Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05-2022 Ran by dell (administrator) on PC-GIOVANA (Dell Inc. Inspiron 3501) (13-05-2022 15:06:21) Running from C:\Users\dell\OneDrive\Área de Trabalho Loaded Profiles: dell Platform: Microsoft Windows 11 Home Version 21H2 22000.675 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RAPS.exe (C:\Users\dell\OneDrive\Área de Trabalho\adwcleaner.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe (DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxEMN.exe (DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19> (explorer.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Users\dell\OneDrive\Área de Trabalho\adwcleaner.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_d350b8504310bbf5\WavesSvc64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe (services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe (services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (services.exe ->) (Dell Inc -> ) C:\Program Files\Dell\Fusion\FusionService.exe (services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_07f78c7ceeb909f7\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_141eb88527011137\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_36fb67bd6dbd887d\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_f629911085770af0\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.65.8001.0_x64__8wekyb3d8bbwe\gamingservices.exe (services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.65.8001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe (services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c60facea9c32a6cb\RtkAudUService64.exe <3> (services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe (services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe (services.exe ->) (Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\SessionService.exe (services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_d350b8504310bbf5\WavesSysSvc64.exe (sihost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\22.077.0410.0007\FileCoAuth.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.3302.0_x64__8wekyb3d8bbwe\GameBar.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.3302.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.652_none_04a62c754c8e7270\TiWorker.exe (svchost.exe ->) (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (SystemSettingsAdminFlows.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Users\dell\AppData\Local\Temp\7440BB3A-FDCE-4895-9D6C-4FFFFA793AFD\DismHost.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c60facea9c32a6cb\RtkAudUService64.exe [3380320 2021-11-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_d350b8504310bbf5\WavesSvc64.exe [4422328 2021-10-28] (Waves Inc -> Waves Audio Ltd.) HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2635160 2022-05-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2635160 2022-05-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1378158352-3957057711-1579280521-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2635160 2022-05-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1378158352-3957057711-1579280521-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-14] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1378158352-3957057711-1579280521-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32612832 2022-04-23] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-1378158352-3957057711-1579280521-1001\...\Policies\Explorer: [] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\101.0.4951.64\Installer\chrmstp.exe [2022-05-10] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2022-04-18] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03277A37-01E6-4CF3-A966-9D677DEC8C53} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {22500D53-EA5C-4B6D-81BF-CB7A6640E2BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-21] (Google LLC -> Google LLC) Task: {25D6310C-EE29-4BD8-91F7-79FD744E6235} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [96520 2021-08-13] (Rivet Networks LLC -> DELL) Task: {27B0983B-1972-4C1D-9C50-32225400E274} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8377312 2022-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {2E12CAB4-DC74-4D99-B3CA-01B36497E34A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2E7677BF-375F-422B-BAEA-8A19FCB7FCDA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8377312 2022-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {3A5775C5-A985-4659-999C-9B1CA5C7077B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1378158352-3957057711-1579280521-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200864 2022-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {41B4119D-999A-43AB-B864-5B4AFB8C6693} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {45516E15-8E69-4178-90A6-A1F143B2A04C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894544 