:\Users\My PC\Downloads\Operation-Legend-Social-Squares
2021-05-01 03:04 - 2021-05-01 03:05 - 062027426 _____ C:\Users\My PC\Downloads\Reparations-Now-Toolkit-FINAL.pdf
2021-05-01 03:04 - 2021-05-01 03:04 - 001925653 _____ C:\Users\My PC\Downloads\Operation-Legend-Social-Squares.zip
2021-05-01 03:03 - 2021-05-01 03:03 - 005668234 _____ C:\Users\My PC\Downloads\04-End-the-War-on-Black-Trans-Gender-Nonconforming-and-Intersex-People.pdf
2021-05-01 03:02 - 2021-05-01 03:02 - 000465138 _____ C:\Users\My PC\Downloads\2020-6-10_M4BLCLEAR_FBIEncounters_FINAL.pdf
2021-04-30 15:04 - 2021-04-30 15:13 - 000000000 ____D C:\Users\My PC\Downloads\PHOTOS _SAVE SOCIALMEDIAPOST
2021-04-30 15:04 - 2021-04-30 15:04 - 000000000 ____D C:\Users\My PC\Downloads\New folder
2021-04-29 13:15 - 2021-04-29 13:15 - 000000000 __SHD C:\found.007
2021-04-28 02:58 - 2021-04-29 12:02 - 000000069 _____ C:\Users\My PC\Downloads\todotoday.txt
2021-04-28 00:13 - 2021-04-28 00:13 - 005751422 _____ C:\Users\My PC\Documents\MYPC-PC1.arn
2021-04-27 23:38 - 2021-04-27 23:38 - 002700493 _____ C:\Users\My PC\Downloads\25-Amazing-and-Disturbing-Facts-about-the-Hidden-History-of-Medicine (1).pdf
2021-04-27 22:52 - 2021-04-27 22:52 - 002700493 _____ C:\Users\My PC\Downloads\25-Amazing-and-Disturbing-Facts-about-the-Hidden-History-of-Medicine.pdf
2021-04-27 17:37 - 2021-05-09 00:30 - 026592124 _____ C:\Users\My PC\Documents\dllhost.dmp
2021-04-27 13:30 - 2021-04-27 13:30 - 000226095 _____ C:\Users\My PC\Downloads\WmiExplorer_2.0.0.2.zip
2021-04-27 12:11 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Documents\Misc receipts file
2021-04-26 17:47 - 2021-04-26 17:47 - 000000000 ____D C:\Users\My PC\AppData\Roaming\4kdownload.com
2021-04-26 17:38 - 2021-04-26 17:38 - 000858909 _____ C:\Users\My PC\Downloads\eo_2020-63.pdf
2021-04-26 17:37 - 2021-04-26 17:37 - 001210410 _____ C:\Users\My PC\Downloads\eo_2020-61.pdf
2021-04-26 17:35 - 2021-04-26 17:35 - 001363642 _____ C:\Users\My PC\Downloads\eo_2021-02.pdf
2021-04-26 17:34 - 2021-04-26 17:35 - 001237284 _____ C:\Users\My PC\Downloads\eo_2021-09.pdf
2021-04-26 17:34 - 2021-04-26 17:34 - 000807951 _____ C:\Users\My PC\Downloads\eo_2021-03.pdf
2021-04-26 17:11 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Downloads\4K Video Downloader 4.14.0.4010 (Repack & Portable) {B4tman}
2021-04-26 16:29 - 2021-04-26 16:29 - 000081426 _____ C:\Users\My PC\Downloads\QRestore1.0.zip
2021-04-26 11:54 - 2021-04-26 11:57 - 000977344 _____ (WinZip Computing) C:\Users\My PC\Downloads\winzip25-p003.exe
2021-04-26 11:42 - 2021-04-26 11:42 - 000000000 ____D C:\Users\My PC\Downloads\The Reality Revolution by Brian Scott EPUB
2021-04-26 11:28 - 2021-05-07 12:35 - 000000000 ____D C:\Users\My PC\Downloads\4K Video Downloader 4.4.7 - SeuPirate-288
2021-04-26 08:35 - 2021-04-26 08:35 - 001179133 _____ C:\Users\My PC\Downloads\treatment-guidelines-candidiasis.pdf
2021-04-26 08:04 - 2021-04-26 11:29 - 000001348 _____ C:\Users\My PC\Downloads\Fungus Cancer.txt
2021-04-26 04:15 - 2021-04-26 04:15 - 000179466 _____ C:\Users\My PC\Downloads\admin-candidiasis-an-important-opportunistic-mycosis-of-global-public-health-concern.pdf
2021-04-25 13:01 - 2021-04-25 13:01 - 000001818 _____ C:\Users\My PC\Downloads\VERACRUZ FISH HOUSE SERVER JOB SUMMARY.txt
2021-04-24 14:10 - 2021-04-24 14:10 - 000383780 _____ C:\Users\My PC\Documents\WmiApSrv.dmp
2021-04-24 11:53 - 2021-05-05 03:56 - 3680501760 _____ C:\Users\My PC\Downloads\Tarot.iso
2021-04-24 11:52 - 2021-04-24 11:53 - 000000000 ____D C:\Users\My PC\Downloads\Tarot Books
