Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions


MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.


Unread postby CaliGurl » May 9th, 2021, 5:18 am

Hi there,
Highly suspect I'm being spied on by a creepy ex-roommate.
I've suspected for a long time, due to on/off again lagging, after which I would do some digging (I've used ever tool avail I think, but mostly Sysinternals Process Explorer) & find unrecognizable activity, A LOT of which refers to RPC/remote desktop/manifests/synchronous copies/VSS/loading-unloading/deleting logs after it's done.
I was going to put off doing this, hoping to get a new laptop soon, however yesterday by accident I was logged into my eBay account & after tooling around found page of logins w/device type, and noticed a LINUX LOGIN. The creepy roommate was ON LINUX. After that initial login, a succession of "unspecified device" logins (or something like that, can't remember exact words but basically whomever was hacking my account learned how to ghost their system details).
My gut feeling - he's polluted my system with some kind of malware which has infected many points.
He was pretty well-versed in IT (since that's all he did, all day, every day) & I suspect (only) he loaded something via USB or maybe even somehow via our wireless, which is autorunning and somehow either sending an image to the print spooler (WMI / powershell), also some strange virtual disk activity, and a partition I don't remember creating (might be used for cache).
I've opened a lot of dll's mui files etc in notepad & while mostly mumble jumble, super suspicious - since I have a standalone PC (of course I connect to the internet, but nobody shares my network or devices).
Also, I was very lazy back then - logged in as admin, left PC on, long delay for password to kick in.
ALSO WORTH MENTIONING - due to my increasing level of paranoia, I turned off many/if not all uneeded services.
Let me know if I need to turn back on/rerun reports.
I REALLY REALLY REALLY APPRECIATE THIS FORUM, AND YOUR HELP! I have prob spent 50+ hours tooling around, reading articles on digital forensics, prob have downloaded at least half dozen apps by now ... to no avail. SO GRATEFUL FOR YOU GUYS! THANK YOU!!!!
*PS. only FRST .txt doc fit, so attached Addition.txt per instructions. THANK YOU!*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2021 01
Ran by My PC (administrator) on MYPC-PC (Hewlett-Packard HP Pavilion g4 Notebook PC) (09-05-2021 01:23:43)
Running from C:\Users\My PC\Downloads
Loaded Profiles: My PC & Virus_TestUser
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Baidu Online Network Technology (Beijing) Co.,Ltd. -> Baidu, Inc.) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe
(June Fabrics Technology Inc. -> ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\My PC\Downloads\ProcessExplorer\procexp64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3657560 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-872009499-554787128-1037911315-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-872009499-554787128-1037911315-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Windows x64\Print Processors\hpcpp103: C:\Windows\System32\spool\prtprocs\x64\hpcpp103.dll [323584 2010-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [54944 2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP 0053 Status Monitor: C:\Windows\system32\hpinksts0053LM.dll [485048 2016-10-14] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2600 series): C:\Windows\system32\HPDiscoPM0053.dll [983176 2018-04-17] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\LIDIL hpzllwn7: C:\Windows\system32\hpzllwn7.dll [51712 2009-07-13] (Microsoft Windows -> Hewlett-Packard Company)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2011-03-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\Software\...\Authentication\Credential Providers: [AutorunsDisabled] ->
Startup: C:\Users\My PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2020-10-15]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
GroupPolicyUsers\S-1-5-21-872009499-554787128-1037911315-1001\User: Restriction <==== ATTENTION
Policies: C:\Users\My PC\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Virus_TestUser\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {04D9F079-7FB1-4D0F-B965-8BD52BD7B33D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive -> No File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService -> No File <==== ATTENTION
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> No File <==== ATTENTION
Task: {38395E21-0897-4D82-86B7-9809101C4349} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor -> No File <==== ATTENTION
Task: {4C9C130E-739D-43FF-BFBA-9DCA9555A714} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask -> No File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> No File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask -> No File <==== ATTENTION
Task: {6FA42F62-7EA3-477B-A24E-669EE8E9FCAA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> No File <==== ATTENTION
Task: {783A069B-B0F3-49C1-9D45-5C22787CED8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask -> No File <==== ATTENTION
Task: {7B347AEE-DB5C-4781-87F8-C5DDCC6C6AA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {941BE6E6-04FB-444C-BADD-BDC0FBE4AC0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost -> No File <==== ATTENTION
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam -> No File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader -> No File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager -> No File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {C0E0A229-DDCB-4EE5-8F68-BB7F3A6CBB95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {C3803321-5B5F-4C10-9141-14D503A10B0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {C41BEFA0-2512-40AF-9D50-7C3EB60A0D15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D42AED48-1E50-450E-AAA1-821734ADFB09}: [DhcpNameServer]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

FF DefaultProfile: zzxfwcgm.default
FF ProfilePath: C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\zzxfwcgm.default [2020-12-29]
FF ProfilePath: C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release [2021-05-09]
FF Extension: (Pinterest Overlay Killer) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\@pinterestoverlaykiller.xpi [2020-12-31]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\firefox@ghostery.com.xpi [2021-05-08]
FF Extension: (HTTPS Everywhere) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\https-everywhere@eff.org.xpi [2021-04-26]
FF Extension: (Privacy Badger) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-02-14]
FF Extension: (IDM Integration Module) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2021-03-05]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2020-12-31]
FF Extension: (LastPass: Free Password Manager) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\support@lastpass.com.xpi [2021-05-06]
FF Extension: (Tab Session Manager) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\65tj7d6v.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2021-04-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2021-05-07] [Legacy] [not signed]
FF HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\My PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\My PC\AppData\Roaming\IDM\idmmzcc5 [2021-01-26] [Legacy] [not signed]
FF HKU\S-1-5-21-872009499-554787128-1037911315-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version= -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-07-31] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-10-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

VIV Profile: C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice [2021-05-08] <==== ATTENTION
VIV HomePage: bernice -> vivaldi://startpage
VIV Extension: (Adobe Acrobat) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-28]
VIV Extension: (LastPass: Free Password Manager) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-04-28]
VIV Extension: (Otto – Pomodoro timer and website blocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\jbojhemhnilgooplglkfoheddemkodld [2021-04-28]
VIV Extension: (Fair AdBlocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2021-04-28]
VIV Extension: (Privacy Badger) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\bernice\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-04-28]
VIV Profile: C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default [2021-05-09]
VIV DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
VIV DefaultSearchKeyword: Default -> duckduckgo.com
VIV DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
VIV DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
VIV Extension: (Session Buddy) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2021-05-07]
VIV Extension: (Adobe Acrobat) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-05-07]
VIV Extension: (LastPass: Free Password Manager) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-05-07]
VIV Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-05-07]
VIV Extension: (Privacy Badger) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-05-07]
VIV Profile: C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile [2021-05-08] <==== ATTENTION
VIV Extension: (Session Buddy) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-11-12]
VIV Extension: (Adobe Acrobat) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-08]
VIV Extension: (Blur) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2021-04-05]
VIV Extension: (Pinterest Save Button) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-04-23]
VIV Extension: (Todoist for Chrome) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2021-04-19]
VIV Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-02-27]
VIV Extension: (Privacy Badger) - C:\Users\My PC\AppData\Local\Vivaldi\User Data\OldVivaldiProfile\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2021-02-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-06-30] (SurfRight B.V. -> SurfRight B.V.)