2022-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {7F94413C-DC37-4763-87BD-22CABF829D00} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144816 2022-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {844A90BC-45D2-436D-9C79-1D3CF72C199A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-05-01] (Microsoft Corporation -> Microsoft Corporation) Task: {A3B36704-340E-46BE-97D5-A2A4D8B770B9} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200864 2022-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {B35F3009-57E6-4DA2-9400-14DB7F794691} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144816 2022-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {C23217DB-9100-4E8F-93DD-C301813BE1A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File) Task: {EB8DD3F4-500B-4728-87DA-28F58807611C} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\101.0.1210.39\Installer\setup.exe [3206048 2022-05-07] (Microsoft Corporation -> Microsoft Corporation) Task: {FCD252C8-7984-4F9A-8B56-233627B5720E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894544 2022-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {FDB7C19E-B9F3-439F-AFCC-C1A4C09DBB28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-21] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 177.73.96.10 8.8.8.8 Tcpip\..\Interfaces\{15a7f4ce-6c10-48af-9841-32c5bc276412}: [DhcpNameServer] 177.73.96.10 8.8.8.8 Tcpip\..\Interfaces\{93c3e7f7-1f32-459f-97e0-7cb8730d877f}: [DhcpNameServer] 177.73.96.10 8.8.8.8 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\dell\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-13] Edge Notifications: Default -> hxxps://meet.google.com Edge Extension: (Google Scholar Button) - C:\Users\dell\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fciokoalnclhnonofghacdplgpafdcgl [2022-03-16] Edge Extension: (Netflix Party is now Teleparty) - C:\Users\dell\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\igbncjcgfkfnfgbaieiimpfkobabmkce [2022-05-12] Edge Extension: (Notion Web Clipper) - C:\Users\dell\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\knheggckgoiihginacbkhaalnibhilkk [2022-03-16] FireFox: ======== FF DefaultProfile: a3h1qjz1.default FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\a3h1qjz1.default [2022-04-07] FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\w9dp5hkm.default-release [2022-04-07] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default [2022-05-13] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-21] CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-05-13] CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-12] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11759056 2022-05-13] (Microsoft Corporation -> Microsoft Corporation) S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [315008 2021-08-23] (Dell Inc -> Dell Inc.) R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [50888 2021-06-24] (Dell Inc -> ) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2022-01-07] (Dell Inc -> Dell INC.) S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{26D21981-A0A7-4371-B10A-DBB5588A1726} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [44328 2022-03-16] (Dell Inc -> ) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.077.0410.0007\FileSyncHelper.exe [3399584 2022-05-03] (Microsoft Corporation -> Microsoft Corporation) R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [20136 2021-04-20] (Dell Inc -> ) R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\\AS\\IAS\\IntelAudioService.exe [539816 2021-09-01] (Intel Corporation -> Intel) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-09] (Malwarebytes Inc. -> Malwarebytes) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.077.0410.0007\OneDriveUpdaterService.exe [3847072 2022-05-03] (Microsoft Corporation -> Microsoft Corporation) R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [197336 2021-06-15] (Qualcomm Atheros, Inc. -> ) R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [66296 2021-08-13] (Rivet Networks LLC -> Rivet Networks, LLC.) S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [66296 2021-08-13] (Rivet Networks LLC -> Rivet Networks, LLC.) R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1633040 2021-08-13] (Rivet Networks LLC -> Rivet Networks) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2390800 2021-08-13] (Rivet Networks LLC -> Rivet Networks) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [557056 2022-05-13] (Microsoft Windows -> Microsoft Corporation) S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies) S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [111960 2022-05-13] (Microsoft Windows -> Microsoft Corporation) R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-27] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-27] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_a377b182eb0b1769\iaLPSS2_SPI_TGL.sys [156936 2020-06-05] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_17edb8d819140063\iaLPSS2_UART2_TGL.sys [311560 2020-06-05] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1547464 2022-02-07] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_8dd4e6dd6061449d\IntcUSB.sys [1684544 2021-09-01] (Intel Corporation -> Intel(R) Corporation) S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [33528 2022-03-24] (WDKTestCert builder,132743893872553407 -> Logitech) S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [21704 2022-03-24] (WDKTestCert builder,132743893872553407 -> Logitech) S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [62904 2022-03-24] (WDKTestCert builder,132743893872553407 -> Logitech) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239560 2022-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKslce0fbb68; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C30BFAD6-C729-48F2-AAA9-2B52D5FDA614}\MpKslDrv.sys [137464 2022-05-13] (Microsoft Windows -> Microsoft Corporation) R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [166032 2021-08-13] (Intel Corporation -> Rivet Networks, LLC.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation) R1 WinSetupMon; C:\WINDOWS\System32\DRIVERS\WinSetupMon.sys [90464 2021-06-05] (Microsoft Windows -> Microsoft Corporation) S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-05-13 15:06 - 2022-05-13 15:06 - 000000000 ____D C:\FRST 2022-05-13 14:59 - 2022-05-13 14:59 - 000000000 ____D C:\AdwCleaner 2022-05-13 11:10 - 2022-05-13 11:10 - 001769330 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-05-13 11:07 - 2022-05-13 11:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2022-05-13 11:05 - 2022-05-13 11:05 - 000011433 _____ C:\WINDOWS\diagwrn.xml 2022-05-13 11:05 - 2022-05-13 11:05 - 000011433 _____ C:\WINDOWS\diagerr.xml 2022-05-13 11:05 - 2022-05-13 11:05 - 000003866 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask 2022-05-13 11:05 - 2022-05-13 11:05 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-05-13 11:05 - 2022-05-13 11:05 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2022-05-13 11:05 - 2022-05-13 11:05 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-05-13 11:05 - 2022-05-13 11:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2022-05-13 11:05 - 2022-05-13 11:05 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1378158352-3957057711-1579280521-1001 2022-05-13 11:05 - 2022-05-13 11:05 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2022-05-13 11:05 - 2022-05-13 11:05 - 000002258 _____ C:\WINDOWS\system32\Tasks\SmartByte Telemetry 2022-05-13 11:05 - 2022-05-13 11:05 - 000000020 ___SH C:\Users\dell\ntuser.ini 2022-05-13 11:05 - 2022-05-13 11:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-05-13 11:05 - 2022-05-13 11:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel 2022-05-13 11:05 - 2022-05-13 11:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2022-05-13 11:03 - 2022-05-13 11:03 - 000026876 _____ C:\WINDOWS\system32\emptyregdb.dat 2022-05-13 11:02 - 2022-05-13 14:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-05-13 11:02 - 2022-05-13 11:05 - 000000000 ____D C:\Windows.old 2022-05-13 11:02 - 2022-05-13 11:02 - 000470256 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-05-13 11:02 - 2022-05-13 11:02 - 000000000 ____D C:\Program Files\Waves 2022-05-13 10:54 - 2022-05-13 11:05 - 000000000 ____D C:\Users\dell 2022-05-13 10:54 - 2022-05-13 11:02 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2022-05-13 10:54 - 2021-06-05 09:04 - 000001281 _____ C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk 2022-05-13 10:54 - 2021-06-05 09:04 - 000000407 _____ C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk 2022-05-13 10:53 - 2022-05-13 10:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2022-05-13 10:53 - 2022-05-13 10:53 - 000000000 ____D C:\WINDOWS\Firmware 2022-05-13 10:51 - 2022-05-13 11:02 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2022-05-13 10:51 - 2022-05-13 10:51 - 000114688 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll 2022-05-13 10:51 - 2022-05-13 10:51 - 000078336 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll 2022-05-13 10:51 - 2022-05-13 10:51 - 000021047 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2022-05-13 10:51 - 2022-05-13 10:51 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient 2022-05-13 10:47 - 2022-05-13 10:47 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Bubbles.scr 2022-05-13 10:47 - 2022-05-13 10:47 - 000774144 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2022-05-13 10:47 - 2022-05-13 10:47 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2022-05-13 10:47 - 2022-05-13 10:47 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2022-05-13 10:47 - 2022-05-13 10:47 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe 2022-05-13 10:47 - 2022-05-13 10:47 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2022-05-13 10:47 - 2022-05-13 10:47 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2022-05-13 10:47 - 2022-05-13 10:47 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp 2022-05-13 10:47 - 2022-05-13 10:47 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp 2022-05-13 10:47 - 2022-05-13 10:47 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssText3d.scr 2022-05-13 10:47 - 2022-05-13 10:47 - 000208896 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\l3codecp.acm 2022-05-13 10:47 - 2022-05-13 10:47 - 000196096 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\l3codecp.acm 2022-05-13 10:47 - 2022-05-13 10:47 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Ribbons.scr 2022-05-13 10:47 - 2022-05-13 10:47 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Mystify.scr 2022-05-13 10:47 - 2022-05-13 10:47 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\remotesp.tsp 2022-05-13 10:47 - 2022-05-13 10:47 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remotesp.tsp 2022-05-13 10:47 - 2022-05-13 10:47 - 000079192 _____ C:\WINDOWS\system32\Drivers\NDKPerf.sys 2022-05-13 10:47 - 2022-05-13 10:47 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidphone.tsp 2022-05-13 10:47 - 2022-05-13 10:47 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\format.com 2022-05-13 10:47 - 2022-05-13 10:47 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hidphone.tsp 2022-05-13 10:47 - 2022-05-13 10:47 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com 2022-05-13 10:47 - 2022-05-13 10:47 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\more.com 2022-05-13 10:47 - 2022-05-13 10:47 - 000019456 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll 2022-05-13 10:47 - 2022-05-13 10:47 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com 2022-05-13 10:47 - 2022-05-13 10:47 - 000009522 _____ C:\WINDOWS\system32\ResPriUHMImageList 2022-05-13 10:47 - 2022-05-13 10:47 - 000009522 _____ C:\WINDOWS\system32\ResPriImageList 2022-05-13 10:47 - 2022-05-13 10:47 - 000009522 _____ C:\WINDOWS\system32\ResPriHMImageList 2022-05-13 10:47 - 2022-05-13 10:47 - 000009402 _____ C:\WINDOWS\system32\ResPriHMImageListLowCost 2022-05-13 10:47 - 2022-05-13 10:47 - 000008964 _____ C:\WINDOWS\system32\ResPriLMImageList 2022-05-13 10:47 - 2022-05-13 10:47 - 000008870 _____ C:\WINDOWS\system32\ResPriImageListLowCost 2022-05-13 10:46 - 2022-05-13 10:46 - 002125824 _____ C:\WINDOWS\system32\dwmscene.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 002080992 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000617648 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe 2022-05-13 10:46 - 2022-05-13 10:46 - 000460800 _____ C:\WINDOWS\SysWOW64\SettingSyncDownloadHelper.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000425984 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000372736 _____ C:\WINDOWS\system32\hwreqchk.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000356352 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000339968 _____ C:\WINDOWS\system32\pku2u.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000335872 _____ C:\WINDOWS\system32\Windows.Internal.UI.Dialogs.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000294912 _____ C:\WINDOWS\system32\pnpdiag.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000286720 _____ C:\WINDOWS\system32\AggregatorHost.exe 2022-05-13 10:46 - 2022-05-13 10:46 - 000267264 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Dialogs.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000247808 _____ C:\WINDOWS\SysWOW64\pku2u.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000221184 _____ C:\WINDOWS\SysWOW64\Microsoft.Internal.FrameworkUdk.System.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000208896 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000180224 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000121344 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2022-05-13 10:46 - 2022-05-13 10:46 - 000099560 _____ C:\WINDOWS\system32\wow64con.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000098304 _____ C:\WINDOWS\system32\sstpcfg.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000086016 _____ C:\WINDOWS\system32\printticketvalidation.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000086016 _____ C:\WINDOWS\system32\CredProvCommonCore.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe 2022-05-13 10:46 - 2022-05-13 10:46 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp 2022-05-13 10:46 - 2022-05-13 10:46 - 000069632 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\format.com 2022-05-13 10:46 - 2022-05-13 10:46 - 000051712 _____ C:\WINDOWS\SysWOW64\CredProvCommonCore.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\more.com 2022-05-13 10:46 - 2022-05-13 10:46 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com 2022-05-13 10:46 - 2022-05-13 10:46 - 000042752 _____ C:\WINDOWS\system32\wow64base.