2021-04-24 11:51 - 2021-04-24 11:51 - 000000000 ____D C:\Users\My PC\Downloads\Parallel Universes of Self by Frederick E. Dodson EPUB
2021-04-23 10:59 - 2021-04-23 11:00 - 000817936 _____ C:\Users\My PC\Downloads\Danger posed by earthquake fault will lead to tighter San Diego building restrictions - The San Diego Union-Tribune.pdf
2021-04-23 01:52 - 2021-04-23 01:52 - 000167220 _____ C:\Users\My PC\Downloads\EdwinJohnRohr.pdf
2021-04-21 15:59 - 2021-04-21 15:59 - 000000000 _____ C:\Users\My PC\Downloads\LibreOffice_7.1.2_Win_x64.msi
2021-04-21 13:47 - 2021-04-21 13:47 - 000120942 _____ C:\Users\My PC\Downloads\Confidential Client Information COMPLETE1.pdf
2021-04-21 13:17 - 2021-04-21 13:47 - 000550187 _____ C:\Users\My PC\Downloads\Confidential Client Information COMPLETE.pdf
2021-04-21 12:51 - 2021-04-29 17:53 - 000000196 _____ C:\Users\My PC\Downloads\TODODS.txt
2021-04-21 11:09 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-04-21 11:09 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files\7-Zip
2021-04-21 09:18 - 2021-05-07 12:35 - 000000000 ____D C:\Users\My PC\Downloads\DIANNE_THERAPY
2021-04-20 15:51 - 2021-04-20 15:51 - 000104166 _____ C:\Users\My PC\Downloads\4.21 Forum AARP ban anti vaxxers.txt
2021-04-20 15:50 - 2021-04-20 15:50 - 000106361 _____ C:\Users\My PC\Downloads\CLAMWIN REPORT.txt
2021-04-19 20:27 - 2021-04-19 20:27 - 012391064 _____ C:\Users\My PC\Downloads\371979196-US-PATENT-Therapeutic-Behavior-Modification-Program.pdf
2021-04-19 18:58 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2021-04-19 18:58 - 2021-04-19 18:58 - 000000000 ____D C:\Users\My PC\AppData\Roaming\.clamwin
2021-04-19 18:57 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\ClamWin
2021-04-19 18:57 - 2021-04-19 18:57 - 000000000 ____D C:\ProgramData\.clamwin
2021-04-19 15:35 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2021-04-19 15:35 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2021-04-19 15:34 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2021-04-19 15:34 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2021-04-19 15:33 - 2021-04-19 15:33 - 000000000 ____D C:\Windows\PCHEALTH
2021-04-19 15:31 - 2021-05-07 12:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-19 15:31 - 2021-05-07 12:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-04-19 15:30 - 2021-05-07 12:25 - 000000000 __RHD C:\MSOCache
2021-04-19 13:32 - 2021-04-19 17:55 - 000000000 ____D C:\Users\My PC\Downloads\A_POSTCARD
2021-04-19 12:46 - 2021-04-19 12:46 - 000025532 _____ C:\Users\My PC\Downloads\KIMBERLY-NAVARRO---Label.pdf
2021-04-18 21:12 - 2021-04-18 21:12 - 000000135 _____ C:\Users\My PC\Downloads\postcard.txt
2021-04-18 15:01 - 2021-04-18 15:01 - 002727018 _____ C:\Users\My PC\Downloads\Report ENGLISH.pdf
2021-04-18 14:44 - 2021-04-18 14:44 - 002708972 _____ C:\Users\My PC\Downloads\Report.pdf
2021-04-18 14:39 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2021-04-18 14:39 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2021-04-18 14:39 - 2021-04-18 14:39 - 000001031 _____ C:\Users\Virus_TestUser\Desktop\WinDirStat.lnk
2021-04-18 14:39 - 2021-04-18 14:39 - 000001031 _____ C:\Users\My PC\Desktop\WinDirStat.lnk
2021-04-18 14:39 - 2021-04-18 14:39 - 000000000 ____D C:\Users\My PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2021-04-18 14:37 - 2021-04-18 14:41 - 172661090 _____ (alch ) C:\Users\My PC\Downloads\clamwin-0.99.4-setup.exe
2021-04-18 14:36 - 2021-04-18 14:37 - 000645729 _____ (WDS Team) C:\Users\My PC\Downloads\windirstat1_1_2_setup.exe