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> )
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [319320 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 76736615; C:\Windows\system32\drivers\76736615.sys [255928 2020-10-23] (Malwarebytes Corporation -> Malwarebytes)
R3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2019-08-12] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-08-18] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-05-16] (Martin Malik - REALiX -> REALiX(tm))
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [43088 2014-08-14] (Mainline Net Holdings Limited -> NT Kernel Resources)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [216184 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [550912 2019-05-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S4 tap-pia-0901; C:\Windows\System32\DRIVERS\tap-pia-0901.sys [29416 2018-08-27] (WDKTestCert kim,131775960494491927 -> The OpenVPN Project) [File not signed]
S4 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-01-30] (The OpenVPN Project) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-02-19] (Adlice -> )
R1 wdfsconnect2017; C:\Windows\system32\drivers\wdfsconnect2017.sys [468096 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 wdvpnpbus; C:\Windows\System32\DRIVERS\wdvpnpbus.sys [20608 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S0 58592667; system32\drivers\01987930.sys [X]
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-09 01:05 - 2021-05-09 01:05 - 000001359 _____ C:\Users\My PC\Desktop\MRINFO.EXE - Shortcut.lnk
2021-05-09 01:05 - 2021-05-09 01:05 - 000000862 _____ C:\Users\My PC\Desktop\msctf.dll - Shortcut.lnk
2021-05-09 00:49 - 2021-05-09 00:49 - 002298880 _____ (Farbar) C:\Users\My PC\Downloads\FRST64(1).exe
2021-05-09 00:24 - 2021-05-09 00:34 - 000001372 _____ C:\Windows\Sandboxie.ini
2021-05-09 00:24 - 2021-05-09 00:23 - 000000896 _____ C:\Users\My PC\Desktop\Sandboxed Web Browser.lnk
2021-05-09 00:23 - 2021-05-09 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-05-09 00:18 - 2021-05-09 00:18 - 063319765 _____ C:\Users\My PC\Documents\DeviceDisplayObjectProvider.dmp
2021-05-09 00:14 - 2021-05-09 00:14 - 016424799 _____ C:\Users\My PC\Documents\csrss.dmp
2021-05-08 22:32 - 2021-05-08 22:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-05-08 22:30 - 2021-05-08 22:30 - 000333096 _____ (Mozilla) C:\Users\My PC\Downloads\Firefox Installer(2).exe
2021-05-08 18:46 - 2021-05-08 18:46 - 000109166 _____ C:\Users\My PC\Downloads\VAPE COUPON.pdf
2021-05-08 18:12 - 2021-05-08 18:12 - 000179947 _____ C:\Users\My PC\Documents\CantChgPermissions.odt
2021-05-08 15:51 - 2021-05-08 15:52 - 000000992 _____ C:\Users\My PC\Downloads\Add-Restore_Security_Tab.reg
2021-05-08 14:42 - 2021-05-08 14:44 - 000000000 ____D C:\Users\My PC\Documents\REG SUSP
2021-05-08 14:18 - 2021-05-08 14:18 - 012612953 _____ C:\Users\My PC\Documents\lsm.dmp
2021-05-08 14:16 - 2021-05-09 00:04 - 018404761 _____ C:\Users\My PC\Documents\winlogon.dmp
2021-05-08 04:59 - 2021-05-08 05:00 - 000136262 _____ C:\TDSSKiller.
2021-05-08 04:55 - 2021-05-08 04:55 - 000000000 __SHD C:\found.008
2021-05-08 04:48 - 2021-05-08 04:49 - 000136112 _____ C:\TDSSKiller.
