Every time I scan using using Malwarebytes it detects the exact same number of infections. If I delete them they come back. If I quarantine them and scan, more show. I tried resetting my pc in an effort to get rid of the infections, but they still remain. Not sure what to do. Below is the info that might help.
Thx
FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020
Ran by Bluem (administrator) on DESKTOP-GQ3KK01 (Dell Inc. OptiPlex 9020) (09-12-2020 09:29:05)
Running from C:\Users\Bluem\Desktop
Loaded Profiles: Bluem
Platform: Windows 10 Pro Version 20H2 19042.662 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnapp.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\transport_proxy.exe
(Kaspersky Lab JSC -> Kaspersky Lab AO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\plugin-nm-server-v2.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Bluem\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [224376 2020-11-21] (Bitdefender SRL -> Bitdefender)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-06-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3098683771-1714621788-1964174946-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [659976 2020-09-23] (Kaspersky Lab -> AO Kaspersky Lab)
HKU\S-1-5-21-3098683771-1714621788-1964174946-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Print\Monitors\HP D711 Status Monitor: C:\WINDOWS\system32\hpinkstsD711LM.dll [393352 2017-03-26] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4AC3361F-AE35-44AD-8D9A-3FE877ED1211} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {620C4FAA-D1E7-4502-8250-BD9556D9F116} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {6E03156F-6E0F-483D-B8D0-3FE8B9F46926} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7DA8D026-EA99-4C74-81DD-BEE9CB09F69C} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305
A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [930872 2020-10-02] (Bitdefender SRL -> Bitdefender)
Task: {8FE69185-BD3A-41B3-BE91-7ED607123B64} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2020-12-04] (Dell Inc -> Dell Inc.)
Task: {966EC8F0-F489-4347-B251-BDDCA3887A37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)
Task: {EC5EBD62-3F6A-4DC0-AE95-DA6B710CC1D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)
Task: {F7F0B392-2557-486B-B816-C7AD747651C4} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD398
64 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{fd8cd48b-4545-45ad-8544-4f49bf381f0c}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Edge:
======
Edge Profile: C:\Users\Bluem\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-09]
Edge Extension: (Kaspersky Password Manager) - C:\Users\Bluem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eolheccophlcbnkkbelcgminoojochgj [2020-12-08]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-10-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
Chrome:
=======
CHR Profile: C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default [2020-12-09]
CHR Extension: (Slides) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-08]
CHR Extension: (Docs) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-08]
CHR Extension: (Google Drive) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-08]
CHR Extension: (YouTube) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-08]
CHR Extension: (uBlock Origin) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-12-08]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnkblpjbkfklfloegejegedcafpliaa [2020-12-08]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2020-12-08]
CHR Extension: (Sheets) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-08]
CHR Extension: (Google Docs Offline) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-08]
CHR Extension: (Scroll To Top) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2020-12-08]
CHR Extension: (Color Links) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiponeioelghhaljfflaaflpccedbdem [2020-12-08]
CHR Extension: (Disable JavaScript) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdlihdedhlmhlbgooailmfhahieoem [2020-12-08]
CHR Extension: (MeasureIt!) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\keoagpbljgpdoldcmfpgicnpijmfompi [2020-12-08]
CHR Extension: (Video DownloadHelper) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2020-12-08]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-08]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2020-12-08]
CHR Extension: (Gmail) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [197624 2020-11-02] (Pango Inc. -> AnchorFree Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [249880 2020-11-21] (Bitdefender SRL -> Bitdefender)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2020-12-08] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2020-09-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2020-12-04] (Dell Inc -> Dell Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-10-02] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