2021-04-16 11:47 - 2021-04-16 11:47 - 000288596 _____ C:\Users\My PC\Downloads\Asymptomatic_antrolith_in_maxillary_sinus_Report_o.pdf
2021-04-16 10:16 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DicomWorks
2021-04-16 10:16 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\DicomWorks
2021-04-16 10:16 - 2021-04-16 10:16 - 000001917 _____ C:\Users\Virus_TestUser\Desktop\DicomWorks 1.3.5.lnk
2021-04-16 10:16 - 2021-04-16 10:16 - 000001917 _____ C:\Users\My PC\Desktop\DicomWorks 1.3.5.lnk
2021-04-16 10:14 - 2021-04-16 10:14 - 006085090 _____ C:\Users\My PC\Downloads\microdicom-3.8.1-x64.zip
2021-04-16 10:13 - 2021-04-16 10:13 - 006007017 _____ C:\Users\My PC\Downloads\dicomworks_135b.exe
2021-04-16 07:57 - 2021-04-16 07:58 - 000000000 ____D C:\Users\My PC\Downloads\TEST MISSY FILE UNZIP
2021-04-14 06:17 - 2021-04-14 06:17 - 000000000 _____ C:\Users\My PC\Downloads\lu2320b946b.tmp
2021-04-14 04:42 - 2021-04-14 04:42 - 000008646 _____ C:\Users\My PC\Downloads\funstuff parker.ods
2021-04-13 21:54 - 2021-04-13 21:54 - 249550913 _____ C:\Users\My PC\Downloads\missymissynewnew1.zip
2021-04-13 21:47 - 2021-04-13 21:47 - 000000000 ____D C:\Users\My PC\Downloads\MissyNavarro4.9.21
2021-04-13 21:46 - 2021-04-13 21:46 - 249550913 _____ C:\Users\My PC\Downloads\missymissynewnew.zip
2021-04-13 21:41 - 2021-04-13 21:41 - 249550657 _____ C:\Users\My PC\Downloads\MissyNavarroScans4.9.21.zip
2021-04-13 21:36 - 2021-04-13 21:36 - 000001769 _____ C:\Users\My PC\Downloads\mMISSYNEWNEW.wjf
2021-04-13 21:26 - 2021-04-13 21:26 - 249550913 _____ C:\Users\My PC\Downloads\missymissymissyy22
2021-04-13 19:03 - 2021-04-13 19:03 - 000000000 ____D C:\ProgramData\UniqueId
2021-04-13 19:01 - 2021-04-13 19:03 - 000977336 _____ (WinZip Computing) C:\Users\My PC\Downloads\winzip25-downwz.exe
2021-04-13 18:51 - 2021-04-13 18:51 - 000000000 ____D C:\Users\My PC\Desktop\eFilmLite
2021-04-13 18:50 - 2021-04-13 18:50 - 000000000 ____D C:\Users\My PC\Desktop\DICOM
2021-04-13 18:50 - 2021-04-09 17:57 - 000455234 ____R C:\Users\My PC\Desktop\DICOMDIR
2021-04-13 17:28 - 2021-04-13 17:28 - 000000335 _____ C:\Windows\system32\Drivers\etc\hosts111.txt
2021-04-13 17:23 - 2021-04-13 17:23 - 000000339 _____ C:\Windows\system32\Drivers\etc\hosts11.txt
2021-04-13 16:57 - 2021-04-13 16:57 - 000002037 _____ C:\Users\Public\Desktop\LightScribe.lnk
2021-04-13 16:57 - 2021-04-13 16:57 - 000002037 _____ C:\ProgramData\Desktop\LightScribe.lnk
2021-04-13 16:56 - 2021-05-07 12:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2021-04-13 15:30 - 2021-04-13 16:34 - 000000000 ____D C:\Users\My PC\Downloads\Nero Burning ROM 2017 18.0.00800 FINAL [TechTools.ME]
2021-04-13 13:59 - 2021-04-13 13:59 - 000000015 _____ C:\ProgramData\krosqm.txt
2021-04-13 13:56 - 2021-04-13 13:56 - 001481013 _____ (Igor Pavlov) C:\Users\My PC\Downloads\7z2101-x64.exe
2021-04-13 13:44 - 2021-04-13 13:49 - 000000000 ____D C:\Users\My PC\Downloads\Nero Express 2016 v17.0.8000 Multilanguage Portable[by Robert]
2021-04-12 13:22 - 2021-04-12 13:22 - 002224105 _____ C:\Users\My PC\Downloads\HappyBdayJill.zip
2021-04-11 22:53 - 2021-04-11 22:53 - 000435311 _____ C:\Users\My PC\Downloads\MIDSUMMERSNIGHTDREAM.pdf
2021-04-11 01:11 - 2021-04-11 01:11 - 000006634 _____ C:\Users\My PC\Downloads\2020 Taxes consent form.pdf
2021-04-10 16:41 - 2021-04-10 16:41 - 000073151 _____ C:\Users\My PC\Downloads\Studio_Project.jpeg
2021-04-10 16:15 - 2021-04-10 16:15 - 000840456 _____ C:\Users\My PC\Downloads\Studio_Project (1).jpeg
