Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-03-2023 Ran by new (administrator) on VAIO-TIAGO (VAIO VJF155F11X-B0311B) (21-03-2023 10:43:01) Running from C:\Users\new\Desktop Loaded Profiles: new Platform: Microsoft Windows 10 Home Single Language Version 22H2 19045.2604 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (explorer.exe ->) (ellabi) C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.16.2.0_x64__hjfwaxvfbwh7t\Source\Move Mouse.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14> (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) D:\DU Meter\DUMeterSvc.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) D:\AnyDesk\AnyDesk.exe <2> (svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) D:\DU Meter\DUMeter.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3326348feda52885\RtkAudUService64.exe [1232240 2021-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => D:\itunes\iTunesHelper.exe [366944 2022-12-08] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [EpicPen] => C:\Program Files (x86)\Epic Pen\EpicPen.exe [543120 2023-03-02] (Tank Studios (Tank Studios Limited) -> Tank Studios Limited) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\Run: [DU Meter] => D:\DU Meter\DUMeter.exe [9798824 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Uninstall 23.043.0226.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\23.043.0226.0001" (No File) HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\111.0.5563.65\Installer\chrmstp.exe [2023-03-10] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2021-03-23] ShortcutTarget: AnyDesk.lnk -> D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01F6E445-4536-4F25-AFE2-6413F0953C48} - System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC) Task: {12B9D87A-FC82-4338-8EE1-564393BCE3B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-10] (Mozilla Corporation -> Mozilla Foundation) Task: {3F67D174-3127-4E35-8267-C73D69D5E15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {510F66DA-01C8-4741-81FE-7A48558CBD64} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {6B614712-421A-47AA-9A41-A24434C7A784} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File) Task: {7FDFA37F-7A63-4818-A8AB-AC4C1750544A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File) Task: {A7101C17-F1CE-4D4C-9282-FF8E202CF366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File) Task: {B87CF236-4E63-411D-9F52-5FBDFB51AC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File) Task: {B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.) Task: {C7DD9CDD-CCD4-4564-AA82-9714227A4AAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {CD921B18-63BA-48CE-94D9-1C5024308F14} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Task: {CE6DCEE4-09C3-498C-892A-1F66F36DD355} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.) Task: {FFE29333-1F82-4343-8C96-0BA0C8EE4E93} - System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 213.228.129.69 213.228.129.70 Tcpip\..\Interfaces\{c8384b8e-4dba-4927-be92-e988793dfe81}: [DhcpNameServer] 213.228.129.69 213.228.129.70 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-21] Edge DownloadDir: Default -> C:\Users\new\Desktop Edge Extension: (AdBlock — best ad blocker) - C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2023-02-21] FireFox: ======== FF DefaultProfile: j14ehhyy.default FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\j14ehhyy.default [2023-01-12] FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\u8ugabfx.default-release [2023-03-10] FF Extension: (Language: Português (BR)) - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\u8ugabfx.default-release\Extensions\langpack-pt-BR@firefox.mozilla.org.xpi [2023-03-10] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-03-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default [2023-03-19] CHR Extension: (Urban VPN Proxy) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppiocemhmnlbhjplcgkofciiegomcon [2023-03-16] CHR Extension: (Google Docs Offline) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-10] CHR Extension: (AdBlock — best ad blocker) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-03-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-10] CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-03-13] CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\System Profile [2023-03-13] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.) R2 AnyDesk; D:\AnyDesk\AnyDesk.exe [3853384 2022-08-17] (philandro Software GmbH -> AnyDesk Software GmbH) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103280 2022-09-01] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512768 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) R2 DUMeterSvc; D:\DU Meter\DUMeterSvc.exe [5836968 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) S4 FolderSize; D:\folder size\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed] S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-10-09] (HP Inc. -> HP Inc.) S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2022-05-02] () [File not signed] S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe" [X] S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 DUMeterDrv; D:\DU Meter\DUMETR64.SYS [31312 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) S3 MpKsl2f9a9643; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [134376 2022-01-14] (Microsoft Windows -> Microsoft Corporation) S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2022-07-05] (CACE Technologies, Inc. -> CACE Technologies, Inc.) R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [41008 2021-02-04] (McAfee, LLC. -> The OpenVPN Project) S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project) S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [49152 2020-11-19] (Microsoft Corporation) [File not signed] S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2022-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [438520 2022-02-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-11] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [29592 2022-04-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-12] (Microsoft Corporation -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-03-21 10:43 - 2023-03-21 10:43 - 000015844 _____ C:\Users\new\Desktop\FRST.txt 2023-03-21 10:41 - 2023-03-21 10:41 - 002378752 _____ (Farbar) C:\Users\new\Desktop\FRST64.exe 2023-03-16 20:00 - 2023-03-16 20:00 - 000000000 ____D C:\Users\new\AppData\Local\Psiphon3 