R4 DBUtil_2_3; C:\WINDOWS\TEMP\DBUtil_2_3.Sys [14840 2020-12-09] (Dell Inc. -> )
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-08] (Malwarebytes Corporation -> Malwarebytes)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
S3 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-09-16] (Bitdefender SRL -> Bitdefender)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-09 09:29 - 2020-12-09 09:29 - 000020383 _____ C:\Users\Bluem\Desktop\FRST.txt
2020-12-09 09:28 - 2020-12-09 09:29 - 000000000 ____D C:\FRST
2020-12-09 09:28 - 2020-12-09 09:28 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-12-09 09:28 - 2020-12-09 09:28 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-12-09 09:28 - 2020-12-09 09:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-12-09 09:28 - 2020-12-09 09:28 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-12-09 09:28 - 2020-12-09 09:28 - 000000000 ____D C:\Users\Bluem\Desktop\FRST-OlderVersion
2020-12-09 09:28 - 2020-12-09 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-12-09 09:28 - 2020-12-09 09:28 - 000000000 ____D C:\Program Files\CCleaner
2020-12-09 09:27 - 2020-12-09 09:27 - 030469496 _____ (Piriform Software Ltd) C:\Users\Bluem\Downloads\ccsetup574.exe
2020-12-09 09:26 - 2020-12-09 09:26 - 000000000 ____D C:\Users\Bluem\Downloads\SCRAP
2020-12-09 09:25 - 2020-12-09 09:25 - 000004665 _____ C:\Users\Bluem\Desktop\MBAMEXPORT.txt
2020-12-09 08:47 - 2020-12-09 08:47 - 000000000 ____D C:\Users\Bluem\AppData\Roaming\Sun
2020-12-09 08:47 - 2020-12-09 08:47 - 000000000 ____D C:\Users\Bluem\AppData\LocalLow\Sun
2020-12-09 08:47 - 2020-12-09 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-09 08:47 - 2020-12-09 08:46 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-09 08:46 - 2020-12-09 08:46 - 000000000 ____D C:\ProgramData\Oracle
2020-12-09 08:46 - 2020-12-09 08:46 - 000000000 ____D C:\Program Files\Java
2020-12-09 06:02 - 2020-12-09 09:28 - 002288640 _____ (Farbar) C:\Users\Bluem\Desktop\FRST64.exe
2020-12-08 14:32 - 2020-12-09 05:24 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-08 14:32 - 2020-12-09 05:24 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-08 14:32 - 2020-12-09 05:24 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-08 14:32 - 2020-12-08 14:32 - 000000000 _SHDL C:\Users\Default User
2020-12-08 14:32 - 2020-12-08 14:32 - 000000000 _SHDL C:\Users\All Users
2020-12-08 14:32 - 2020-12-08 14:32 - 000000000 _SHDL C:\Documents and Settings
2020-12-08 14:32 - 2020-12-08 10:41 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-08 14:32 - 2020-12-08 10:41 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-08 14:27 - 2020-12-08 14:27 - 000561169 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2020-12-08 14:27 - 2020-12-08 14:27 - 000113697 _____ C:\WINDOWS\system32\Drivers\rtwavesvolpro.dat
2020-12-08 14:27 - 2020-12-08 14:27 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2020-12-08 14:27 - 2020-12-08 14:27 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2020-12-08 14:26 - 2020-12-09 09:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-08 14:26 - 2020-12-08 14:27 - 000000000 ____D C:\ProgramData\HP
2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\Program Files\Realtek
2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2020-12-08 14:26 - 2020-12-08 11:09 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-08 14:26 - 2020-12-08 11:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-08 14:26 - 2020-12-08 11:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-08 14:26 - 2020-12-08 10:55 - 000000000 ____D C:\Program Files\Intel
2020-12-08 14:26 - 2020-12-08 10:54 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2020-12-08 14:26 - 2020-12-08 10:54 - 000000000 ____D C:\Intel
2020-12-08 14:26 - 2018-12-19 02:27 - 000099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2020-12-08 14:24 - 2020-12-08 10:51 - 000000000 ____D C:\WINDOWS\Panther
2020-12-08 14:24 - 2020-12-08 10:32 - 000000000 ____D C:\Windows.old
2020-12-08 14:23 - 2020-12-08 14:23 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\winrm
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\WCN
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\slmgr
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\0409
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\Setup
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\OCR
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\DigitalLocker
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\addins
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\MSBuild