2021-04-10 16:00 - 2021-04-10 16:00 - 000704213 _____ C:\Users\My PC\Downloads\BLMbuysmansions.jpeg
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-05-09 01:31 - 2019-05-17 12:49 - 000000000 ____D C:\Users\My PC\AppData\LocalLow\Mozilla
2021-05-09 01:30 - 2019-06-30 08:03 - 000023394 _____ C:\Users\My PC\Downloads\FRST.txt
2021-05-09 01:28 - 2019-06-30 08:03 - 000000000 ____D C:\FRST
2021-05-09 01:21 - 2019-05-17 15:09 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-09 00:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\registration
2021-05-09 00:23 - 2020-09-22 16:33 - 000000000 ____D C:\Program Files\Sandboxie
2021-05-09 00:12 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2021-05-08 22:32 - 2020-12-10 19:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-08 22:31 - 2021-02-15 20:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-08 22:31 - 2020-12-29 23:47 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-08 22:31 - 2020-12-29 23:47 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-05-08 22:31 - 2020-12-29 23:47 - 000000924 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-05-08 14:43 - 2020-09-05 13:34 - 000000374 _____ C:\Users\My PC\.vivaldi_reporting_data
2021-05-08 14:21 - 2021-01-03 00:01 - 285037395 _____ C:\Users\My PC\Documents\firefox.dmp
2021-05-08 13:19 - 2019-12-17 01:33 - 000000000 ____D C:\Windows\system32\Tasks\Event Viewer Tasks
2021-05-08 04:58 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-08 03:26 - 2009-07-13 21:45 - 000039440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-08 03:26 - 2009-07-13 21:45 - 000039440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-08 00:05 - 2021-04-05 23:33 - 000000439 _____ C:\Windows\system32\config\FileSharing.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000385255 _____ C:\Windows\system32\config\WindowsFirewallConfig.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000124706 _____ C:\Windows\system32\config\WcnInfo.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000055885 _____ C:\Windows\system32\config\WindowsFirewallEffectiveRules.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000010253 _____ C:\Windows\system32\config\Neighbors.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000001300 _____ C:\Windows\system32\config\Dns.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000000306 _____ C:\Windows\system32\config\netiostate.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000065019 _____ C:\Windows\system32\config\envinfo.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000020635 _____ C:\Windows\system32\config\WinsockCatalog.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000004760 _____ C:\Windows\system32\config\osinfo.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000002077 _____ C:\Windows\system32\config\adapterinfo.txt
2021-05-07 14:14 - 2020-12-05 18:01 - 000165424 _____ C:\Users\My PC\AppData\Local\GDIPFONTCACHEV1.DAT
2021-05-07 12:35 - 2021-03-25 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2021-05-07 12:35 - 2021-01-28 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Player
2021-05-07 12:35 - 2020-11-19 13:53 - 000000000 ____D C:\Program Files\Wireshark
2021-05-07 12:35 - 2020-11-17 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-05-07 12:35 - 2020-11-17 10:28 - 000000000 ____D C:\ProgramData\RogueKiller
2021-05-07 12:35 - 2020-11-14 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
2021-05-07 12:35 - 2020-11-14 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)