2023-03-12 07:15 - 2023-03-21 10:43 - 000000000 ____D C:\FRST 2023-03-10 23:34 - 2023-03-10 23:34 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-03-10 23:33 - 2023-03-10 23:33 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} 2023-03-10 23:33 - 2023-03-10 23:33 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} 2023-03-10 23:33 - 2023-03-10 23:33 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-03-10 23:24 - 2023-03-10 23:24 - 000000000 ____D C:\KVRT2020_Data 2023-03-10 23:22 - 2023-03-10 23:22 - 000000000 ____D C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2023-03-10 23:22 - 2023-03-10 23:22 - 000000000 ____D C:\Users\new\AppData\Local\Zoom 2023-03-10 23:19 - 2023-03-10 23:19 - 000000000 ____D C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2023-03-10 23:19 - 2023-03-10 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2023-03-10 23:16 - 2023-03-10 23:35 - 000000000 ____D C:\SecurityCheck 2023-03-10 22:19 - 2023-03-10 22:19 - 000001389 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2023-03-10 22:19 - 2023-03-10 22:19 - 000000000 ____D C:\Users\new\AppData\Local\ESET 2023-03-07 18:17 - 2023-03-19 16:17 - 000000124 _____ C:\Users\new\Desktop\netempregos.txt 2023-03-04 16:37 - 2023-03-05 21:05 - 000000000 ____D C:\Users\new\AppData\Roaming\Epic Pen 2023-03-04 16:37 - 2023-03-04 16:38 - 000000000 ____D C:\Program Files (x86)\Epic Pen 2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\Users\new\AppData\Local\BrightData 2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Pen 2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\ProgramData\BrightData 2023-03-02 18:14 - 2023-03-02 18:14 - 000002367 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2023-03-02 18:13 - 2023-03-02 18:15 - 000000000 ____D C:\Users\new\AppData\Local\SquirrelTemp 2023-03-01 21:15 - 2023-03-01 21:15 - 000000000 ___HD C:\$WinREAgent 2023-02-23 20:44 - 2023-02-23 20:44 - 000166900 _____ C:\Users\new\Desktop\CV Tiago Delazari - EN.pdf 2023-02-23 20:43 - 2023-02-23 20:43 - 000167431 _____ C:\Users\new\Desktop\CV Tiago Delazari - PT.pdf 2023-02-20 19:11 - 2023-03-18 11:19 - 000000091 _____ C:\Users\new\Desktop\datas.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-03-21 10:42 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness 2023-03-21 10:41 - 2021-03-23 10:55 - 000000000 ____D C:\Program Files (x86)\Google 2023-03-21 10:39 - 2021-12-12 17:27 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1842628812-1090097327-1321332273-1002 2023-03-21 10:39 - 2021-05-04 11:12 - 000003366 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1842628812-1090097327-1321332273-1002 2023-03-21 10:39 - 2021-05-04 11:12 - 000002386 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-03-21 10:39 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-03-19 21:58 - 2021-03-22 19:35 - 000841010 _____ C:\Windows\system32\PerfStringBackup.INI 2023-03-19 21:58 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF 2023-03-19 21:54 - 2021-03-22 19:28 - 000008192 ___SH C:\DumpStack.log.tmp 2023-03-19 21:54 - 2020-11-18 23:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-03-19 21:54 - 2019-12-07 09:03 - 000786432 _____ C:\Windows\system32\config\BBI 2023-03-19 21:31 - 2021-12-24 01:38 - 000000000 ____D C:\Users\new\AppData\Roaming\ZHP 2023-03-19 18:28 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-03-19 15:26 - 2020-11-18 23:31 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-03-18 12:59 - 2023-01-12 14:08 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-03-18 12:59 - 2023-01-12 14:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-03-18 12:59 - 2021-04-05 00:14 - 000000000 ____D C:\Program Files\WinRAR 2023-03-16 18:49 - 2021-04-27 13:28 - 000000000 ____D C:\Program Files\Microsoft Office 2023-03-12 09:26 - 2020-11-18 23:28 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-03-12 07:11 - 2022-03-27 16:11 - 000000000 ____D C:\ProgramData\Package Cache 2023-03-11 00:22 - 2021-06-09 01:39 - 000007624 _____ C:\Users\new\AppData\Local\Resmon.ResmonCfg 2023-03-11 00:16 - 2019-12-07 09:03 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-03-10 23:34 - 2023-01-12 14:08 - 000001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-03-10 23:34 - 2023-01-12 14:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-03-10 23:34 - 2021-09-13 16:35 - 000000000 ____D C:\Users\new\AppData\LocalLow\Mozilla 2023-03-10 23:33 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\Google 2023-03-10 23:31 - 2023-02-10 13:09 - 000000000 ____D C:\Users\new\AppData\Local\Lacuna Software 2023-03-10 23:31 - 2022-05-03 20:28 - 000000000 ____D C:\Program Files (x86)\SpeedFan 2023-03-10 23:26 - 2021-03-23 16:42 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2023-03-10 23:25 - 2022-10-17 20:38 - 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2023-03-10 23:22 - 2021-04-30 12:56 - 000000000 ____D C:\Users\new\AppData\Roaming\Zoom 2023-03-10 23:21 - 2021-04-27 20:32 - 000000000 ____D C:\Users\new\AppData\Roaming\vlc 2023-03-08 00:00 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\PlaceholderTileLogoFolder 2023-03-08 00:00 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\Packages 2023-03-08 00:00 - 2020-11-18 23:32 - 000000000 ____D C:\ProgramData\Packages 2023-03-06 20:25 - 2020-11-18 23:31 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-03-06 20:25 - 2020-11-18 23:31 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-03-05 16:03 - 2021-04-27 20:02 - 000000000 ____D C:\Users\new\AppData\Roaming\obs-studio 2023-03-04 16:44 - 2021-04-28 15:53 - 000000000 ____D C:\Users\new\AppData\Local\D3DSCache 2023-03-02 11:13 - 2020-11-18 23:28 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\setup 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr 2023-03-01 21:21 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp 2023-03-01 21:20 - 2020-11-18 23:31 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-03-01 18:48 - 2021-03-22 23:25 - 000000000 ____D C:\Windows\system32\MRT 2023-03-01 18:46 - 2021-03-22 23:25 - 149955784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-02-28 21:40 - 2020-11-18 23:32 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-02-19 18:48 - 2023-02-15 19:08 - 000000052 _____ C:\Users\new\Desktop\linkedin link.txt ==================== Files in the root of some directories ======== 2021-06-09 01:39 - 2023-03-11 00:22 - 000007624 _____ () C:\Users\new\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================