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000041594 _____ C:\WINDOWS\SysWOW64\ctac.json 2022-05-13 10:46 - 2022-05-13 10:46 - 000040960 _____ C:\WINDOWS\system32\WsdProviderUtil.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000040960 _____ C:\WINDOWS\system32\prxyqry.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com 2022-05-13 10:46 - 2022-05-13 10:46 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp 2022-05-13 10:46 - 2022-05-13 10:46 - 000038760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msgsm32.acm 2022-05-13 10:46 - 2022-05-13 10:46 - 000036864 _____ C:\WINDOWS\system32\umpodev.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000034112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imaadp32.acm 2022-05-13 10:46 - 2022-05-13 10:46 - 000033568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msadp32.acm 2022-05-13 10:46 - 2022-05-13 10:46 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrnsave.scr 2022-05-13 10:46 - 2022-05-13 10:46 - 000024576 _____ C:\WINDOWS\system32\nrtapi.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000015046 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-05-13 10:46 - 2022-05-13 10:46 - 000013824 _____ C:\WINDOWS\SysWOW64\prxyqry.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000006656 _____ C:\WINDOWS\SysWOW64\nrtapi.dll 2022-05-13 10:46 - 2022-05-13 10:46 - 000003366 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml 2022-05-13 10:46 - 2022-05-13 10:46 - 000003366 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2022-05-13 10:45 - 2022-05-13 10:45 - 002550832 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000727576 _____ C:\WINDOWS\system32\TextShaping.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000643072 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000614400 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000311296 _____ C:\WINDOWS\system32\Microsoft.Internal.FrameworkUdk.System.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000286720 _____ C:\WINDOWS\system32\Microsoft.Bluetooth.Audio.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000258048 _____ C:\WINDOWS\system32\CoreMas.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000208896 _____ C:\WINDOWS\system32\IHDS.dll 2022-05-13 10:45 - 2022-05-13 10:45 - 000172032 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-05-13 10:45 - 2022-05-13 10:45 - 000167936 _____ C:\WINDOWS\system32\TpmTool.exe 2022-05-13 10:45 - 2022-05-13 10:45 - 000067528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msgsm32.acm 2022-05-13 10:45 - 2022-05-13 10:45 - 000063392 _____ (Microsoft Corporation) C:\WINDOWS\system32\imaadp32.acm 2022-05-13 10:45 - 2022-05-13 10:45 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrnsave.scr 2022-05-13 10:45 - 2022-05-13 10:45 - 000059264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msadp32.acm 2022-05-13 10:45 - 2022-05-13 10:45 - 000041594 _____ C:\WINDOWS\system32\ctac.json 2022-05-13 10:45 - 2022-05-13 10:45 - 000032768 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2022-05-13 10:41 - 2022-05-13 11:10 - 000778496 _____ C:\WINDOWS\system32\prfh0416.dat 2022-05-13 10:41 - 2022-05-13 11:10 - 000154488 _____ C:\WINDOWS\system32\prfc0416.dat 2022-05-13 10:41 - 2022-05-13 10:41 - 000328664 _____ C:\WINDOWS\system32\prfi0416.dat 2022-05-13 10:41 - 2022-05-13 10:41 - 000040858 _____ C:\WINDOWS\system32\prfd0416.dat 2022-05-13 10:41 - 2022-05-13 10:41 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2022-05-13 10:37 - 2022-05-13 10:37 - 000000000 ____D C:\Program Files\Reference Assemblies 2022-05-13 10:37 - 2022-05-13 10:37 - 000000000 ____D C:\Program Files\MSBuild 2022-05-13 10:37 - 2022-05-13 10:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2022-05-13 10:37 - 2022-05-13 10:37 - 000000000 ____D C:\Program Files (x86)\MSBuild 2022-05-13 10:33 - 2022-05-13 10:33 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2022-05-13 09:59 - 2022-05-13 11:16 - 000000000 ___DC C:\WINDOWS\Panther 2022-05-13 09:07 - 2022-05-13 09:07 - 000000028 ____H C:\.GamingRoot 2022-05-13 09:07 - 2022-05-13 09:07 - 000000000 ____D C:\XboxGames 2022-05-12 02:36 - 2022-05-12 02:36 - 000000000 ___HD C:\$WinREAgent 2022-05-09 16:58 - 2022-05-09 17:00 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2022-05-09 12:47 - 2022-05-09 12:47 - 000239560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2022-05-09 12:47 - 2022-05-09 12:46 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2022-05-07 23:08 - 2022-05-07 23:08 - 000000000 ____D C:\Users\dell\AppData\LocalLow\Oracle 2022-05-07 22:59 - 2022-05-07 22:59 - 000000000 ____D C:\Users\dell\AppData\Local\SafeNet Sentinel 2022-05-07 21:59 - 2022-05-07 21:59 - 000000000 ____D C:\ProgramData\Reprise 2022-05-07 21:59 - 2022-02-03 11:16 - 000000000 _____ C:\WINDOWS\MSUTIL.INI 2022-05-07 21:56 - 2022-05-07 21:56 - 000000000 ____D C:\Users\dell\AppData\Local\Yandex 2022-05-07 19:39 - 2022-05-07 21:48 - 000000000 ____D C:\Users\dell\OneDrive\Documentos\Adobe 2022-05-07 19:36 - 2022-05-07 19:39 - 000000000 ____D C:\Users\dell\AppData\Local\Adobe 2022-05-03 14:15 - 2022-05-03 14:15 - 000002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-04-23 19:37 - 2022-04-23 19:37 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2022-04-23 19:37 - 2022-04-23 19:37 - 000000000 ____D C:\Program Files\PCHealthCheck 2022-04-21 19:35 - 2022-04-21 19:35 - 003960776 _____ C:\Users\dell\Downloads\sobotta - origem inserção musculos.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-05-13 15:04 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SystemTemp 2022-05-13 14:53 - 2021-06-05 09:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-05-13 14:51 - 2021-04-21 12:17 - 000000000 ____D C:\Users\dell\AppData\Local\D3DSCache 2022-05-13 14:45 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2022-05-13 14:37 - 2021-04-21 10:45 - 000000000 ____D C:\Program Files (x86)\Google 2022-05-13 13:06 - 2021-06-05 09:09 - 000000000 ____D C:\WINDOWS\INF 2022-05-13 12:31 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-05-13 12:24 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2022-05-13 12:21 - 2021-06-05 09:10 - 000000000 ___HD C:\Program Files\WindowsApps 2022-05-13 12:21 - 2021-04-21 10:38 - 000000000 ____D C:\Users\dell\AppData\Local\PlaceholderTileLogoFolder 2022-05-13 12:21 - 2021-03-10 14:30 - 000000000 ____D C:\Users\dell\AppData\Local\Packages 2022-05-13 12:21 - 2020-12-25 14:48 - 000000000 ____D C:\ProgramData\Packages 2022-05-13 12:20 - 2020-12-25 14:28 - 000000000 ____D C:\ProgramData\Goodix 2022-05-13 11:23 - 2020-12-25 14:37 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services 2022-05-13 11:22 - 2021-06-05 09:10 - 000000000 ___RD C:\WINDOWS\PrintDialog 2022-05-13 11:21 - 2021-06-05 09:01 - 000000000 ____D C:\WINDOWS\servicing 2022-05-13 11:21 - 2021-06-05 09:01 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-05-13 11:13 - 2021-04-21 11:10 - 000000000 ____D C:\Users\dell\AppData\Roaming\discord 2022-05-13 11:08 - 2021-07-23 19:01 - 000000000 ____D C:\Users\dell\AppData\Local\Discord 2022-05-13 11:07 - 2021-03-10 14:33 - 000000000 ___RD C:\Users\dell\OneDrive 2022-05-13 11:05 - 2021-06-05 09:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-05-13 11:05 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-05-13 11:05 - 2021-06-05 09:10 - 000000000 ____D C:\Program Files\Windows Defender 2022-05-13 11:05 - 2021-06-05 09:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2022-05-13 11:05 - 2021-04-21 10:46 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-05-13 11:05 - 2021-03-10 14:30 - 000000000 __SHD C:\Users\dell\IntelGraphicsProfiles 2022-05-13 11:05 - 2020-12-25 14:42 - 000000000 __RHD C:\Users\Public\AccountPictures 2022-05-13 11:04 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\Registration 2022-05-13 11:03 - 2021-11-12 12:45 - 000012288 ___SH C:\DumpStack.log.tmp 2022-05-13 11:03 - 2021-06-05 09:10 - 000000000 __RHD C:\Users\Public\Libraries 2022-05-13 11:03 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\ServiceState 2022-05-13 11:03 - 2021-06-05 09:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2022-05-13 11:03 - 2021-06-05 09:01 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-05-13 11:03 - 2020-12-25 14:28 - 000000000 ____D C:\Intel 2022-05-13 11:02 - 2022-02-24 13:03 - 000000000 ____D C:\Program Files\UNP 2022-05-13 11:02 - 2021-07-26 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2022-05-13 11:02 - 2021-07-26 18:28 - 000000000 ____D C:\WINDOWS\system32\ihvmanager 2022-05-13 11:02 - 2021-07-16 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx 2022-05-13 11:02 - 2021-06-14 14:10 - 000000000 ____D C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio 2022-05-13 11:02 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\spool 2022-05-13 11:02 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2022-05-13 11:02 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\appcompat 2022-05-13 11:02 - 2021-05-25 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2022-05-13 11:02 - 2021-05-17 20:58 - 000000000 ____D C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2022-05-13 11:02 - 2021-04-21 13:37 - 000000000 ____D C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2022-05-13 11:02 - 2021-04-21 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2022-05-13 11:02 - 2021-04-21 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher 2022-05-13 11:02 - 2021-04-21 11:31 - 000000000 ____D C:\Program Files\Intel 2022-05-13 11:02 - 2021-04-21 11:10 - 000000000 ____D C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2022-05-13 11:02 - 2020-12-25 14:37 