2021-05-07 12:35 - 2020-11-14 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
2021-05-07 12:35 - 2020-11-14 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
2021-05-07 12:35 - 2020-11-14 07:10 - 000000000 ____D C:\Program Files\WD Desktop App
2021-05-07 12:35 - 2020-10-29 09:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2021-05-07 12:35 - 2020-10-29 09:17 - 000000000 ____D C:\ProgramData\LGMOBILEAX
2021-05-07 12:35 - 2020-10-27 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-05-07 12:35 - 2020-10-27 07:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu WiFi Hotspot
2021-05-07 12:35 - 2020-10-15 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2021-05-07 12:35 - 2020-09-27 22:39 - 000000000 ____D C:\ProgramData\iolo technologies
2021-05-07 12:35 - 2020-09-24 12:30 - 000000000 ____D C:\Users\My PC\AppData\Roaming\qBittorrent
2021-05-07 12:35 - 2020-09-24 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-05-07 12:35 - 2020-09-22 01:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2021-05-07 12:35 - 2020-09-05 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-05-07 12:35 - 2020-09-04 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0
2021-05-07 12:35 - 2019-12-20 04:11 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-05-07 12:35 - 2019-12-20 02:03 - 000000000 ____D C:\Users\Virus_TestUser
2021-05-07 12:35 - 2019-06-30 07:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-05-07 12:35 - 2019-06-22 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-05-07 12:35 - 2019-05-30 04:52 - 000000000 ____D C:\ProgramData\SecTaskMan
2021-05-07 12:35 - 2019-05-27 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2021-05-07 12:35 - 2019-05-25 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2021-05-07 12:35 - 2019-05-19 18:55 - 000000000 ____D C:\ProgramData\Brother
2021-05-07 12:35 - 2019-05-19 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-05-07 12:35 - 2019-05-19 18:45 - 000000000 ____D C:\ProgramData\HP
2021-05-07 12:35 - 2019-05-19 15:19 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-07 12:35 - 2019-05-17 17:28 - 000000000 ____D C:\Users\My PC\AppData\Local\Microsoft Help
2021-05-07 12:35 - 2019-05-16 22:11 - 000000000 ____D C:\ProgramData\ProductData
2021-05-07 12:35 - 2019-05-16 22:09 - 000000000 ____D C:\ProgramData\IObit
2021-05-07 12:35 - 2011-04-12 01:17 - 000000000 ____D C:\Windows\system32\WCN
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Portable Devices
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Defender
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\DVD Maker
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\MUI
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Windows NT
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\System
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Services
2021-05-07 12:34 - 2021-03-04 12:29 - 000000000 ____D C:\Program Files (x86)\PdaNet for Android
2021-05-07 12:34 - 2021-02-26 22:33 - 000000000 ____D C:\Program Files (x86)\Roomsketcher
2021-05-07 12:34 - 2021-01-28 01:47 - 000000000 ____D C:\Program Files\Free FLV Player
2021-05-07 12:34 - 2020-11-29 10:03 - 000000000 ____D C:\Program Files (x86)\HostsMan
2021-05-07 12:34 - 2020-11-17 10:29 - 000000000 ____D C:\Program Files\RogueKiller
2021-05-07 12:34 - 2020-11-14 15:28 - 000000000 ____D C:\Program Files\Microsoft Windows Performance Toolkit
2021-05-07 12:34 - 2020-11-14 15:27 - 000000000 ____D C:\Program Files\Debugging Tools for Windows (x64)
2021-05-07 12:34 - 2020-11-14 15:27 - 000000000 ____D C:\Program Files\Application Verifier (x64)