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-12-08 14:23 - 2020-12-08 10:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-12-08 14:22 - 2020-10-02 20:33 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-12-08 14:22 - 2020-10-02 20:33 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 14:21 - 2020-12-09 09:25 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-08 14:21 - 2020-12-09 08:07 - 000000000 ____D C:\WINDOWS\appcompat
2020-12-08 14:21 - 2020-12-09 05:24 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-08 14:21 - 2020-12-09 05:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-08 14:21 - 2020-12-08 14:32 - 000000000 ____D C:\WINDOWS\CSC
2020-12-08 14:21 - 2020-12-08 14:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-12-08 14:21 - 2020-12-08 14:24 - 000000000 ____D C:\WINDOWS\Containers
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\system32\dsc
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\setup
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\MUI
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Com
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\IME
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\Help
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows NT
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Common Files\System
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Windows NT
2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __SHD C:\Program Files\Windows Sidebar
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __RSD C:\WINDOWS\Media
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __RHD C:\Users\Public\Libraries
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\Nui
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\AppV
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Web
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\WaaS
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Vss
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\tracing
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\TAPI
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SystemApps
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\winevt
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ti-et
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ta-in
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\si-lk
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ras
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\my-mm
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Keywords
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\IME
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\icsxml
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ias
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\DriverState
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\downlevel
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\DDFs
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\am-et
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\System
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SKB
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\security
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\schemas
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SchCache
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Resources
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\rescache
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\RemotePackages
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Registration
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Provisioning
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\PLA
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Performance
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\ModemLogs
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\L2Schemas
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\InputMethod
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\IdentityCRL
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Globalization
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Cursors
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Branding
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\ProgramData\USOShared
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Windows Security
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Common Files\Services
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-12-08 14:21 - 2020-12-08 14:20 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2020-12-08 14:21 - 2020-12-08 14:20 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2020-12-08 14:21 - 2020-12-08 14:20 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-12-08 14:21 - 2020-12-08 14:20 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2020-12-08 14:21 - 2020-12-08 14:20 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2020-12-08 14:21 - 2020-12-08 14:20 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2020-12-08 14:21 - 2020-12-08 14:20 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2020-12-08 14:21 - 2020-12-08 14:20 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2020-12-08 14:21 - 2020-12-08 14:20 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2020-12-08 14:21 - 2020-12-08 14:20 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2020-12-08 14:21 - 2020-12-08 14:20 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2020-12-08 14:21 - 2020-12-08 14:20 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2020-12-08 14:21 - 2020-12-08 14:20 - 000000219 _____ C:\WINDOWS\system.ini