2021-05-08 04:47 - 2021-05-08 04:47 - 002218636 _____ C:\Users\My PC\Downloads\tdsskiller.zip
2021-05-08 04:47 - 2021-05-08 04:47 - 000000000 ____D C:\Users\My PC\Downloads\tdsskiller
2021-05-08 04:26 - 2021-05-08 04:26 - 000255928 _____ (Malwarebytes) C:\Users\My PC\Downloads\76736615.sys
2021-05-08 03:46 - 2021-05-08 03:46 - 042655262 _____ C:\Users\My PC\Documents\installer.DMP
2021-05-08 03:40 - 2021-05-08 03:40 - 000555556 _____ C:\Users\My PC\Documents\comsysapp.DMP
2021-05-07 22:01 - 2021-05-07 22:01 - 212883403 _____ C:\Users\My PC\Documents\explorer.exe2.DMP
2021-05-07 22:00 - 2021-05-07 22:00 - 032055768 _____ C:\Users\My PC\Documents\explorer.exe1.DMP
2021-05-07 21:29 - 2021-05-07 23:55 - 000000000 ____D C:\Users\My PC\Documents\NEW AUTORUNS
2021-05-07 21:29 - 2021-05-07 21:29 - 005825970 _____ C:\Users\My PC\Documents\NEW AUTORUNS.arn
2021-05-07 20:57 - 2021-05-07 20:57 - 005845094 _____ C:\Users\My PC\Documents\PreNWAutoruns.arn
2021-05-07 15:28 - 2021-05-07 15:28 - 000004135 _____ C:\Users\My PC\Downloads\Invoice_Jan-16-21_Feb-14-21 (1).html.gz
2021-05-07 15:26 - 2021-05-07 15:26 - 000004958 _____ C:\Users\My PC\Downloads\Invoice_Nov-16-20_Dec-14-20.html.gz
2021-05-07 15:26 - 2021-05-07 15:26 - 000004135 _____ C:\Users\My PC\Downloads\Invoice_Jan-16-21_Feb-14-21.html.gz
2021-05-07 15:25 - 2021-05-07 15:25 - 000005379 _____ C:\Users\My PC\Downloads\Invoice_Dec-16-20_Jan-14-21.html.gz
2021-05-07 15:12 - 2021-05-07 15:12 - 000002080 _____ C:\Users\My PC\Downloads\Invoice_Dec-16-20_Jan-15-21.csv
2021-05-07 15:11 - 2021-05-07 15:11 - 000001073 _____ C:\Users\My PC\Downloads\Invoice_Jan-16-21_Feb-15-21.csv
2021-05-07 15:10 - 2021-05-07 15:10 - 000216061 _____ C:\Users\My PC\Downloads\Financial Statement-Feb-19-21 (1).pdf
2021-05-07 14:53 - 2021-05-07 14:53 - 000213907 _____ C:\Users\My PC\Downloads\Financial Statement-Jan-18-21.pdf
2021-05-07 14:52 - 2021-05-07 14:53 - 000216061 _____ C:\Users\My PC\Downloads\Financial Statement-Feb-19-21.pdf
2021-05-07 14:52 - 2021-05-07 14:52 - 000245188 _____ C:\Users\My PC\Downloads\Financial Statement-Mar-19-21.pdf
2021-05-07 14:51 - 2021-05-07 14:51 - 000245193 _____ C:\Users\My PC\Downloads\Financial Statement-Apr-17-21.pdf
2021-05-06 20:45 - 2021-05-06 20:45 - 000605969 _____ C:\Users\My PC\Downloads\2020_TaxReturn (1).pdf
2021-05-06 17:40 - 2021-05-06 17:40 - 000612795 _____ C:\Users\My PC\Downloads\2020_TaxReturn.pdf
2021-05-06 07:48 - 2021-05-06 07:48 - 000944117 _____ C:\Users\My PC\Downloads\rotorooter.htm
2021-05-06 07:48 - 2021-05-06 07:48 - 000000000 ____D C:\Users\My PC\Downloads\rotorooter_files
2021-05-06 04:35 - 2021-05-06 04:35 - 000045882 _____ C:\Users\My PC\Downloads\2020 Individual Tax Return Tax Plan.pdf
2021-05-05 21:45 - 2021-05-05 20:11 - 000000178 _____ C:\Users\My PC\Documents\status[1]
2021-05-05 21:45 - 2021-05-05 09:34 - 000006766 _____ C:\Users\My PC\Documents\dnserrordiagoff_webOC[1]
2021-05-05 21:45 - 2021-05-05 09:34 - 000002168 _____ C:\Users\My PC\Documents\ErrorPageTemplate[1]
2021-05-05 21:43 - 2021-05-05 20:11 - 000000806 _____ C:\Users\My PC\Documents\shepherd_ff_avast_com[1].txt
2021-05-05 00:44 - 2021-05-05 00:44 - 000000000 ____D C:\Users\My PC\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2021-05-05 00:03 - 2021-05-05 00:03 - 000622562 _____ C:\Users\My PC\Documents\svchostpluplaypowerwmiprvse.dmp
2021-05-04 17:20 - 2021-05-04 17:20 - 005653352 _____ C:\Users\My PC\Documents\MYPC-PCnetwork safe.arn
2021-05-04 17:20 - 2021-05-04 17:20 - 000254216 _____ C:\Users\My PC\Documents\ctfmon.dmp
2021-05-04 17:12 - 2021-05-04 17:12 - 000000400 _____ C:\Users\My PC\Desktop\TODAY SAVED.txt
2021-05-03 14:04 - 2021-05-03 14:04 - 000000000 ____D C:\Users\My PC\Downloads\Turo_data_export_20210503
2021-05-03 14:03 - 2021-05-03 14:03 - 014156819 _____ C:\Users\My PC\Downloads\Turo_data_export_20210503.zip
2021-05-03 12:51 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Downloads\volatility_2.6_win64_standalone
2021-05-03 12:50 - 2021-05-03 12:50 - 015565657 _____ C:\Users\My PC\Downloads\volatility_2.6_win64_standalone.zip
2021-05-03 12:42 - 2021-05-03 12:42 - 000218944 _____ C:\Users\My PC\Documents\conhost1.dmp
2021-05-03 12:41 - 2021-05-03 12:42 - 017953814 _____ C:\Users\My PC\Documents\conhost.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424909 _____ C:\Users\My PC\Documents\rundll325.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424685 _____ C:\Users\My PC\Documents\rundll322.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424541 _____ C:\Users\My PC\Documents\rundll323.dmp
2021-05-03 12:41 - 2021-05-03 12:41 - 000424525 _____ C:\Users\My PC\Documents\rundll324.dmp
2021-05-03 12:40 - 2021-05-03 12:40 - 000423629 _____ C:\Users\My PC\Documents\rundll321.dmp
2021-05-03 12:30 - 2021-05-03 12:30 - 000000000 ____D C:\Users\My PC\Downloads\getservices
2021-05-03 12:21 - 2021-05-03 12:21 - 000130337 _____ C:\Users\My PC\Downloads\getservices.zip
2021-05-03 11:30 - 2021-05-03 11:30 - 000000000 ____D C:\Users\My PC\Documents\ROGUEKILLER
2021-05-01 11:45 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Downloads\cports-x64