2021-05-07 12:34 - 2020-11-14 15:27 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2021-05-07 12:34 - 2020-11-14 04:15 - 000000000 ____D C:\Program Files (x86)\Western Digital
2021-05-07 12:34 - 2020-10-27 07:06 - 000000000 ____D C:\Program Files (x86)\Baidu WiFiHotspot
2021-05-07 12:34 - 2020-10-24 16:26 - 000000000 ____D C:\Program Files\BlueStacks
2021-05-07 12:34 - 2020-10-15 11:47 - 000000000 ____D C:\Program Files\Kodi
2021-05-07 12:34 - 2020-10-06 10:37 - 000000000 ____D C:\adb
2021-05-07 12:34 - 2020-09-27 22:55 - 000000000 ____D C:\Program Files\iolo technologies
2021-05-07 12:34 - 2020-09-24 12:30 - 000000000 ____D C:\Program Files\qBittorrent
2021-05-07 12:34 - 2019-06-30 07:56 - 000000000 ____D C:\Program Files\HitmanPro
2021-05-07 12:34 - 2019-06-30 07:40 - 000000000 ____D C:\Program Files\HijackThis
2021-05-07 12:34 - 2019-06-26 12:04 - 000000000 ____D C:\Program Files\Bonjour
2021-05-07 12:34 - 2019-06-26 12:04 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-05-07 12:34 - 2019-06-14 21:57 - 000000000 ____D C:\Program Files\Npcap
2021-05-07 12:34 - 2019-05-27 13:54 - 000000000 ____D C:\Program Files (x86)\Browny02
2021-05-07 12:34 - 2019-05-27 13:54 - 000000000 ____D C:\Program Files (x86)\Brother
2021-05-07 12:34 - 2019-05-27 13:54 - 000000000 ____D C:\Brother
2021-05-07 12:34 - 2019-05-20 01:34 - 000000000 ____D C:\Program Files (x86)\Google
2021-05-07 12:34 - 2019-05-19 18:46 - 000000000 ____D C:\Program Files (x86)\HP
2021-05-07 12:34 - 2019-05-18 04:21 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-05-07 12:34 - 2019-05-17 15:53 - 000000000 ____D C:\Program Files\NON MS
2021-05-07 12:34 - 2019-05-17 09:54 - 000000000 ____D C:\Program Files\Process Hacker
2021-05-07 12:34 - 2019-05-16 22:47 - 000000000 ____D C:\APPS portable
2021-05-07 12:34 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-05-07 12:34 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\MSBuild
2021-05-07 12:34 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-05-07 12:34 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-05-07 12:34 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files (x86)\Windows NT
2021-05-07 12:32 - 2021-03-04 04:09 - 000000000 ____D C:\Users\My PC\Downloads\TurboTax Home & Business 2020 v43.07.113 + Crack
2021-05-07 12:31 - 2020-09-14 20:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-07 12:31 - 2020-09-05 17:08 - 000000000 ____D C:\Users\My PC\Downloads\BUY-SELL
2021-05-07 12:31 - 2019-06-26 03:33 - 000000000 ____D C:\Users\My PC\Downloads\APPS-INSTALLED
2021-05-07 12:30 - 2020-11-11 18:13 - 000000000 ____D C:\ProgramData\adaware
2021-05-07 12:30 - 2020-10-24 16:26 - 000000000 ____D C:\ProgramData\BlueStacks
2021-05-07 12:30 - 2020-09-15 05:43 - 000000000 ____D C:\Program Files\NoVirusThanks
2021-05-07 12:30 - 2020-09-05 12:14 - 000000000 ____D C:\Program Files\VS Revo Group
2021-05-07 12:30 - 2019-06-22 08:48 - 000000000 ____D C:\Program Files\VideoLAN
2021-05-07 12:30 - 2019-06-16 04:17 - 000000000 ____D C:\Program Files\Vivaldi
2021-05-07 12:30 - 2019-06-02 12:29 - 000000000 ____D C:\ProgramData\Adobe
2021-05-07 12:29 - 2020-11-14 15:26 - 000000000 ____D C:\Program Files\Microsoft SDKs
2021-05-07 12:29 - 2019-05-29 01:06 - 000000000 ____D C:\Program Files\LibreOffice
2021-05-07 12:28 - 2020-11-29 15:06 - 000000000 ____D C:\Program Files\GIMP 2
2021-05-07 12:28 - 2020-09-06 15:52 - 000000000 ____D C:\Program Files\HP