2020-12-08 14:21 - 2020-12-08 14:20 - 000000092 _____ C:\WINDOWS\win.ini
2020-12-08 14:21 - 2020-12-08 11:49 - 000000000 ___RD C:\Program Files (x86)
2020-12-08 14:21 - 2020-12-08 11:39 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-08 14:21 - 2020-12-08 10:53 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-12-08 14:21 - 2020-12-08 10:53 - 000000000 ____D C:\WINDOWS\ServiceState
2020-12-08 14:21 - 2020-12-08 10:37 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-12-08 14:21 - 2020-12-08 10:35 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-12-08 14:21 - 2020-12-08 10:33 - 000000000 ____D C:\WINDOWS\system32\spool
2020-12-08 14:21 - 2020-12-08 10:33 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-08 14:21 - 2018-12-19 02:27 - 000103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2020-12-08 14:20 - 2020-12-09 09:28 - 000000000 ____D C:\WINDOWS\INF
2020-12-08 14:17 - 2020-12-09 08:23 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-12-08 14:17 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\SMI
2020-12-08 14:17 - 2020-12-08 11:09 - 072876032 _____ C:\WINDOWS\system32\config\SOFTWARE
2020-12-08 14:17 - 2020-12-08 11:09 - 013631488 _____ C:\WINDOWS\system32\config\SYSTEM
2020-12-08 14:17 - 2020-12-08 11:09 - 002097152 _____ C:\WINDOWS\system32\config\DEFAULT
2020-12-08 14:17 - 2020-12-08 11:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-08 14:17 - 2020-12-08 11:09 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2020-12-08 14:17 - 2020-12-08 11:09 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2020-12-08 14:17 - 2020-12-08 10:52 - 000000000 ____D C:\WINDOWS\servicing
2020-12-08 14:17 - 2020-12-08 10:52 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-08 12:59 - 2020-12-08 12:59 - 000000050 _____ C:\Users\Bluem\Documents\GOD OF WAR NOTES.txt
2020-12-08 11:49 - 2020-12-08 11:49 - 000001303 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2020-12-08 11:49 - 2020-12-08 11:49 - 000001303 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\Users\Bluem\AppData\Local\Kaspersky Lab
2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-12-08 11:41 - 2020-12-08 11:41 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-12-08 11:41 - 2020-12-08 11:41 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-12-08 11:41 - 2020-12-08 11:41 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-12-08 11:40 - 2020-12-08 11:40 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-08 11:40 - 2020-12-08 11:40 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-08 11:40 - 2020-12-08 11:40 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-08 11:40 - 2020-12-08 11:40 - 000000000 ____D C:\Users\Bluem\AppData\Local\mbam
2020-12-08 11:39 - 2020-12-08 11:39 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-08 11:39 - 2020-12-08 11:39 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-08 11:39 - 2020-12-08 11:39 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-12-08 11:39 - 2020-12-08 11:39 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-08 11:39 - 2020-12-08 11:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-08 11:39 - 2020-12-08 11:39 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-08 11:37 - 2020-12-08 11:43 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-08 11:37 - 2020-12-08 11:43 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-08 11:37 - 2020-12-08 11:43 - 000000000 ____D C:\Users\Bluem\AppData\Local\Google
2020-12-08 11:37 - 2020-12-08 11:37 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-08 11:37 - 2020-12-08 11:37 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-08 11:37 - 2020-12-08 11:37 - 000002282 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-08 11:37 - 2020-12-08 11:37 - 000000000 ____D C:\Program Files\Google
2020-12-08 11:37 - 2020-12-08 11:37 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-08 11:32 - 2020-12-08 11:32 - 000196756 _____ C:\ProgramData\vpn.1607441536.bdinstall.v2.bin
2020-12-08 11:32 - 2020-12-08 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN
2020-12-08 11:32 - 2020-12-08 11:32 - 000000000 ____D C:\ProgramData\Bitdefender VPN
2020-12-08 11:32 - 2020-12-08 11:32 - 000000000 ____D C:\ProgramData\AnchorFree_Inc