2021-05-01 11:44 - 2021-05-01 11:44 - 000131251 _____ C:\Users\My PC\Downloads\cports-x64.zip
2021-05-01 11:11 - 2021-05-01 11:11 - 006433958 _____ C:\Users\My PC\Downloads\snort3_demo-
2021-05-01 03:06 - 2021-05-01 03:06 - 000000000 ____D C:\Users\My PC\Downloads\Operation-Legend-Social-Squares
2021-05-01 03:04 - 2021-05-01 03:05 - 062027426 _____ C:\Users\My PC\Downloads\Reparations-Now-Toolkit-FINAL.pdf
2021-05-01 03:04 - 2021-05-01 03:04 - 001925653 _____ C:\Users\My PC\Downloads\Operation-Legend-Social-Squares.zip
2021-05-01 03:03 - 2021-05-01 03:03 - 005668234 _____ C:\Users\My PC\Downloads\04-End-the-War-on-Black-Trans-Gender-Nonconforming-and-Intersex-People.pdf
2021-05-01 03:02 - 2021-05-01 03:02 - 000465138 _____ C:\Users\My PC\Downloads\2020-6-10_M4BLCLEAR_FBIEncounters_FINAL.pdf
2021-04-30 15:04 - 2021-04-30 15:13 - 000000000 ____D C:\Users\My PC\Downloads\PHOTOS _SAVE SOCIALMEDIAPOST
2021-04-30 15:04 - 2021-04-30 15:04 - 000000000 ____D C:\Users\My PC\Downloads\New folder
2021-04-29 13:15 - 2021-04-29 13:15 - 000000000 __SHD C:\found.007
2021-04-28 02:58 - 2021-04-29 12:02 - 000000069 _____ C:\Users\My PC\Downloads\todotoday.txt
2021-04-28 00:13 - 2021-04-28 00:13 - 005751422 _____ C:\Users\My PC\Documents\MYPC-PC1.arn
2021-04-27 23:38 - 2021-04-27 23:38 - 002700493 _____ C:\Users\My PC\Downloads\25-Amazing-and-Disturbing-Facts-about-the-Hidden-History-of-Medicine (1).pdf
2021-04-27 22:52 - 2021-04-27 22:52 - 002700493 _____ C:\Users\My PC\Downloads\25-Amazing-and-Disturbing-Facts-about-the-Hidden-History-of-Medicine.pdf
2021-04-27 17:37 - 2021-05-09 00:30 - 026592124 _____ C:\Users\My PC\Documents\dllhost.dmp
2021-04-27 13:30 - 2021-04-27 13:30 - 000226095 _____ C:\Users\My PC\Downloads\WmiExplorer_2.0.0.2.zip
2021-04-27 12:11 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Documents\Misc receipts file
2021-04-26 17:47 - 2021-04-26 17:47 - 000000000 ____D C:\Users\My PC\AppData\Roaming\4kdownload.com
2021-04-26 17:38 - 2021-04-26 17:38 - 000858909 _____ C:\Users\My PC\Downloads\eo_2020-63.pdf
2021-04-26 17:37 - 2021-04-26 17:37 - 001210410 _____ C:\Users\My PC\Downloads\eo_2020-61.pdf
2021-04-26 17:35 - 2021-04-26 17:35 - 001363642 _____ C:\Users\My PC\Downloads\eo_2021-02.pdf
2021-04-26 17:34 - 2021-04-26 17:35 - 001237284 _____ C:\Users\My PC\Downloads\eo_2021-09.pdf
2021-04-26 17:34 - 2021-04-26 17:34 - 000807951 _____ C:\Users\My PC\Downloads\eo_2021-03.pdf
2021-04-26 17:11 - 2021-05-07 12:32 - 000000000 ____D C:\Users\My PC\Downloads\4K Video Downloader (Repack & Portable) {B4tman}
2021-04-26 16:29 - 2021-04-26 16:29 - 000081426 _____ C:\Users\My PC\Downloads\QRestore1.0.zip
2021-04-26 11:54 - 2021-04-26 11:57 - 000977344 _____ (WinZip Computing) C:\Users\My PC\Downloads\winzip25-p003.exe
2021-04-26 11:42 - 2021-04-26 11:42 - 000000000 ____D C:\Users\My PC\Downloads\The Reality Revolution by Brian Scott EPUB
2021-04-26 11:28 - 2021-05-07 12:35 - 000000000 ____D C:\Users\My PC\Downloads\4K Video Downloader 4.4.7 - SeuPirate-288
2021-04-26 08:35 - 2021-04-26 08:35 - 001179133 _____ C:\Users\My PC\Downloads\treatment-guidelines-candidiasis.pdf
2021-04-26 08:04 - 2021-04-26 11:29 - 000001348 _____ C:\Users\My PC\Downloads\Fungus Cancer.txt
2021-04-26 04:15 - 2021-04-26 04:15 - 000179466 _____ C:\Users\My PC\Downloads\admin-candidiasis-an-important-opportunistic-mycosis-of-global-public-health-concern.pdf
2021-04-25 13:01 - 2021-04-25 13:01 - 000001818 _____ C:\Users\My PC\Downloads\VERACRUZ FISH HOUSE SERVER JOB SUMMARY.txt
2021-04-24 14:10 - 2021-04-24 14:10 - 000383780 _____ C:\Users\My PC\Documents\WmiApSrv.dmp
2021-04-24 11:53 - 2021-05-05 03:56 - 3680501760 _____ C:\Users\My PC\Downloads\Tarot.iso
2021-04-24 11:52 - 2021-04-24 11:53 - 000000000 ____D C:\Users\My PC\Downloads\Tarot Books
2021-04-24 11:51 - 2021-04-24 11:51 - 000000000 ____D C:\Users\My PC\Downloads\Parallel Universes of Self by Frederick E. Dodson EPUB
2021-04-23 10:59 - 2021-04-23 11:00 - 000817936 _____ C:\Users\My PC\Downloads\Danger posed by earthquake fault will lead to tighter San Diego building restrictions - The San Diego Union-Tribune.pdf
2021-04-23 01:52 - 2021-04-23 01:52 - 000167220 _____ C:\Users\My PC\Downloads\EdwinJohnRohr.pdf
2021-04-21 15:59 - 2021-04-21 15:59 - 000000000 _____ C:\Users\My PC\Downloads\LibreOffice_7.1.2_Win_x64.msi
2021-04-21 13:47 - 2021-04-21 13:47 - 000120942 _____ C:\Users\My PC\Downloads\Confidential Client Information COMPLETE1.pdf
2021-04-21 13:17 - 2021-04-21 13:47 - 000550187 _____ C:\Users\My PC\Downloads\Confidential Client Information COMPLETE.pdf
2021-04-21 12:51 - 2021-04-29 17:53 - 000000196 _____ C:\Users\My PC\Downloads\TODODS.txt
2021-04-21 11:09 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-04-21 11:09 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files\7-Zip
2021-04-21 09:18 - 2021-05-07 12:35 - 000000000 ____D C:\Users\My PC\Downloads\DIANNE_THERAPY
2021-04-20 15:51 - 2021-04-20 15:51 - 000104166 _____ C:\Users\My PC\Downloads\4.21 Forum AARP ban anti vaxxers.txt
2021-04-20 15:50 - 2021-04-20 15:50 - 000106361 _____ C:\Users\My PC\Downloads\CLAMWIN REPORT.txt
2021-04-19 20:27 - 2021-04-19 20:27 - 012391064 _____ C:\Users\My PC\Downloads\371979196-US-PATENT-Therapeutic-Behavior-Modification-Program.pdf