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-05-13 11:02 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2022-05-13 11:02 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2022-05-13 10:59 - 2021-06-05 09:14 - 000000000 ____D C:\WINDOWS\Setup 2022-05-13 10:57 - 2021-06-05 09:10 - 000000000 ____D C:\ProgramData\USOPrivate 2022-05-13 10:53 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-05-13 10:51 - 2021-06-05 10:17 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2022-05-13 10:51 - 2021-06-05 10:17 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ___SD C:\WINDOWS\system32\UNP 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ___SD C:\WINDOWS\system32\F12 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SystemResources 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\setup 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\id-ID 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\et-EE 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\es-MX 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\Com 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\appraiser 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\ShellComponents 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\Provisioning 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\IME 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\DiagTrack 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-05-13 10:51 - 2021-06-05 09:10 - 000000000 ____D C:\Program Files\Common Files\System 2022-05-13 10:42 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\OCR 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\system32\winrm 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\system32\WCN 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\system32\slmgr 2022-05-13 10:41 - 2021-06-05 10:09 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2022-05-13 10:41 - 2021-06-05 09:10 - 000000000 ___SD C:\WINDOWS\system32\dsc 2022-05-13 10:41 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2022-05-13 10:41 - 2021-06-05 09:10 - 000000000 ____D C:\WINDOWS\system32\MUI 2022-05-13 10:41 - 2021-06-05 09:10 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2022-05-13 09:10 - 2020-12-25 14:44 - 000000000 ____D C:\Program Files\Microsoft Office 2022-05-12 03:02 - 2022-03-21 15:23 - 000222672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll 2022-05-12 03:02 - 2021-11-22 14:01 - 000132560 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll 2022-05-12 03:02 - 2021-11-04 14:50 - 002274768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll 2022-05-12 03:02 - 2021-11-04 14:50 - 000394704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll 2022-05-12 03:02 - 2021-11-04 14:50 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll 2022-05-12 03:02 - 2021-11-04 14:50 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2022-05-12 03:02 - 2021-11-04 14:50 - 000062952 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe 2022-05-12 02:32 - 2021-04-22 11:43 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-05-12 02:32 - 2021-04-22 11:43 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-05-09 12:48 - 2021-05-17 18:51 - 000000000 ____D C:\Users\dell\AppData\Local\mbam 2022-05-09 12:47 - 2021-05-17 18:51 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2022-05-09 12:46 - 2021-05-17 18:51 - 000103888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2022-05-09 12:46 - 2021-05-17 18:50 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-05-09 12:46 - 2021-05-17 18:50 - 000000000 ____D C:\Program Files\Malwarebytes 2022-05-09 12:01 - 2021-06-26 16:36 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2022-05-07 23:25 - 2021-05-26 15:51 - 000000000 ____D C:\Users\dell\AppData\Local\CrashDumps 2022-05-07 23:13 - 2020-12-25 14:37 - 000000000 ____D C:\ProgramData\PCDr 2022-05-07 23:13 - 2020-12-25 14:37 - 000000000 ____D C:\Program Files\Dell 2022-05-07 23:11 - 2021-11-18 13:32 - 000000000 ____D C:\Users\dell\AppData\Roaming\Zoom 2022-05-07 19:39 - 2021-03-10 14:30 - 000000000 ____D C:\Users\dell\AppData\Roaming\Adobe 2022-05-07 19:36 - 2020-12-25 14:41 - 000000000 ____D C:\ProgramData\Package Cache 2022-05-07 19:33 - 2021-08-09 10:48 - 000000000 ____D C:\Users\dell\AppData\LocalLow\Mozilla 2022-05-01 21:59 - 2021-04-21 12:53 - 000000000 ____D C:\Users\dell\AppData\Roaming\.minecraft 2022-05-01 18:53 - 2021-05-20 20:23 - 000000000 ____D C:\Users\dell\AppData\Roaming\lunarclient 2022-04-23 22:36 - 2021-07-26 18:39 - 000000000 ____D C:\Program Files (x86)\Steam 2022-04-18 14:55 - 2021-07-06 09:11 - 000000000 ____D C:\Users\dell\OneDrive\Documentos\Blocos de Anotações do OneNote ==================== Files in the root of some directories ======== 2021-05-24 16:22 - 2021-11-16 15:16 - 000007597 _____ () C:\Users\dell\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================