2020-12-08 11:15 - 2020-12-08 11:15 - 000768664 _____ C:\ProgramData\cl.1607440354.bdinstall.v2.bin
2020-12-08 11:15 - 2020-12-08 11:15 - 000101428 _____ C:\ProgramData\cl.kit.1607440353.bdinstall.v2.bin
2020-12-08 11:15 - 2020-12-08 11:15 - 000003420 _____ C:\WINDOWS\system32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305
A3C
2020-12-08 11:15 - 2020-12-08 11:15 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2020-12-08 11:14 - 2020-12-08 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2020-12-08 11:14 - 2020-12-08 11:32 - 000002195 _____ C:\Users\Public\Desktop\Bitdefender VPN.lnk
2020-12-08 11:14 - 2020-12-08 11:32 - 000002195 _____ C:\ProgramData\Desktop\Bitdefender VPN.lnk
2020-12-08 11:14 - 2020-12-08 11:14 - 000002342 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2020-12-08 11:14 - 2020-12-08 11:14 - 000002342 _____ C:\ProgramData\Desktop\Bitdefender.lnk
2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\WINDOWS\system32\elambkup
2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\ProgramData\Gemma
2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\ProgramData\BDLogging
2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\ProgramData\Atc
2020-12-08 11:14 - 2019-03-20 23:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2020-12-08 11:13 - 2020-12-08 11:32 - 000000000 ____D C:\Program Files\Bitdefender
2020-12-08 11:13 - 2020-12-08 11:29 - 000000000 ____D C:\ProgramData\Bitdefender
2020-12-08 11:13 - 2020-12-08 11:13 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD398
64
2020-12-08 11:13 - 2020-12-08 11:13 - 000000000 ____D C:\Users\Bluem\AppData\Roaming\Bitdefender
2020-12-08 11:13 - 2020-09-16 12:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2020-12-08 11:13 - 2020-09-16 08:50 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2020-12-08 11:13 - 2020-09-14 13:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2020-12-08 11:13 - 2020-09-03 04:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2020-12-08 11:13 - 2020-06-09 16:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2020-12-08 11:13 - 2020-05-26 12:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2020-12-08 11:13 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2020-12-08 11:12 - 2020-12-08 11:13 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2020-12-08 11:11 - 2020-12-08 11:32 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-12-08 11:11 - 2020-12-08 11:11 - 000117484 _____ C:\ProgramData\agent.1607440293.bdinstall.v2.bin
2020-12-08 11:11 - 2020-12-08 11:11 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-12-08 11:10 - 2020-12-08 11:10 - 000020604 _____ C:\WINDOWS\system32\results.xml
2020-12-08 11:10 - 2020-12-08 11:10 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-12-08 11:10 - 2020-12-08 11:10 - 000000000 _____ C:\WINDOWS\SysWOW64\wsmand.log.lock
2020-12-08 11:09 - 2020-12-08 11:09 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-08 10:55 - 2020-12-08 10:55 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-08 10:55 - 2019-05-17 05:17 - 000002291 ____N C:\WINDOWS\system32\SetupBD.din
2020-12-08 10:54 - 2020-12-08 10:54 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-12-08 10:54 - 2020-12-08 10:54 - 000000000 ____D C:\Users\Bluem\AppData\Local\Comms
2020-12-08 10:53 - 2020-12-08 10:54 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-08 10:53 - 2020-12-08 10:53 - 000003738 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2020-12-08 10:53 - 2020-12-08 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2020-12-08 10:53 - 2020-12-08 10:53 - 000000000 ____D C:\ProgramData\Intel
2020-12-08 10:46 - 2020-12-08 10:46 - 000000000 ____D C:\Dell
2020-12-08 10:46 - 2020-12-08 10:46 - 000000000 _____ C:\WINDOWS\invcol.tmp
2020-12-08 10:44 - 2020-12-08 11:12 - 000000000 ____D C:\ProgramData\PCDr
2020-12-08 10:44 - 2020-12-08 10:53 - 000000000 ____D C:\ProgramData\Dell
2020-12-08 10:44 - 2020-12-08 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-12-08 10:44 - 2020-12-08 10:44 - 000003912 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\ProgramData\SupportAssist
2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\ProgramData\Dell Inc
2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\Program Files\Dell
2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\Program Files (x86)\Dell
2020-12-08 10:39 - 2020-12-08 10:55 - 000000000 ____D C:\Users\Bluem\AppData\Local\PlaceholderTileLogoFolder
2020-12-08 10:39 - 2020-12-08 10:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-08 10:39 - 2020-12-08 10:39 - 000000000 ___HD C:\OneDriveTemp
2020-12-08 10:39 - 2020-12-08 10:39 - 000000000 ___HD C:\$WinREAgent
2020-12-08 10:38 - 2020-12-08 11:10 - 000000000 ___RD C:\Users\Bluem\OneDrive
2020-12-08 10:38 - 2020-12-08 10:39 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3098683771-1714621788-1964174946-1001
2020-12-08 10:38 - 2020-12-08 10:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-12-08 10:37 - 2020-12-08 11:15 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-08 10:37 - 2020-12-08 11:10 - 000000000 __SHD C:\Users\Bluem\IntelGraphicsProfiles
2020-12-08 10:37 - 2020-12-08 11:09 - 000000000 ____D C:\Users\Bluem\AppData\Local\ConnectedDevicesPlatform
2020-12-08 10:37 - 2020-12-08 10:55 - 000000000 ____D C:\Users\Bluem\AppData\Local\Packages
2020-12-08 10:37 - 2020-12-08 10:55 - 000000000 ____D C:\ProgramData\Packages
2020-12-08 10:37 - 2020-12-08 10:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ___RD C:\Users\Bluem\3D Objects
2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ____D C:\Users\Bluem\AppData\Roaming\Adobe
2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ____D C:\Users\Bluem\AppData\Local\VirtualStore
2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ____D C:\Users\Bluem\AppData\Local\Publishers
2020-12-08 10:35 - 2020-12-08 10:39 - 000002367 _____ C:\Users\Bluem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-08 10:35 - 2020-12-08 10:38 - 000000000 ____D C:\Users\Bluem
2020-12-08 10:35 - 2020-12-08 10:35 - 000000020 ___SH C:\Users\Bluem\ntuser.ini
2020-12-08 10:14 - 2020-12-08 14:24 - 000000000 ___HD C:\$SysReset
2020-12-02 16:04 - 2020-02-20 13:02 - 000047920 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2020-12-02 14:15 - 2020-12-02 14:15 - 002755584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-02 14:15 - 2020-12-02 14:15 - 002755584 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-02 14:15 - 2020-12-02 14:15 - 002260480 ____N C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 001822272 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-02 14:15 - 2020-12-02 14:15 - 001393496 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-02 14:15 - 2020-12-02 14:15 - 001333248 ____N C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000363520 ____N C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000287232 ____N C:\WINDOWS\system32\CoreMas.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000266240 ____N C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000240640 ____N C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000165376 ____N C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-02 14:15 - 2020-12-02 14:15 - 000089088 ____N C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000073216 ____N C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000060928 ____N C:\WINDOWS\system32\runexehelper.exe
2020-12-02 14:15 - 2020-12-02 14:15 - 000048640 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000039936 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-02 14:15 - 2020-12-02 14:15 - 000013312 ____N C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-02 14:15 - 2020-12-02 14:15 - 000010890 ____N C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-02 14:15 - 2020-12-02 14:15 - 000010752 ____N C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-02 14:15 - 2020-12-02 14:15 - 000001370 ____N C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
ADDITION LOG:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2020
Ran by Bluem (09-12-2020 09:30:24)
Running from C:\Users\Bluem\Desktop
Windows 10 Pro Version 20H2 19042.662 (X64) (2020-12-08 14:32:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3098683771-1714621788-1964174946-500 - Administrator - Disabled)
Bluem (S-1-5-21-3098683771-1714621788-1964174946-1001 - Administrator - Enabled) => C:\Users\Bluem
DefaultAccount (S-1-5-21-3098683771-1714621788-1964174946-503 - Limited - Disabled)
Guest (S-1-5-21-3098683771-1714621788-1964174946-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3098683771-1714621788-1964174946-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 25.0.7.34 - Bitdefender)
Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 25.0.1.24 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.74 - Piriform)
Dell SupportAssist (HKLM\...\{684820E8-F6AA-4162-A547-317DA6BED1FB}) (Version: 3.8.0.108 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{4e75a24b-6cc4-4a46-accf-525f8a08c533}) (Version: 10.1.1.18 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.57 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3098683771-1714621788-1964174946-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)
Packages:
=========
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.8.0_x64__htrsf667h5kn2 [2020-12-08] (Dell Inc)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-12-08] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0 [2020-12-08] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-08] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-12-01 04:14 - 2020-12-01 04:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-10-02] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-10-02] (Bitdefender SRL ->