2021-04-19 18:58 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2021-04-19 18:58 - 2021-04-19 18:58 - 000000000 ____D C:\Users\My PC\AppData\Roaming\.clamwin
2021-04-19 18:57 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\ClamWin
2021-04-19 18:57 - 2021-04-19 18:57 - 000000000 ____D C:\ProgramData\.clamwin
2021-04-19 15:35 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2021-04-19 15:35 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2021-04-19 15:34 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2021-04-19 15:34 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2021-04-19 15:33 - 2021-04-19 15:33 - 000000000 ____D C:\Windows\PCHEALTH
2021-04-19 15:31 - 2021-05-07 12:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-19 15:31 - 2021-05-07 12:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-04-19 15:30 - 2021-05-07 12:25 - 000000000 __RHD C:\MSOCache
2021-04-19 13:32 - 2021-04-19 17:55 - 000000000 ____D C:\Users\My PC\Downloads\A_POSTCARD
2021-04-19 12:46 - 2021-04-19 12:46 - 000025532 _____ C:\Users\My PC\Downloads\KIMBERLY-NAVARRO---Label.pdf
2021-04-18 21:12 - 2021-04-18 21:12 - 000000135 _____ C:\Users\My PC\Downloads\postcard.txt
2021-04-18 15:01 - 2021-04-18 15:01 - 002727018 _____ C:\Users\My PC\Downloads\Report ENGLISH.pdf
2021-04-18 14:44 - 2021-04-18 14:44 - 002708972 _____ C:\Users\My PC\Downloads\Report.pdf
2021-04-18 14:39 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2021-04-18 14:39 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2021-04-18 14:39 - 2021-04-18 14:39 - 000001031 _____ C:\Users\Virus_TestUser\Desktop\WinDirStat.lnk
2021-04-18 14:39 - 2021-04-18 14:39 - 000001031 _____ C:\Users\My PC\Desktop\WinDirStat.lnk
2021-04-18 14:39 - 2021-04-18 14:39 - 000000000 ____D C:\Users\My PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2021-04-18 14:37 - 2021-04-18 14:41 - 172661090 _____ (alch ) C:\Users\My PC\Downloads\clamwin-0.99.4-setup.exe
2021-04-18 14:36 - 2021-04-18 14:37 - 000645729 _____ (WDS Team) C:\Users\My PC\Downloads\windirstat1_1_2_setup.exe
2021-04-16 11:47 - 2021-04-16 11:47 - 000288596 _____ C:\Users\My PC\Downloads\Asymptomatic_antrolith_in_maxillary_sinus_Report_o.pdf
2021-04-16 10:16 - 2021-05-07 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DicomWorks
2021-04-16 10:16 - 2021-05-07 12:34 - 000000000 ____D C:\Program Files (x86)\DicomWorks
2021-04-16 10:16 - 2021-04-16 10:16 - 000001917 _____ C:\Users\Virus_TestUser\Desktop\DicomWorks 1.3.5.lnk
2021-04-16 10:16 - 2021-04-16 10:16 - 000001917 _____ C:\Users\My PC\Desktop\DicomWorks 1.3.5.lnk
2021-04-16 10:14 - 2021-04-16 10:14 - 006085090 _____ C:\Users\My PC\Downloads\microdicom-3.8.1-x64.zip
2021-04-16 10:13 - 2021-04-16 10:13 - 006007017 _____ C:\Users\My PC\Downloads\dicomworks_135b.exe
2021-04-16 07:57 - 2021-04-16 07:58 - 000000000 ____D C:\Users\My PC\Downloads\TEST MISSY FILE UNZIP
2021-04-14 06:17 - 2021-04-14 06:17 - 000000000 _____ C:\Users\My PC\Downloads\lu2320b946b.tmp
2021-04-14 04:42 - 2021-04-14 04:42 - 000008646 _____ C:\Users\My PC\Downloads\funstuff parker.ods
2021-04-13 21:54 - 2021-04-13 21:54 - 249550913 _____ C:\Users\My PC\Downloads\missymissynewnew1.zip
2021-04-13 21:47 - 2021-04-13 21:47 - 000000000 ____D C:\Users\My PC\Downloads\MissyNavarro4.9.21
2021-04-13 21:46 - 2021-04-13 21:46 - 249550913 _____ C:\Users\My PC\Downloads\missymissynewnew.zip
2021-04-13 21:41 - 2021-04-13 21:41 - 249550657 _____ C:\Users\My PC\Downloads\MissyNavarroScans4.9.21.zip
2021-04-13 21:36 - 2021-04-13 21:36 - 000001769 _____ C:\Users\My PC\Downloads\mMISSYNEWNEW.wjf
2021-04-13 21:26 - 2021-04-13 21:26 - 249550913 _____ C:\Users\My PC\Downloads\missymissymissyy22
2021-04-13 19:03 - 2021-04-13 19:03 - 000000000 ____D C:\ProgramData\UniqueId
2021-04-13 19:01 - 2021-04-13 19:03 - 000977336 _____ (WinZip Computing) C:\Users\My PC\Downloads\winzip25-downwz.exe
2021-04-13 18:51 - 2021-04-13 18:51 - 000000000 ____D C:\Users\My PC\Desktop\eFilmLite
2021-04-13 18:50 - 2021-04-13 18:50 - 000000000 ____D C:\Users\My PC\Desktop\DICOM
2021-04-13 18:50 - 2021-04-09 17:57 - 000455234 ____R C:\Users\My PC\Desktop\DICOMDIR
2021-04-13 17:28 - 2021-04-13 17:28 - 000000335 _____ C:\Windows\system32\Drivers\etc\hosts111.txt
2021-04-13 17:23 - 2021-04-13 17:23 - 000000339 _____ C:\Windows\system32\Drivers\etc\hosts11.txt
2021-04-13 16:57 - 2021-04-13 16:57 - 000002037 _____ C:\Users\Public\Desktop\LightScribe.lnk
2021-04-13 16:57 - 2021-04-13 16:57 - 000002037 _____ C:\ProgramData\Desktop\LightScribe.lnk
2021-04-13 16:56 - 2021-05-07 12:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2021-04-13 15:30 - 2021-04-13 16:34 - 000000000 ____D C:\Users\My PC\Downloads\Nero Burning ROM 2017 18.0.00800 FINAL [TechTools.ME]
2021-04-13 13:59 - 2021-04-13 13:59 - 000000015 _____ C:\ProgramData\krosqm.txt
2021-04-13 13:56 - 2021-04-13 13:56 - 001481013 _____ (Igor Pavlov) C:\Users\My PC\Downloads\7z2101-x64.exe
2021-04-13 13:44 - 2021-04-13 13:49 - 000000000 ____D C:\Users\My PC\Downloads\Nero Express 2016 v17.0.8000 Multilanguage Portable[by Robert]