2021-05-07 12:28 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-05-07 12:27 - 2021-03-03 14:55 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2021-05-07 12:27 - 2021-01-05 15:18 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-05-07 12:27 - 2020-10-27 19:13 - 000000000 ____D C:\Program Files (x86)\Java
2021-05-07 12:27 - 2019-05-16 22:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-07 12:27 - 2019-05-16 22:18 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-05-07 12:27 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-05-07 12:25 - 2019-06-02 12:31 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-05-07 11:38 - 2019-05-16 19:58 - 000000000 ____D C:\Users\My PC
2021-05-06 14:06 - 2020-09-15 09:31 - 000000000 ____D C:\Users\My PC\AppData\Local\CrashDumps
2021-05-05 04:11 - 2021-02-19 17:10 - 000002244 _____ C:\Users\My PC\Downloads\2,19 grocery list.txt
2021-05-03 13:02 - 2019-12-21 01:00 - 000000811 _____ C:\Users\My PC\AppData\Local\Perfmon.PerfmonCfg
2021-04-27 01:03 - 2020-09-22 00:16 - 000000000 ____D C:\Users\Virus_TestUser\AppData\Local\Adobe
2021-04-25 17:54 - 2021-03-18 01:05 - 000000000 ____D C:\Users\My PC\Downloads\A_BIKINI PREP
2021-04-25 12:55 - 2019-06-13 02:39 - 000000000 ____D C:\Users\My PC\Downloads\PHOTOS
2021-04-24 22:09 - 2009-07-13 22:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-04-24 04:49 - 2021-04-06 05:32 - 000000000 ____D C:\Users\My PC\Downloads\A_MISSY
2021-04-23 18:53 - 2021-01-16 14:04 - 000000000 ____D C:\Users\My PC\Downloads\Vivaldi Captures
2021-04-21 13:14 - 2020-09-22 00:10 - 000649520 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-20 14:07 - 2019-12-15 13:55 - 000000000 ____D C:\Windows\pss
2021-04-20 00:14 - 2011-04-08 01:24 - 000000000 ____D C:\Users\Owner
2021-04-19 20:59 - 2020-09-22 00:28 - 000000000 ____D C:\Users\Virus_TestUser\AppData\Roaming\Process Hacker
2021-04-19 20:50 - 2020-11-28 18:25 - 000000000 ____D C:\434b80f2ac194786d5a808f8
2021-04-12 13:16 - 2021-02-15 07:03 - 000001456 _____ C:\Users\My PC\Downloads\Add2Calendar(1).csv - Shortcut.lnk
2021-04-12 13:16 - 2021-02-15 07:03 - 000001429 _____ C:\Users\My PC\Downloads\Add2Calendar.csv - Shortcut.lnk
2021-04-10 16:43 - 2019-05-31 20:16 - 000002322 ____H C:\Users\My PC\Downloads\.picasa.ini
2021-04-10 16:41 - 2019-05-31 20:16 - 000000000 ___HD C:\Users\My PC\Downloads\.picasaoriginals
==================== Files in the root of some directories ========
2019-05-17 15:47 - 2011-12-13 13:55 - 000000184 _____ () C:\Program Files\autorun.inf
2019-05-17 15:49 - 2019-04-30 18:57 - 000407742 _____ () C:\Program Files\bootmgr
2019-05-17 15:49 - 2019-04-30 18:57 - 001256968 _____ (Microsoft Corporation) C:\Program Files\bootmgr.efi
2019-05-17 15:48 - 2012-10-02 04:41 - 000216704 _____ (Microsoft Corporation) C:\Program Files\setup.exe
2019-06-01 01:14 - 2020-11-25 18:02 - 000320181 ___SH () C:\Users\My PC\AppData\Roaming\wfrhehc
2019-05-31 18:15 - 2019-07-04 21:07 - 000000027 _____ () C:\Users\My PC\AppData\Local\.sdpl-system-config4
2015-06-05 00:01 - 2015-06-05 00:01 - 000000000 _____ () C:\Users\My PC\AppData\Local\GDI2.DAT
2019-12-21 01:00 - 2021-05-03 13:02 - 000000811 _____ () C:\Users\My PC\AppData\Local\Perfmon.PerfmonCfg
2020-11-29 15:48 - 2020-11-29 15:48 - 000000924 _____ () C:\Users\My PC\AppData\Local\recently-used.xbel
2019-05-17 03:34 - 2021-03-10 05:06 - 000007616 _____ () C:\Users\My PC\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
ATTENTION: ==> Could not access BCD. ->
LastRegBack: 2019-05-16 20:47
==================== End of FRST.txt ========================