2021-04-12 13:22 - 2021-04-12 13:22 - 002224105 _____ C:\Users\My PC\Downloads\HappyBdayJill.zip
2021-04-11 22:53 - 2021-04-11 22:53 - 000435311 _____ C:\Users\My PC\Downloads\MIDSUMMERSNIGHTDREAM.pdf
2021-04-11 01:11 - 2021-04-11 01:11 - 000006634 _____ C:\Users\My PC\Downloads\2020 Taxes consent form.pdf
2021-04-10 16:41 - 2021-04-10 16:41 - 000073151 _____ C:\Users\My PC\Downloads\Studio_Project.jpeg
2021-04-10 16:15 - 2021-04-10 16:15 - 000840456 _____ C:\Users\My PC\Downloads\Studio_Project (1).jpeg
2021-04-10 16:00 - 2021-04-10 16:00 - 000704213 _____ C:\Users\My PC\Downloads\BLMbuysmansions.jpeg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-09 01:31 - 2019-05-17 12:49 - 000000000 ____D C:\Users\My PC\AppData\LocalLow\Mozilla
2021-05-09 01:30 - 2019-06-30 08:03 - 000023394 _____ C:\Users\My PC\Downloads\FRST.txt
2021-05-09 01:28 - 2019-06-30 08:03 - 000000000 ____D C:\FRST
2021-05-09 01:21 - 2019-05-17 15:09 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-09 00:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\registration
2021-05-09 00:23 - 2020-09-22 16:33 - 000000000 ____D C:\Program Files\Sandboxie
2021-05-09 00:12 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2021-05-08 22:32 - 2020-12-10 19:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-08 22:31 - 2021-02-15 20:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-08 22:31 - 2020-12-29 23:47 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-08 22:31 - 2020-12-29 23:47 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-05-08 22:31 - 2020-12-29 23:47 - 000000924 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-05-08 14:43 - 2020-09-05 13:34 - 000000374 _____ C:\Users\My PC\.vivaldi_reporting_data
2021-05-08 14:21 - 2021-01-03 00:01 - 285037395 _____ C:\Users\My PC\Documents\firefox.dmp
2021-05-08 13:19 - 2019-12-17 01:33 - 000000000 ____D C:\Windows\system32\Tasks\Event Viewer Tasks
2021-05-08 04:58 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-08 03:26 - 2009-07-13 21:45 - 000039440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-05-08 03:26 - 2009-07-13 21:45 - 000039440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-05-08 00:05 - 2021-04-05 23:33 - 000000439 _____ C:\Windows\system32\config\FileSharing.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000385255 _____ C:\Windows\system32\config\WindowsFirewallConfig.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000124706 _____ C:\Windows\system32\config\WcnInfo.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000055885 _____ C:\Windows\system32\config\WindowsFirewallEffectiveRules.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000010253 _____ C:\Windows\system32\config\Neighbors.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000001300 _____ C:\Windows\system32\config\Dns.txt
2021-05-07 22:17 - 2021-04-05 23:33 - 000000306 _____ C:\Windows\system32\config\netiostate.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000065019 _____ C:\Windows\system32\config\envinfo.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000020635 _____ C:\Windows\system32\config\WinsockCatalog.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000004760 _____ C:\Windows\system32\config\osinfo.txt
2021-05-07 22:16 - 2021-04-05 23:33 - 000002077 _____ C:\Windows\system32\config\adapterinfo.txt
2021-05-07 14:14 - 2020-12-05 18:01 - 000165424 _____ C:\Users\My PC\AppData\Local\GDIPFONTCACHEV1.DAT
2021-05-07 12:35 - 2021-03-25 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2021-05-07 12:35 - 2021-01-28 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Player
2021-05-07 12:35 - 2020-11-19 13:53 - 000000000 ____D C:\Program Files\Wireshark
2021-05-07 12:35 - 2020-11-17 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-05-07 12:35 - 2020-11-17 10:28 - 000000000 ____D C:\ProgramData\RogueKiller
2021-05-07 12:35 - 2020-11-14 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
2021-05-07 12:35 - 2020-11-14 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)
2021-05-07 12:35 - 2020-11-14 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
2021-05-07 12:35 - 2020-11-14 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
2021-05-07 12:35 - 2020-11-14 07:10 - 000000000 ____D C:\Program Files\WD Desktop App
2021-05-07 12:35 - 2020-10-29 09:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2021-05-07 12:35 - 2020-10-29 09:17 - 000000000 ____D C:\ProgramData\LGMOBILEAX
2021-05-07 12:35 - 2020-10-27 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-05-07 12:35 - 2020-10-27 07:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu WiFi Hotspot
2021-05-07 12:35 - 2020-10-15 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2021-05-07 12:35 - 2020-09-27 22:39 - 000000000 ____D C:\ProgramData\iolo technologies
2021-05-07 12:35 - 2020-09-24 12:30 - 000000000 ____D C:\Users\My PC\AppData\Roaming\qBittorrent
2021-05-07 12:35 - 2020-09-24 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-05-07 12:35 - 2020-09-22 01:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2021-05-07 12:35 - 2020-09-05 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-05-07 12:35 - 2020-09-04 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0
2021-05-07 12:35 - 2019-12-20 04:11 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-05-07 12:35 - 2019-12-20 02:03 - 000000000 ____D C:\Users\Virus_TestUser
2021-05-07 12:35 - 2019-06-30 07:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-05-07 12:35 - 2019-06-22 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-05-07 12:35 - 2019-05-30 04:52 - 000000000 ____D C:\ProgramData\SecTaskMan
2021-05-07 12:35 - 2019-05-27 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2021-05-07 12:35 - 2019-05-25 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2021-05-07 12:35 - 2019-05-19 18:55 - 000000000 ____D C:\ProgramData\Brother
2021-05-07 12:35 - 2019-05-19 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-05-07 12:35 - 2019-05-19 18:45 - 000000000 ____D C:\ProgramData\HP
2021-05-07 12:35 - 2019-05-19 15:19 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-07 12:35 - 2019-05-17 17:28 - 000000000 ____D C:\Users\My PC\AppData\Local\Microsoft Help
2021-05-07 12:35 - 2019-05-16 22:11 - 000000000 ____D C:\ProgramData\ProductData
2021-05-07 12:35 - 2019-05-16 22:09 - 000000000 ____D C:\ProgramData\IObit
2021-05-07 12:35 - 2011-04-12 01:17 - 000000000 ____D C:\Windows\system32\WCN
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Portable Devices
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Windows Defender
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\DVD Maker
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-05-07 12:35 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\MUI
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Windows NT
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\System
2021-05-07 12:35 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Services
2021-05-07 12:34 - 2021-03-04 12:29 - 000000000 ____D C:\Program Files (x86)\PdaNet for Android
2021-05-07 12:34 - 2021-02-26 22:33 - 000000000 ____D C:\Program Files (x86)\Roomsketcher
2021-05-07 12:34 - 2021-01-28 01:47 - 000000000 ____D C:\Program Files\Free FLV Player
2021-05-07 12:34 - 2020-11-29 10:03 - 000000000 ____D C:\Program Files (x86)\HostsMan
2021-05-07 12:34 - 2020-11-17 10:29 - 000000000 ____D C:\Program Files\RogueKiller
2021-05-07 12:34 - 2020-11-14 15:28 - 000000000 ____D C:\Program Files\Microsoft Windows Performance Toolkit
2021-05-07 12:34 - 2020-11-14 15:27 - 000000000 ____D C:\Program Files\Debugging Tools for Windows (x64)
2021-05-07 12:34 - 2020-11-14 15:27 - 000000000 ____D C:\Program Files\Application Verifier (x64)
2021-05-07 12:34 - 2020-11-14 15:27 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2021-05-07 12:34 - 2020-11-14 04:15 - 000000000 ____D C:\Program Files (x86)\Western Digital
2021-05-07 12:34 - 2020-10-27 07:06 - 000000000 ____D C:\Program Files (x86)\Baidu WiFiHotspot
2021-05-07 12:34 - 2020-10-24 16:26 - 000000000 ____D C:\Program Files\BlueStacks
2021-05-07 12:34 - 2020-10-15 11:47 - 000000000 ____D C:\Program Files\Kodi
2021-05-07 12:34 - 2020-10-06 10:37 - 000000000 ____D C:\adb
2021-05-07 12:34 - 2020-09-27 22:55 - 000000000 ____D C:\Program Files\iolo technologies
2021-05-07 12:34 - 2020-09-24 12:30 - 000000000 ____D C:\Program Files\qBittorrent
2021-05-07 12:34 - 2019-06-30 07:56 - 000000000 ____D C:\Program Files\HitmanPro
2021-05-07 12:34 - 2019-06-30 07:40 - 000000000 ____D C:\Program Files\HijackThis
2021-05-07 12:34 - 2019-06-26 12:04 - 000000000 ____D C:\Program Files\Bonjour
2021-05-07 12:34 - 2019-06-26 12:04 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-05-07 12:34 - 2019-06-14 21:57 - 000000000 ____D C:\Program Files\Npcap
2021-05-07 12:34 - 2019-05-27 13:54 - 000000000 ____D C:\Program Files (x86)\Browny02
2021-05-07 12:34 - 2019-05-27 13:54 - 000000000 ____D C:\Program Files (x86)\Brother
2021-05-07 12:34 - 2019-05-27 13:54 - 000000000 ____D C:\Brother
2021-05-07 12:34 - 2019-05-20 01:34 - 000000000 ____D C:\Program Files (x86)\Google
2021-05-07 12:34 - 2019-05-19 18:46 - 000000000 ____D C:\Program Files (x86)\HP
2021-05-07 12:34 - 2019-05-18 04:21 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-05-07 12:34 - 2019-05-17 15:53 - 000000000 ____D C:\Program Files\NON MS
2021-05-07 12:34 - 2019-05-17 09:54 - 000000000 ____D C:\Program Files\Process Hacker
2021-05-07 12:34 - 2019-05-16 22:47 - 000000000 ____D C:\APPS portable
2021-05-07 12:34 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-05-07 12:34 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files\MSBuild
2021-05-07 12:34 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-05-07 12:34 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-05-07 12:34 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files (x86)\Windows NT
2021-05-07 12:32 - 2021-03-04 04:09 - 000000000 ____D C:\Users\My PC\Downloads\TurboTax Home & Business 2020 v43.07.113 + Crack
2021-05-07 12:31 - 2020-09-14 20:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-07 12:31 - 2020-09-05 17:08 - 000000000 ____D C:\Users\My PC\Downloads\BUY-SELL
2021-05-07 12:31 - 2019-06-26 03:33 - 000000000 ____D C:\Users\My PC\Downloads\APPS-INSTALLED
2021-05-07 12:30 - 2020-11-11 18:13 - 000000000 ____D C:\ProgramData\adaware
2021-05-07 12:30 - 2020-10-24 16:26 - 000000000 ____D C:\ProgramData\BlueStacks
2021-05-07 12:30 - 2020-09-15 05:43 - 000000000 ____D C:\Program Files\NoVirusThanks
2021-05-07 12:30 - 2020-09-05 12:14 - 000000000 ____D C:\Program Files\VS Revo Group
2021-05-07 12:30 - 2019-06-22 08:48 - 000000000 ____D C:\Program Files\VideoLAN
2021-05-07 12:30 - 2019-06-16 04:17 - 000000000 ____D C:\Program Files\Vivaldi
2021-05-07 12:30 - 2019-06-02 12:29 - 000000000 ____D C:\ProgramData\Adobe
2021-05-07 12:29 - 2020-11-14 15:26 - 000000000 ____D C:\Program Files\Microsoft SDKs
2021-05-07 12:29 - 2019-05-29 01:06 - 000000000 ____D C:\Program Files\LibreOffice
2021-05-07 12:28 - 2020-11-29 15:06 - 000000000 ____D C:\Program Files\GIMP 2
2021-05-07 12:28 - 2020-09-06 15:52 - 000000000 ____D C:\Program Files\HP
2021-05-07 12:28 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-05-07 12:27 - 2021-03-03 14:55 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2021-05-07 12:27 - 2021-01-05 15:18 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-05-07 12:27 - 2020-10-27 19:13 - 000000000 ____D C:\Program Files (x86)\Java
2021-05-07 12:27 - 2019-05-16 22:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-05-07 12:27 - 2019-05-16 22:18 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-05-07 12:27 - 2009-07-13 22:32 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-05-07 12:25 - 2019-06-02 12:31 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-05-07 11:38 - 2019-05-16 19:58 - 000000000 ____D C:\Users\My PC
2021-05-06 14:06 - 2020-09-15 09:31 - 000000000 ____D C:\Users\My PC\AppData\Local\CrashDumps
2021-05-05 04:11 - 2021-02-19 17:10 - 000002244 _____ C:\Users\My PC\Downloads\2,19 grocery list.txt
2021-05-03 13:02 - 2019-12-21 01:00 - 000000811 _____ C:\Users\My PC\AppData\Local\Perfmon.PerfmonCfg
2021-04-27 01:03 - 2020-09-22 00:16 - 000000000 ____D C:\Users\Virus_TestUser\AppData\Local\Adobe
2021-04-25 17:54 - 2021-03-18 01:05 - 000000000 ____D C:\Users\My PC\Downloads\A_BIKINI PREP
2021-04-25 12:55 - 2019-06-13 02:39 - 000000000 ____D C:\Users\My PC\Downloads\PHOTOS
2021-04-24 22:09 - 2009-07-13 22:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-04-24 04:49 - 2021-04-06 05:32 - 000000000 ____D C:\Users\My PC\Downloads\A_MISSY
2021-04-23 18:53 - 2021-01-16 14:04 - 000000000 ____D C:\Users\My PC\Downloads\Vivaldi Captures
2021-04-21 13:14 - 2020-09-22 00:10 - 000649520 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-20 14:07 - 2019-12-15 13:55 - 000000000 ____D C:\Windows\pss
2021-04-20 00:14 - 2011-04-08 01:24 - 000000000 ____D C:\Users\Owner
2021-04-19 20:59 - 2020-09-22 00:28 - 000000000 ____D C:\Users\Virus_TestUser\AppData\Roaming\Process Hacker
2021-04-19 20:50 - 2020-11-28 18:25 - 000000000 ____D C:\434b80f2ac194786d5a808f8
2021-04-12 13:16 - 2021-02-15 07:03 - 000001456 _____ C:\Users\My PC\Downloads\Add2Calendar(1).csv - Shortcut.lnk
2021-04-12 13:16 - 2021-02-15 07:03 - 000001429 _____ C:\Users\My PC\Downloads\Add2Calendar.csv - Shortcut.lnk
2021-04-10 16:43 - 2019-05-31 20:16 - 000002322 ____H C:\Users\My PC\Downloads\.picasa.ini
2021-04-10 16:41 - 2019-05-31 20:16 - 000000000 ___HD C:\Users\My PC\Downloads\.picasaoriginals

==================== Files in the root of some directories ========

2019-05-17 15:47 - 2011-12-13 13:55 - 000000184 _____ () C:\Program Files\autorun.inf
2019-05-17 15:49 - 2019-04-30 18:57 - 000407742 _____ () C:\Program Files\bootmgr
2019-05-17 15:49 - 2019-04-30 18:57 - 001256968 _____ (Microsoft Corporation) C:\Program Files\bootmgr.efi
2019-05-17 15:48 - 2012-10-02 04:41 - 000216704 _____ (Microsoft Corporation) C:\Program Files\setup.exe
2019-06-01 01:14 - 2020-11-25 18:02 - 000320181 ___SH () C:\Users\My PC\AppData\Roaming\wfrhehc
2019-05-31 18:15 - 2019-07-04 21:07 - 000000027 _____ () C:\Users\My PC\AppData\Local\.sdpl-system-config4
2015-06-05 00:01 - 2015-06-05 00:01 - 000000000 _____ () C:\Users\My PC\AppData\Local\GDI2.DAT
2019-12-21 01:00 - 2021-05-03 13:02 - 000000811 _____ () C:\Users\My PC\AppData\Local\Perfmon.PerfmonCfg
2020-11-29 15:48 - 2020-11-29 15:48 - 000000924 _____ () C:\Users\My PC\AppData\Local\recently-used.xbel
2019-05-17 03:34 - 2021-03-10 05:06 - 000007616 _____ () C:\Users\My PC\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD. ->

LastRegBack: 2019-05-16 20:47
==================== End of FRST.txt ========================
You do not have the required permissions to view the files attached to this post.
Active Member
Posts: 1
Joined: May 9th, 2021, 4:49 am
Register to Remove


Unread postby pgmigg » May 9th, 2021, 9:54 am

Unsupported version of Windows

Unfortunately, I have bad news... You are using a version of Windows that is no longer supported by Microsoft.
This means that your computer no longer receives critical security updates, which makes your computer extremely
vulnerable to attacks.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we do not help you in this case.

Thank you for your cooperation and understanding.

This topic is now closed.
User avatar
Posts: 5501
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 160 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware