Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.02.2024 Ran by kirut (administrator) on KIRUTHICK (HP HP Laptop 15s-dy3xxx) (26-02-2024 13:43:56) Running from C:\Users\kirut\OneDrive\Desktop\FRST64.exe Loaded Profiles: kirut Platform: Microsoft Windows 11 Pro Version 23H2 22631.3155 (X64) Language: English (United States) Default browser: Opera Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe (C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe (DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe (DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\BridgeCommunication.exe (DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessHelper.exe (ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe (explorer.exe ->) () [File not signed] D:\Deluge\deluge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe (services.exe ->) (Cloudflare, Inc. -> ) C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe (services.exe ->) (Datronicsoft Inc. -> ) C:\Windows\System32\spacedeskService.exe (services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_fe3afc9d28b2c978\x64\TouchpointAnalyticsClientService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\AppHelperCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\DiagsCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\NetworkCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\SysInfoCap.exe (services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_74e28d819fb21cc3\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7f680e39d88878f3\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\TPMProvisioningService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe <2> (services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe (spacedeskService.exe ->) (Datronicsoft Inc. -> datronicsoft) C:\Windows\System32\spacedeskServiceTray.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe [1923384 2023-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1617960 2023-12-05] (Intel Corporation -> Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-11-18] (Adobe Inc. -> Adobe Systems Inc.) [File not signed] HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [MicrosoftEdgeAutoLaunch_5A405133DC4C6677E49B0F48575D4760] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [Opera GX Stable] => C:\Users\kirut\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-18] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\kirut\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\kirut\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-09-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-13] (Google LLC -> Google, Inc.) HKU\S-1-5-21-136647911-281101410-283195180-1001\...\Run: [USB Raptor] => C:\Users\kirut\OneDrive\Desktop\USB Raptor.exe [12877824 2022-10-09] (Hand Water Pump - Nikos Georgousis) [File not signed] HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-11-12] (Adobe Inc. -> Adobe Systems Inc) Startup: C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Deluge.lnk [2023-12-11] ShortcutTarget: Deluge.lnk -> D:\Deluge\deluge.exe () [File not signed] Startup: C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-02-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare WARP.lnk [2024-01-05] ShortcutTarget: Cloudflare WARP.lnk -> C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (Cloudflare, Inc. -> Cloudflare) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {908CCA1F-4979-46A7-B453-5BCF228A8B1D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (No File) Task: {AC5C3597-7F59-4C92-90EE-FF4B0681EDB8} - System32\Tasks\Deluge => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge\Deluge.lnk [567 2024-02-19] () [File not signed] Task: {6A720A9C-1BB1-4979-9EE3-7A14F9984602} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-10-30] (Google LLC -> Google LLC) Task: {B3F7377A-B6C8-4BF3-A3E5-7B50D5EB4EA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-10-30] (Google LLC -> Google LLC) Task: {96EA719D-6BBA-4AB0-89ED-C44A589F3F35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-01-04] (HP Inc. -> HP Inc.) Task: {B23A3882-7BC4-4373-BCCA-0527F15C9020} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-01-04] (HP Inc. -> HP Inc.) Task: {470A3AA6-AF6C-47E5-8960-46A215EC2C23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-01-04] (HP Inc. -> HP Inc.) Task: {FC50CBFE-647D-4A5E-A7DD-657D63B50FDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-01-04] (HP Inc. -> HP Inc.) Task: {C422EE23-BE92-4582-845F-53907565FC5E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation) Task: {83F59E07-3D1A-47FF-973C-1E5C4F801EAD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation) Task: {8E162545-BB39-4075-964A-13A831F24635} - System32\Tasks\IPVanish => C:\Program Files\IPVanish VPN\IPVanish.exe --taskscheduler (No File) Task: {66BFF387-EBE7-4B0A-914A-DF075C4BDA42} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File) Task: {A2248473-63E9-4E45-89B8-97EDDFBCEAD0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {5A32B06C-0C9E-4132-AE22-8D0631C32C75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {8A96BF89-A03B-4EF1-8391-34C67E9B511B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) Task: {E0AF053B-729B-440B-8961-0ECCA2164A56} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) Task: {E6BF3E99-A011-4BC2-993F-3E96D3355627} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {48A6130A-FA29-430F-B01D-BB978CED0AF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FB3987CB-6B13-48D0-805E-29DFB6475CE8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {50D94653-CD8F-483D-9795-F790306AF192} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C317D33D-A6C8-489C-9D35-6711B608FB82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BA4BE466-D47F-4366-A4DC-43377E134FFD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (No File) Task: {789EBCC7-A922-4372-8BD2-C761A7377D54} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) Task: {E426EEBA-C440-43F9-9701-C944DC2ABB59} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-136647911-281101410-283195180-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) Task: {F473494D-8CF0-422E-8CC5-4D3CE3FBD5EB} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1693352096 => C:\Users\kirut\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-18] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\kirut\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {D4D3A6AB-8C0F-45A2-8B17-0C9D9A718543} - System32\Tasks\Opera GX scheduled Autoupdate 1691995316 => C:\Users\kirut\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-18] (Opera Norway AS -> Opera Software) Task: {17FC75A8-F355-4F34-A029-58AD1D776C2C} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [200704 2023-12-04] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 172.16.16.200 172.16.16.253 Tcpip\..\Interfaces\{924d9ec2-8160-414f-a1ea-a1750f475830}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [NameServer] 127.0.2.2,127.0.2.3 Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [DhcpNameServer] 172.16.16.200 172.16.16.253 Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}: [DhcpDomain] tips.edu Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\4594053534243554: [DhcpNameServer] 172.16.16.200 172.16.16.253 Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\4594053534243554: [DhcpDomain] tips.edu Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\4594053554D29424: [NameServer] 127.0.2.2,127.0.2.3 Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\4594053554D29424: [DhcpNameServer] 172.16.16.200 172.16.16.253 Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\4594053554D29424: [DhcpDomain] tips.edu Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\459405359424: [DhcpNameServer] 172.16.16.200 172.16.16.253 Tcpip\..\Interfaces\{9df69d26-ee5b-45c5-ab50-63e0bbdf5701}\459405359424: [DhcpDomain] tips.edu Tcpip\..\Interfaces\{b6d87101-41ed-4d2e-879c-13e89c1a0301}: [DhcpNameServer] 218.248.112.65 218.248.112.1 Tcpip\..\Interfaces\{db484304-db04-6aa0-a33d-7236836b364d}: [NameServer] 127.0.2.2,127.0.2.3 Tcpip\..\Interfaces\{e8f43b21-f6be-43e8-8e80-1ae36480cea0}: [NameServer] 127.0.2.2,127.0.2.3 Edge: ======= Edge Profile: C:\Users\kirut\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-26] Edge Extension: (Google Docs Offline) - C:\Users\kirut\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-20] Edge Extension: (Edge relevant text changes) - C:\Users\kirut\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26] FireFox: ======== FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-11-12] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @java.com/DTPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-31] (VideoLAN -> VideoLAN) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-11-12] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] Opera: ======= OPR Profile: C:\Users\kirut\AppData\Roaming\Opera Software\Opera Stable [2023-08-14] OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding} OPR DefaultSearchKeyword: Opera Stable -> g OPR Extension: (Rich Hints Agent) - C:\Users\kirut\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-06] OPR Extension: (Opera Wallet) - C:\Users\kirut\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-03] OPR Extension: (Office - Enable Copy and Paste) - C:\Users\kirut\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-08-07] OPR Extension: (Aria) - C:\Users\kirut\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-28] StartMenuInternet: (HKU\S-1-5-21-136647911-281101410-283195180-1001) Opera GXStable - "C:\Users\kirut\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2023-12-26] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) R2 CloudflareWARP; C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe [26028608 2024-01-03] (Cloudflare, Inc. -> ) R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2023-09-25] (Intel Corporation -> Intel) R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [240392 2023-09-25] (Intel Corporation -> Intel) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-06-26] (EasyAntiCheat Oy -> Epic Games, Inc) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-11-29] (EasyAntiCheat Oy -> Epic Games, Inc.) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\AppHelperCap.exe [891440 2024-01-26] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\DiagsCap.exe [890304 2024-01-26] (HP Inc. -> HP Inc.) R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\NetworkCap.exe [886832 2024-01-26] (HP Inc. -> HP Inc.) R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\SysInfoCap.exe [890816 2024-01-26] (HP Inc. -> HP Inc.) R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_fe3afc9d28b2c978\x64\TouchpointAnalyticsClientService.exe [493296 2023-11-20] (HP Inc. -> HP Inc.) R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1656360 2023-12-05] (Intel Corporation -> Intel Corporation) R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2024-01-14] (Intel Corporation -> Intel) R2 IntelContextService; C:\WINDOWS\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe [148920 2020-10-23] (Intel(R) pGFX 2020 -> Intel Corp) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-11-22] (Malwarebytes Inc. -> Malwarebytes) S3 mc-wps-secdashboardservice; C:\Program Files (x86)\HP\HP Support Framework\Resources\mc-wps-secdashboardservice.exe [1204608 2024-01-04] (McAfee, LLC -> McAfee, LLC) S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [30059792 2023-06-27] (VK Play LLC -> VK Play LLC) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-17] (Microsoft Corporation -> Microsoft Corporation) R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [18532608 2024-02-23] (Logitech Inc -> Logitech, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534592 2023-12-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 spacedeskService; C:\WINDOWS\System32\spacedeskService.exe [4792800 2022-11-03] (Datronicsoft Inc. -> ) S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5964328 2023-06-29] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [312832 2024-02-04] (Microsoft Corporation -> ) R2 WSLService; C:\Program Files\WSL\wslservice.exe [6282168 2023-12-01] (Microsoft Corporation -> Microsoft Corporation) S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [12311392 2023-06-29] (KRAFTON, Inc. -> KRAFTON, Inc) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> ) S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [154504 2022-06-02] (Alcorlink Corp. -> ) S3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44576 2024-02-23] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218592 2024-02-23] (Microsoft Windows -> Microsoft Corporation) R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) S3 GSCAuxDriver; C:\WINDOWS\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_47dea9773e9dfab7\GSCAuxDriverx64.sys [79616 2021-11-27] (Intel Corporation -> Intel Corporation) S3 GSCx64; C:\WINDOWS\System32\DriverStore\FileRepository\gscheci.inf_amd64_1027aa064fe1f3f7\TeeDriverGSCW8x64.sys [260400 2021-11-27] (Intel Corporation -> Intel Corporation) R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.) S3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_fc1ed3a5a1d514f2\iaLPSS2_SPI_TGL.sys [158352 2021-07-19] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_UART2_SYSTEM; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2.inf_amd64_246791019c0b3c8d\iaLPSS2_UART2.sys [395928 2024-01-14] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_cd8c3a141c1b1284\iaLPSS2_UART2_TGL.sys [313504 2021-07-19] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1605320 2024-01-14] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2024-01-14] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_6f93b7542fd3ead9\gna.sys [88656 2024-01-14] (Intel Corporation -> Intel Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222784 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-11-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2023-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKslfb25f410; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A071212A-E996-4DC4-A2C1-57329E1233D6}\MpKslDrv.sys [272664 2024-02-26] (Microsoft Windows -> Microsoft Corporation) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [29287768 2023-06-27] (My.Com B.V. -> My.com B.V.) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> ) S3 spacedeskDriverBus; C:\WINDOWS\System32\drivers\spacedeskDriverBus.sys [108480 2022-11-04] (Datronicsoft Inc. -> datronicsoft Inc.) S3 spacedeskKtmInputMouse; C:\WINDOWS\System32\drivers\spacedeskKtmInputMouse.sys [42448 2022-11-04] (Datronicsoft Inc. -> ) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> ) R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> ) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-03-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [251776 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates) S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2024-02-23] (Microsoft Windows -> ) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation) R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2023-12-13] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP) S3 xhunter1; C:\WINDOWS\xhunter1.sys [1447240 2023-07-06] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 MpKslf8c5f79a; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41F2031B-7274-4CCC-8A0E-B08C8EA14F61}\MpKslDrv.sys [X] S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-02-26 13:43 - 2024-02-26 13:45 - 000034968 _____ C:\Users\kirut\OneDrive\Desktop\FRST.txt 2024-02-26 13:43 - 2024-02-26 13:44 - 000000000 ____D C:\FRST 2024-02-26 13:39 - 2024-02-26 13:40 - 002386944 _____ (Farbar) C:\Users\kirut\OneDrive\Desktop\FRST64.exe 2024-02-26 13:37 - 2024-02-26 13:37 - 000000000 ____D C:\WINDOWS\ABR 2024-02-26 12:13 - 2024-02-26 12:59 - 000000000 ____D C:\Users\kirut\OneDrive\Desktop\AutoLogger 2024-02-26 12:12 - 2024-02-26 12:12 - 018200455 _____ C:\Users\kirut\Downloads\AutoLogger.zip 2024-02-26 12:11 - 2024-02-26 12:11 - 000000036 _____ C:\Users\kirut\AppData\Local\housecall.guid.cache 2024-02-26 12:07 - 2024-02-26 12:07 - 003333936 _____ (Trend Micro Inc.) C:\Users\kirut\Downloads\HousecallLauncher64.exe 2024-02-26 11:18 - 2024-02-26 11:19 - 002179908 _____ C:\WINDOWS\Minidump\022624-11359-01.dmp 2024-02-26 11:18 - 2024-02-26 11:19 - 000000000 ____D C:\WINDOWS\Minidump 2024-02-26 11:18 - 2024-02-26 11:18 - 1643449421 _____ C:\WINDOWS\MEMORY.DMP 2024-02-26 10:52 - 2024-02-26 10:52 - 000028197 _____ C:\Users\kirut\Downloads\download (2).php 2024-02-26 10:52 - 2024-02-26 10:52 - 000028197 _____ C:\Users\kirut\Downloads\download (1).php 2024-02-26 10:50 - 2024-02-26 10:50 - 000028197 _____ C:\Users\kirut\Downloads\download.php 2024-02-26 10:30 - 2024-02-26 10:30 - 000388608 _____ (Trend Micro Inc.) C:\Users\kirut\Downloads\HijackThis.exe 2024-02-26 10:24 - 2024-02-26 10:58 - 000000398 _____ C:\Users\kirut\OneDrive\Desktop\WhatIsHang.cfg 2024-02-26 10:23 - 2015-02-04 08:40 - 000130144 _____ (NirSoft) C:\Users\kirut\OneDrive\Desktop\WhatIsHang.exe 2024-02-26 10:22 - 2024-02-26 10:22 - 000076723 _____ C:\Users\kirut\Downloads\whatishang-x64.zip 2024-02-26 10:02 - 2024-02-26 10:09 - 000000000 ____D C:\WINDOWS\Panther 2024-02-26 09:49 - 2024-02-26 09:49 - 000240189 _____ C:\Users\kirut\Downloads\0610_m21_ms_42.pdf 2024-02-26 09:39 - 2024-02-26 09:39 - 000000218 _____ C:\Users\kirut\AppData\Local\recently-used.xbel 2024-02-26 09:10 - 2024-02-26 09:10 - 018368405 _____ (Company © regist & Drongo) C:\Users\kirut\OneDrive\Desktop\AutoLogger.exe 2024-02-23 16:44 - 2024-02-23 16:44 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2024-02-23 16:43 - 2024-02-23 16:44 - 000000000 ____D C:\Program Files\LogiOptionsPlus 2024-02-23 16:43 - 2024-02-23 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi 2024-02-23 16:42 - 2024-02-23 16:42 - 000000020 ___SH C:\Users\kirut\ntuser.ini 2024-02-23 16:28 - 2024-02-26 11:23 - 000850380 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-02-23 16:28 - 2024-02-23 16:28 - 000000400 __RSH C:\ProgramData\ntuser.pol 2024-02-23 16:27 - 2024-02-26 13:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-02-23 16:27 - 2024-02-23 16:27 - 000011433 _____ C:\WINDOWS\diagwrn.xml 2024-02-23 16:27 - 2024-02-23 16:27 - 000011433 _____ C:\WINDOWS\diagerr.xml 2024-02-23 16:27 - 2024-02-23 16:27 - 000003756 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1693352096 2024-02-23 16:27 - 2024-02-23 16:27 - 000003496 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1691995316 2024-02-23 16:27 - 2024-02-23 16:27 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2024-02-23 16:27 - 2024-02-23 16:27 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-02-23 16:27 - 2024-02-23 16:27 - 000003356 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2024-02-23 16:27 - 2024-02-23 16:27 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-02-23 16:27 - 2024-02-23 16:27 - 000003132 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2024-02-23 16:27 - 2024-02-23 16:27 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-136647911-281101410-283195180-1001 2024-02-23 16:27 - 2024-02-23 16:27 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2024-02-23 16:27 - 2024-02-23 16:27 - 000002970 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 2024-02-23 16:27 - 2024-02-23 16:27 - 000002746 _____ C:\WINDOWS\system32\Tasks\IPVanish 2024-02-23 16:27 - 2024-02-23 16:27 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2024-02-23 16:27 - 2024-02-23 16:27 - 000002678 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK 2024-02-23 16:27 - 2024-02-23 16:27 - 000002604 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon 2024-02-23 16:27 - 2024-02-23 16:27 - 000002428 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner 2024-02-23 16:27 - 2024-02-23 16:27 - 000002096 _____ C:\WINDOWS\system32\Tasks\Deluge 2024-02-23 16:27 - 2024-02-23 16:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel 2024-02-23 16:27 - 2024-02-23 16:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP 2024-02-23 16:27 - 2024-02-23 16:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard 2024-02-23 16:27 - 2024-02-23 16:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\FxSound 2024-02-23 16:24 - 2024-02-23 16:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network 2024-02-23 16:23 - 2024-02-26 13:42 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK 2024-02-23 16:23 - 2024-02-26 13:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-02-23 16:23 - 2024-02-23 16:23 - 000522752 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-02-23 16:15 - 2024-02-23 16:23 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Crypto 2024-02-23 16:15 - 2024-02-23 16:15 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\SystemCertificates 2024-02-23 16:15 - 2024-02-23 16:15 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Network 2024-02-23 16:12 - 2024-02-23 16:23 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2024-02-23 16:11 - 2024-02-26 13:41 - 000000000 ____D C:\Users\kirut 2024-02-23 16:11 - 2024-02-23 16:44 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Windows 2024-02-23 16:11 - 2024-02-23 16:23 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Spelling 2024-02-23 16:11 - 2024-02-23 16:11 - 000000000 ____D C:\WINDOWS\Firmware 2024-02-23 16:10 - 2024-02-23 16:12 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2024-02-23 16:05 - 2024-02-23 16:05 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-02-23 16:05 - 2024-02-23 16:05 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-02-23 16:03 - 2024-02-23 16:09 - 000000000 ____D C:\Program Files\Hyper-V 2024-02-23 16:03 - 2024-02-23 16:03 - 000000000 ____D C:\WINDOWS\system32\BestPractices 2024-02-23 16:01 - 2024-02-23 16:09 - 000000000 ____D C:\WINDOWS\system32\ta-in 2024-02-23 16:01 - 2024-02-23 16:09 - 000000000 ____D C:\WINDOWS\system32\en-IN 2024-02-23 16:00 - 2024-02-23 16:00 - 000000000 ____D C:\Program Files\CMAK 2024-02-23 16:00 - 2024-02-23 16:00 - 000000000 ____D C:\Program Files (x86)\CMAK 2024-02-23 15:59 - 2024-02-23 15:59 - 000000000 ____D C:\Program Files\Reference Assemblies 2024-02-23 15:59 - 2024-02-23 15:59 - 000000000 ____D C:\Program Files\MSBuild 2024-02-23 15:59 - 2024-02-23 15:59 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2024-02-23 15:59 - 2024-02-23 15:59 - 000000000 ____D C:\Program Files (x86)\MSBuild 2024-02-23 15:48 - 2024-02-23 15:48 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2024-02-22 19:46 - 2024-02-23 16:56 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Corsair 2024-02-22 19:44 - 2024-02-22 19:44 - 003390024 _____ (Corsair) C:\Users\kirut\Downloads\Install iCUE.exe 2024-02-22 18:58 - 2024-02-22 20:27 - 000000000 ____D C:\ESD 2024-02-22 18:57 - 2024-02-22 18:57 - 000000000 ___HD C:\$Windows.~WS 2024-02-22 18:24 - 2024-02-22 20:05 - 000000000 ___HD C:\$SysReset 2024-02-22 11:13 - 2024-02-22 11:13 - 000000072 _____ C:\WINDOWS\system32\AdsInfoCls 2024-02-21 20:48 - 2024-02-21 20:48 - 000148890 _____ C:\Users\kirut\OneDrive\Desktop\Binder1.pdf 2024-02-21 13:28 - 2024-02-21 13:30 - 011016264 _____ (Google LLC) C:\Users\kirut\Downloads\Install-GooglePlayGames-Beta.exe 2024-02-21 11:51 - 2024-02-21 11:51 - 000000930 _____ C:\Users\kirut\OneDrive\Desktop\Splinter Cell - Blacklist.lnk 2024-02-21 11:51 - 2024-02-21 11:51 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Splinter Cell - Blacklist 2024-02-19 06:15 - 2024-02-20 19:48 - 016797696 ____H C:\Users\kirut\Downloads\.18cbe74b9ad52560d959b72fff779c1edcb5b221.parts 2024-02-17 16:15 - 2024-02-17 16:15 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2024-02-17 12:16 - 2024-02-17 12:16 - 000609677 _____ C:\Users\kirut\Downloads\Steamless.v3.1.0.3.-.by.atom0s.zip 2024-02-17 12:09 - 2024-02-17 12:09 - 000100784 _____ C:\Users\kirut\Downloads\18CBE74B9AD52560D959B72FFF779C1EDCB5B221.torrent 2024-02-15 18:30 - 2024-02-15 18:31 - 007932765 _____ C:\Users\kirut\Downloads\S40R_Update_1385_2075.zip 2024-02-15 09:51 - 2024-02-13 10:24 - 000094333 _____ C:\Users\kirut\OneDrive\Documents\0625-IGCSE-Formula-List (1).pdf 2024-02-14 14:18 - 2024-02-26 13:42 - 000000000 ____D C:\Users\kirut\AppData\Local\LogiOptionsPlus 2024-02-14 14:18 - 2024-02-23 17:21 - 000000000 ____D C:\Users\kirut\AppData\Roaming\logioptionsplus 2024-02-14 14:05 - 2024-02-14 14:18 - 000000000 ____D C:\ProgramData\LogiOptionsPlus 2024-02-14 14:03 - 2024-02-14 14:05 - 030283008 _____ (Logitech, Inc.) C:\Users\kirut\Downloads\logioptionsplus_installer.exe 2024-02-14 14:00 - 2024-02-14 14:00 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Logitech 2024-02-14 14:00 - 2024-02-14 14:00 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Logishrd 2024-02-14 13:59 - 2024-02-14 13:59 - 001115912 _____ (Logitech Inc.) C:\Users\kirut\Downloads\ConnectUtility_2.20.28_Logitech.exe 2024-02-14 13:53 - 2024-02-23 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2024-02-14 13:53 - 2024-02-15 09:24 - 000000000 ____D C:\ProgramData\LogiShrd 2024-02-14 13:53 - 2024-02-14 13:53 - 000000000 ____D C:\Program Files\Common Files\LogiShrd 2024-02-14 13:52 - 2024-02-14 13:53 - 004153496 _____ ($Co_Name Inc.) C:\Users\kirut\Downloads\unifying252.exe 2024-02-14 10:30 - 2024-02-17 12:39 - 000000853 _____ C:\Users\kirut\OneDrive\Desktop\Future Soldier.exe - Shortcut.lnk 2024-02-14 06:31 - 2024-02-14 06:31 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Ubisoft 2024-02-14 06:31 - 2024-02-14 06:31 - 000000000 ____D C:\Users\kirut\AppData\Local\storage 2024-02-14 06:31 - 2024-02-14 06:31 - 000000000 ____D C:\Users\kirut\AppData\Local\PunkBuster 2024-02-13 10:23 - 2024-02-15 12:49 - 000140143 _____ C:\Users\kirut\Downloads\0625-IGCSE-Formula-List (1).pdf 2024-02-13 05:15 - 2024-02-13 07:43 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Motrix 2024-02-12 21:25 - 2024-02-12 21:25 - 000027319 _____ C:\Users\kirut\Downloads\F59069BB1BDA326C007A555338163EB85EB864A7.torrent 2024-02-12 21:14 - 2024-02-12 21:14 - 000038903 _____ C:\Users\kirut\Downloads\Tom.Clancys.Ghost.Recon.Future.Soldier.v1.8-Repack.torrent 2024-02-12 21:07 - 2024-02-23 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2024-02-12 21:07 - 2024-02-12 21:07 - 000000000 ____D C:\Program Files\7-Zip 2024-02-12 07:09 - 2024-02-23 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Ghost Recon [GOG.com] 2024-02-12 07:06 - 2024-02-23 16:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Mods 2024-02-12 07:06 - 2024-02-23 16:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Data 2024-02-12 06:48 - 2024-02-12 06:48 - 000055120 _____ C:\Users\kirut\Downloads\tom-clancys-ghost-recon-future-soldier-bljm-60219_archive.torrent 2024-02-10 20:46 - 2024-02-23 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spec Ops - The Line [GOG.com] 2024-02-10 14:34 - 2024-02-06 14:34 - 000052618 _____ C:\Users\kirut\OneDrive\Desktop\March 24_Cambridge Exams.pdf 2024-02-09 18:30 - 2024-02-09 18:30 - 000000000 ____D C:\Users\kirut\AppData\Local\GOG.com 2024-02-09 18:00 - 2024-02-09 18:00 - 000000000 ____D C:\Users\kirut\AppData\Local\FMF2 2024-02-09 09:46 - 2024-02-09 09:48 - 007153881 _____ C:\Users\kirut\Downloads\wifiguard_windows_portable.zip 2024-02-07 06:39 - 2024-02-07 06:39 - 000322461 _____ C:\Users\kirut\Downloads\October-November-2018-V1.pdf 2024-02-06 10:27 - 2024-02-16 08:38 - 002117338 _____ C:\Users\kirut\Downloads\IGCSE-Maths-Formula-Sheet.pdf 2024-02-06 09:11 - 2024-02-06 09:14 - 002911722 _____ C:\Users\kirut\OneDrive\Documents\caie-igcse-mathematics-0580-theory-v6.pdf 2024-02-04 19:35 - 2024-02-04 19:37 - 002350696 _____ C:\Users\kirut\Downloads\snapchat-12.71.0.30.apk.opdownload 2024-02-04 19:32 - 2024-02-04 19:52 - 019688995 _____ C:\Users\kirut\Downloads\snapchat.apk 2024-02-04 19:30 - 2024-02-04 19:37 - 015905173 _____ C:\Users\kirut\Downloads\com.snapchat.android_12.73.0.36_Beta-114422_minAPI21(arm64-v8a,armeabi-v7a)(nodpi)_apkmirror.com.apk.opdownload 2024-02-04 18:04 - 2024-02-04 18:04 - 000003499 _____ C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Appstore.lnk 2024-02-04 18:03 - 2024-02-04 18:03 - 000221427 _____ C:\Users\kirut\Downloads\com-snapchat-android-500003-64939361-4ed9778e0ae2db28bf01081a07535cb0.apk 2024-02-04 18:03 - 2024-02-04 18:03 - 000000000 ____D C:\Users\kirut\.android 2024-02-04 17:54 - 2024-02-04 17:58 - 1470977334 _____ C:\Users\kirut\Downloads\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_neutral_~_8wekyb3d8bbwe.Msixbundle 2024-02-04 17:42 - 2024-02-04 17:42 - 000000000 ____D C:\Users\kirut\AppData\Roaming\czdownloader 2024-02-03 19:53 - 2024-02-03 19:53 - 000020127 _____ C:\Users\kirut\Downloads\www.1TamilMV.world - Ayalaan (2024) Tamil WEB-DL - 1080p - AVC - (AAC 2.0) - 3.8GB - HC-ESub.mkv (1).torrent 2024-02-03 19:53 - 2024-02-03 19:53 - 000015746 _____ C:\Users\kirut\Downloads\www.1TamilMV.world - Ayalaan (2024) Tamil WEB-DL - 480p - AVC - (AAC 2.0) - 1.4GB - HC-ESub.mkv.torrent 2024-02-03 19:49 - 2024-02-03 19:49 - 000020127 _____ C:\Users\kirut\Downloads\www.1TamilMV.world - Ayalaan (2024) Tamil WEB-DL - 1080p - AVC - (AAC 2.0) - 3.8GB - HC-ESub.mkv.torrent 2024-02-03 18:01 - 2024-02-03 18:01 - 000000000 ____D C:\Users\kirut\AppData\Roaming\RenPy 2024-02-03 14:48 - 2024-02-03 14:48 - 000000000 ____D C:\Users\kirut\AppData\LocalLow\Codebyfire Ltd 2024-02-03 14:46 - 2024-02-03 14:46 - 000000000 ____D C:\ProgramData\GOG.com 2024-02-03 14:04 - 2024-02-03 14:22 - 341297589 _____ C:\Users\kirut\Downloads\game-the.colonists-(70451) (1).rar 2024-02-03 13:44 - 2024-02-03 13:44 - 000000000 ____D C:\Users\kirut\AppData\Local\PeerDistRepub 2024-02-03 11:07 - 2024-02-03 11:10 - 000000000 ____D C:\WINDOWS\CSC 2024-02-02 06:01 - 2024-02-23 16:23 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2024-02-02 06:01 - 2024-02-02 06:01 - 000000040 ____H C:\96394BAB4A1D 2024-02-02 06:00 - 2024-02-02 06:00 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2024-02-02 06:00 - 2024-02-02 06:00 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2024-02-02 06:00 - 2024-02-02 06:00 - 000000000 ____D C:\Program Files (x86)\Adobe 2024-02-02 05:47 - 2024-02-02 05:52 - 937058122 _____ C:\Users\kirut\Downloads\Adobe Acrobat Pro DC 2021.zip 2024-02-02 05:38 - 2024-02-02 05:44 - 403850876 _____ C:\Users\kirut\Downloads\_Getintopc.com_Adobe_Acrobat_Pro_DC_2021.001.20138_Update_Only.rar 2024-02-02 05:24 - 2024-01-05 17:19 - 000047240 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys 2024-02-01 20:01 - 2024-02-01 20:01 - 000000000 ____D C:\ProgramData\FxSound 2024-02-01 19:55 - 2024-02-01 20:00 - 000000000 ____D C:\Users\kirut\AppData\Roaming\FxSound 2024-02-01 19:55 - 2024-02-01 19:55 - 000000000 ____D C:\Users\kirut\AppData\Local\AdvinstAnalytics 2024-02-01 17:37 - 2023-07-26 19:39 - 000979080 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll 2024-02-01 17:37 - 2023-07-26 19:39 - 000737808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll 2024-02-01 17:37 - 2023-07-26 19:39 - 000549760 _____ (Intel) C:\WINDOWS\system32\libvpl.dll 2024-02-01 17:37 - 2023-07-26 19:39 - 000488960 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll 2024-02-01 17:37 - 2023-07-26 19:38 - 000621744 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll 2024-02-01 17:37 - 2023-07-26 19:38 - 000521632 _____ C:\WINDOWS\SysWOW64\IntelControlLib32.dll 2024-02-01 17:37 - 2023-07-26 19:38 - 000480656 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll 2024-02-01 17:37 - 2023-07-26 19:37 - 002209272 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2024-02-01 17:37 - 2023-07-26 19:37 - 002209272 _____ C:\WINDOWS\system32\vulkaninfo.exe 2024-02-01 17:37 - 2023-07-26 19:37 - 001643504 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2024-02-01 17:37 - 2023-07-26 19:37 - 001643504 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2024-02-01 17:37 - 2023-07-26 19:37 - 001506800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2024-02-01 17:37 - 2023-07-26 19:37 - 001506800 _____ C:\WINDOWS\system32\vulkan-1.dll 2024-02-01 17:37 - 2023-07-26 19:37 - 001239536 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2024-02-01 17:37 - 2023-07-26 19:37 - 001239536 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2024-02-01 17:37 - 2023-07-26 19:37 - 000522744 _____ C:\WINDOWS\system32\ze_tracing_layer.dll 2024-02-01 17:37 - 2023-07-26 19:37 - 000462872 _____ C:\WINDOWS\system32\ze_loader.dll 2024-02-01 17:37 - 2023-07-26 19:37 - 000313240 _____ C:\WINDOWS\system32\ze_validation_layer.dll 2024-02-01 17:37 - 2023-07-26 19:36 - 027983816 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll 2024-02-01 17:37 - 2023-07-26 19:36 - 020707776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll 2024-02-01 17:36 - 2023-07-26 19:36 - 000304352 _____ C:\WINDOWS\system32\ControlLib.dll 2024-02-01 17:36 - 2023-07-26 19:36 - 000252656 _____ C:\WINDOWS\SysWOW64\ControlLib32.dll 2024-02-01 15:25 - 2024-02-01 15:26 - 000113742 _____ C:\Users\kirut\AppData\LocalLow\8aec51ab7983895138d4494855a6a33d93e1c8305cb6eddb0c17a28bf9ce0249 2024-02-01 15:25 - 2024-02-01 15:26 - 000000130 _____ C:\Users\kirut\AppData\LocalLow\1dad281c1ff8064658fb0f5f5724c0ad7166dc1cd19f8ae1775f9e5758139caf 2024-02-01 13:59 - 2024-02-01 13:59 - 000000000 ____D C:\Users\kirut\AppData\Local\glasswire 2024-02-01 13:58 - 2024-02-01 13:59 - 000000000 ____D C:\ProgramData\glasswire 2024-02-01 09:34 - 2024-02-23 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2024-02-01 09:34 - 2024-02-01 09:34 - 002220768 _____ (CPUID, Inc. ) C:\Users\kirut\Downloads\cpu-z-portable-2.08-installer.exe 2024-02-01 09:34 - 2024-02-01 09:34 - 000000000 ____D C:\Program Files\CPUID 2024-02-01 06:17 - 2024-02-01 06:17 - 000002264 _____ C:\Users\kirut\AppData\LocalLow\0cea42f42bc60e695d35bcc9b2e260cf0b033046b3719206d8a891b868d1a44f 2024-02-01 06:11 - 2024-02-01 16:54 - 000000130 _____ C:\Users\kirut\AppData\LocalLow\2c353cce910e0ffd6d3f2efe1246d20262ca88636ed8f470376385d832265d61 2024-02-01 06:11 - 2024-02-01 16:52 - 000004502 _____ C:\Users\kirut\AppData\LocalLow\605964f8d3795e95f9fff6e5512f582b3c597e6d64d150ac2bdb9092374815cb 2024-01-31 07:02 - 2024-01-31 07:02 - 000000996 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader+.lnk 2024-01-31 07:02 - 2024-01-31 07:02 - 000000000 ____D C:\Program Files\4KDownload 2024-01-31 06:24 - 2024-01-31 06:24 - 000000810 _____ C:\Users\kirut\Downloads\Opera Passwords.csv 2024-01-31 06:23 - 2024-01-31 06:23 - 000002357 _____ C:\Users\kirut\OneDrive\Desktop\DuckDuckGo.lnk 2024-01-31 06:17 - 2024-01-31 06:17 - 000000824 _____ C:\Users\kirut\Downloads\DuckDuckGo (1).appinstaller 2024-01-30 19:41 - 2024-01-30 19:41 - 000000000 ____D C:\Users\kirut\AppData\Local\BSXCache 2024-01-30 19:07 - 2024-01-30 19:07 - 000000000 ____D C:\Users\kirut\AppData\Local\HD-Player 2024-01-30 19:05 - 2024-01-30 19:04 - 000007169 _____ C:\Users\kirut\-1.14-windows.xml 2024-01-30 19:04 - 2024-01-30 19:35 - 000000000 ____D C:\Users\kirut\AppData\Roaming\bluestacks-services 2024-01-30 19:04 - 2024-01-30 19:04 - 000000000 ____D C:\Users\kirut\AppData\Local\bluestacks-services-updater 2024-01-30 19:01 - 2024-01-31 10:55 - 000000000 ____D C:\Users\kirut\AppData\Local\Bluestacks 2024-01-30 19:01 - 2024-01-30 19:01 - 000000000 ____D C:\Users\Public\BlueStacks 2024-01-30 17:21 - 2024-01-30 17:22 - 094219718 _____ C:\Users\kirut\Downloads\dive10-bigfin-squid-1280x720.mp4 2024-01-30 14:16 - 2024-01-30 14:16 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux 2024-01-30 09:39 - 2024-02-21 20:48 - 000114786 _____ C:\Users\kirut\OneDrive\Desktop\Igcse exam TT.pdf 2024-01-30 09:37 - 2024-01-30 09:37 - 000019553 _____ C:\Users\kirut\Downloads\686092-cambridge-final-examination-timetable (1).xlsx 2024-01-30 09:33 - 2024-01-30 09:33 - 000146402 _____ C:\Users\kirut\Downloads\686092-cambridge-final-examination-timetable.xlsx 2024-01-29 20:48 - 2024-01-29 20:48 - 000001541 _____ C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader+.lnk 2024-01-29 20:26 - 2024-01-29 20:26 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Mael Horz 2024-01-29 20:23 - 2024-01-29 20:24 - 003348036 _____ C:\Users\kirut\Downloads\HxDSetup.zip 2024-01-29 19:58 - 2024-01-29 19:58 - 000000000 ____D C:\Users\kirut\AppData\Roaming\4kdownload.com 2024-01-29 19:38 - 2024-01-29 19:38 - 000000000 ____D C:\Users\kirut\.cache 2024-01-29 14:40 - 2024-02-02 08:02 - 000000000 ____D C:\Users\kirut\AppData\Local\Adobe 2024-01-29 14:40 - 2024-02-02 06:01 - 000000000 ____D C:\ProgramData\Adobe 2024-01-29 14:40 - 2024-01-29 17:10 - 000000000 ____D C:\Users\kirut\AppData\LocalLow\Adobe 2024-01-29 14:40 - 2024-01-29 14:40 - 000000000 ____D C:\Users\kirut\AppData\Roaming\com.adobe.dunamis 2024-01-29 14:40 - 2024-01-29 14:40 - 000000000 ____D C:\Users\kirut\AppData\Local\SolidDocuments 2024-01-29 14:40 - 2024-01-29 14:40 - 000000000 ____D C:\Users\kirut\.ms-ad 2024-01-29 14:37 - 2024-01-29 14:37 - 000000000 ____D C:\Program Files\Adobe 2024-01-29 14:35 - 2024-02-02 05:55 - 000000000 ____D C:\Program Files\Common Files\Adobe 2024-01-27 15:42 - 2024-02-21 11:51 - 000000000 ____D C:\Users\kirut\OneDrive\Documents\Ubisoft 2024-01-27 07:28 - 2024-01-27 07:28 - 000090331 _____ C:\Users\kirut\Downloads\BloatynosyApp.zip ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-02-26 13:44 - 2023-10-30 20:11 - 000000000 ____D C:\Program Files (x86)\Google 2024-02-26 13:44 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-02-26 13:43 - 2023-12-13 06:58 - 000000000 ____D C:\Users\kirut\AppData\Local\Cloudflare 2024-02-26 13:43 - 2023-12-13 06:58 - 000000000 ____D C:\ProgramData\Cloudflare 2024-02-26 13:43 - 2022-05-07 10:54 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-02-26 13:42 - 2023-08-20 19:59 - 000000783 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2024-02-26 13:42 - 2023-06-24 21:44 - 000000000 __SHD C:\Users\kirut\IntelGraphicsProfiles 2024-02-26 13:42 - 2023-05-14 18:22 - 000000000 ____D C:\Intel 2024-02-26 13:42 - 2023-05-14 18:21 - 000012288 ___SH C:\DumpStack.log.tmp 2024-02-26 13:42 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\ServiceState 2024-02-26 13:42 - 2022-05-07 10:47 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-02-26 12:18 - 2023-06-24 21:44 - 000000000 ____D C:\Users\kirut\AppData\Local\D3DSCache 2024-02-26 11:30 - 2023-12-12 08:20 - 000000000 ____D C:\ProgramData\AOMEIPA 2024-02-26 11:30 - 2023-08-10 18:31 - 000001024 ____H C:\AMTAG.BIN 2024-02-26 11:23 - 2023-08-15 16:28 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant 2024-02-26 11:23 - 2023-08-10 18:28 - 000000000 ____D C:\ProgramData\boost_interprocess 2024-02-26 11:23 - 2022-05-07 10:52 - 000000000 ____D C:\WINDOWS\INF 2024-02-26 11:18 - 2023-06-26 03:13 - 000000000 ____D C:\Program Files (x86)\Steam 2024-02-26 10:58 - 2023-08-18 18:39 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Code 2024-02-26 10:32 - 2023-06-25 20:06 - 000000000 ____D C:\Users\kirut\AppData\Local\VirtualStore 2024-02-26 10:29 - 2022-05-07 10:54 - 000000000 ___HD C:\Program Files\WindowsApps 2024-02-26 10:20 - 2023-11-22 19:41 - 000007593 _____ C:\Users\kirut\AppData\Local\Resmon.ResmonCfg 2024-02-26 10:10 - 2022-05-07 10:47 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-02-26 09:39 - 2023-12-12 13:59 - 000000000 ____D C:\Users\kirut\AppData\Roaming\deluge 2024-02-26 06:05 - 2023-06-27 06:16 - 000000000 ____D C:\Users\kirut\AppData\Local\CrashDumps 2024-02-26 05:41 - 2023-06-24 19:56 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-02-26 05:41 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-02-25 10:08 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\appcompat 2024-02-23 19:15 - 2023-06-24 21:46 - 000000000 ____D C:\Users\kirut\AppData\Local\PlaceholderTileLogoFolder 2024-02-23 19:15 - 2023-06-24 21:44 - 000000000 ____D C:\Users\kirut\AppData\Local\Packages 2024-02-23 17:28 - 2022-05-07 10:54 - 000000000 ____D C:\ProgramData\USOPrivate 2024-02-23 16:58 - 2022-05-07 10:54 - 000000000 ___RD C:\WINDOWS\PrintDialog 2024-02-23 16:42 - 2023-06-24 21:44 - 000000000 __RHD C:\Users\Public\AccountPictures 2024-02-23 16:42 - 2022-05-07 10:54 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-02-23 16:27 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-02-23 16:27 - 2022-05-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender 2024-02-23 16:25 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth 2024-02-23 16:24 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\Media 2024-02-23 16:23 - 2024-01-26 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2024-02-23 16:23 - 2024-01-20 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyLock 2024-02-23 16:23 - 2024-01-20 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2024-02-23 16:23 - 2024-01-14 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2024-02-23 16:23 - 2024-01-05 06:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudflare 2024-02-23 16:23 - 2023-12-30 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64 2024-02-23 16:23 - 2023-12-11 05:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge 2024-02-23 16:23 - 2023-09-03 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher 2024-02-23 16:23 - 2023-09-03 11:29 - 000000000 ____D C:\Program Files\Intel 2024-02-23 16:23 - 2023-08-18 18:39 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2024-02-23 16:23 - 2023-08-15 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant 2024-02-23 16:23 - 2023-08-12 06:58 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.21 2024-02-23 16:23 - 2023-08-09 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2024-02-23 16:23 - 2023-07-08 06:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2024-02-23 16:23 - 2023-06-26 03:54 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2024-02-23 16:23 - 2023-06-26 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2024-02-23 16:23 - 2023-06-24 21:48 - 000000000 ___RD C:\Users\kirut\OneDrive 2024-02-23 16:23 - 2022-05-07 10:54 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 __RHD C:\Users\Public\Libraries 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\spool 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\NDF 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\AppLocker 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\Registration 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2024-02-23 16:23 - 2022-05-07 10:54 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2024-02-23 16:22 - 2023-09-06 11:11 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt 2024-02-23 16:21 - 2022-05-07 10:58 - 000000000 ____D C:\WINDOWS\Setup 2024-02-23 16:16 - 2022-05-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\lxss 2024-02-23 16:13 - 2023-12-17 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2024-02-23 16:13 - 2023-11-19 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2024-02-23 16:13 - 2023-11-09 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games 2024-02-23 16:13 - 2023-11-01 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ 2024-02-23 16:12 - 2022-05-07 10:54 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows 2024-02-23 16:09 - 2023-12-04 12:00 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView 2024-02-23 16:09 - 2022-05-07 13:09 - 000000000 ___SD C:\WINDOWS\system32\AppV 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\UUS 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\SystemResources 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\setup 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\ShellComponents 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\Provisioning 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\BrowserCore 2024-02-23 16:09 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-02-23 16:03 - 2023-12-04 11:55 - 000836096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe 2024-02-23 16:03 - 2023-12-04 11:55 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll 2024-02-23 16:03 - 2023-12-04 11:55 - 000251248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmtpm.dll 2024-02-23 16:03 - 2023-12-04 11:55 - 000075120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ramparser.sys 2024-02-23 16:03 - 2023-12-04 11:55 - 000040960 _____ C:\WINDOWS\SysWOW64\vmstaging.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 001630208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000796128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000706032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000705904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmDataStore.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000632288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000628200 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000628192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe 2024-02-23 16:03 - 2023-12-04 11:54 - 000517504 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvpci.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000439768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000439680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nvspinfo.exe 2024-02-23 16:03 - 2023-12-04 11:54 - 000435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000406912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmscrub.exe 2024-02-23 16:03 - 2023-12-04 11:54 - 000378224 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmflexio.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000366056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe 2024-02-23 16:03 - 2023-12-04 11:54 - 000366048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmiccore.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000352680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000324992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000320992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000316904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmCrashDump.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000307224 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM138.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000296416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000271728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe 2024-02-23 16:03 - 2023-12-04 11:54 - 000255464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000251248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000234864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmsvcext.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000218592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fse.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000210408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000198128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdebug.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000173552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvc.exe 2024-02-23 16:03 - 2023-12-04 11:54 - 000169456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgclientservice.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpapi.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000144864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmhbmgmt.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000128368 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmhgs.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000128368 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe 2024-02-23 16:03 - 2023-12-04 11:54 - 000094208 _____ C:\WINDOWS\system32\Drivers\vmbusproxy.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000087520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000075120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxyHNic.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000071136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000071040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxy.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000069632 _____ C:\WINDOWS\system32\vmstaging.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000066928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys 2024-02-23 16:03 - 2023-12-04 11:54 - 000050656 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000046552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll 2024-02-23 16:03 - 2023-12-04 11:54 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgclientserviceps.dll 2024-02-23 16:03 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\schemas 2024-02-23 16:03 - 2022-05-07 10:50 - 006436208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmfirmware.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 001585236 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof 2024-02-23 16:03 - 2022-05-07 10:50 - 001153282 _____ C:\WINDOWS\system32\WindowsHyperVCluster.V2.mof 2024-02-23 16:03 - 2022-05-07 10:50 - 000733184 _____ C:\WINDOWS\system32\hgattest.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000701800 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000509288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000406888 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000361832 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmfirmwarepcat.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000279920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000243048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys 2024-02-23 16:03 - 2022-05-07 10:50 - 000243024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000191480 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsp.exe 2024-02-23 16:03 - 2022-05-07 10:50 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc 2024-02-23 16:03 - 2022-05-07 10:50 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000132456 _____ C:\WINDOWS\system32\secfw_AuthenticAMD.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000124240 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000120160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000111976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcip.sys 2024-02-23 16:03 - 2022-05-07 10:50 - 000099688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtpm.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys 2024-02-23 16:03 - 2022-05-07 10:50 - 000087392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmmsprox.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgsclientplugin.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000075104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys 2024-02-23 16:03 - 2022-05-07 10:50 - 000071024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys 2024-02-23 16:03 - 2022-05-07 10:50 - 000067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmplatformca.exe 2024-02-23 16:03 - 2022-05-07 10:50 - 000066912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000058704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hnswfpdriver.sys 2024-02-23 16:03 - 2022-05-07 10:50 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AttestationWmiProvider.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000046888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000042344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000025960 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000025960 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000025952 _____ (Microsoft Corporation) C:\WINDOWS\system32\f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000025952 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000025952 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostGuardianServiceClientResources.dll 2024-02-23 16:03 - 2022-05-07 10:50 - 000006658 _____ C:\WINDOWS\system32\VmFirmwareHcl Third-Party Notices.txt 2024-02-23 16:03 - 2022-05-07 10:50 - 000006658 _____ C:\WINDOWS\system32\VmFirmware Third-Party Notices.txt 2024-02-23 16:02 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\OCR 2024-02-23 15:58 - 2022-05-07 13:09 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2024-02-23 15:58 - 2022-05-07 13:09 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-02-23 15:58 - 2022-05-07 13:09 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2024-02-23 15:58 - 2022-05-07 13:08 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2024-02-23 15:58 - 2022-05-07 13:00 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2024-02-23 15:58 - 2022-05-07 13:00 - 000000000 ____D C:\WINDOWS\system32\WCN 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\F12 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\migwiz 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\WINDOWS\IME 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\Program Files\Common Files\System 2024-02-23 15:58 - 2022-05-07 10:54 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2024-02-23 15:58 - 2022-05-07 10:47 - 000000000 ____D C:\WINDOWS\servicing 2024-02-22 17:05 - 2024-01-14 19:59 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 2024-02-22 15:26 - 2023-08-14 12:12 - 000001437 _____ C:\Users\kirut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk 2024-02-22 11:23 - 2023-11-22 19:45 - 000000000 ____D C:\Users\kirut\AppData\Local\Malwarebytes 2024-02-22 11:13 - 2023-11-22 19:47 - 000222784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2024-02-21 13:32 - 2023-10-30 20:11 - 000000000 ____D C:\Users\kirut\AppData\Local\Google 2024-02-21 11:51 - 2023-11-19 13:14 - 000000000 ____D C:\ProgramData\Orbit 2024-02-21 10:33 - 2023-06-24 21:40 - 000000000 ___SD C:\Users\kirut\AppData\Roaming\Microsoft\Credentials 2024-02-19 19:30 - 2024-01-22 16:52 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2024-02-17 16:14 - 2024-01-26 18:13 - 000000000 ____D C:\Program Files\Microsoft Office 2024-02-17 11:15 - 2024-01-21 08:17 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-02-15 05:54 - 2023-06-27 19:08 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-02-15 05:51 - 2023-06-27 19:08 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-02-13 06:29 - 2023-09-03 16:50 - 000000000 ____D C:\Users\kirut\AppData\Roaming\.minecraft 2024-02-13 05:05 - 2023-10-30 20:11 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2024-02-10 21:02 - 2023-06-24 21:48 - 000000000 ___RD C:\Users\kirut\OneDrive\Documents\My Games 2024-02-10 12:41 - 2023-11-24 20:27 - 000000776 _____ C:\Users\kirut\OneDrive\Desktop\Far Cry 3.lnk 2024-02-09 06:02 - 2023-06-24 20:46 - 000000000 ____D C:\ProgramData\Packages 2024-02-03 11:27 - 2023-06-25 05:45 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\MMC 2024-02-02 17:08 - 2023-08-26 11:14 - 000000000 ___RD C:\Users\kirut\OneDrive\Documents\Sound Recordings 2024-02-02 08:10 - 2023-09-08 21:02 - 000000000 ____D C:\Users\kirut\AppData\Roaming\arduino-ide 2024-02-02 08:05 - 2023-09-08 21:02 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Arduino IDE 2024-02-02 06:03 - 2023-06-24 21:44 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Adobe 2024-02-01 19:58 - 2023-05-24 01:01 - 000000000 ____D C:\SWSetup 2024-02-01 19:31 - 2023-09-17 08:00 - 000000130 _____ C:\Users\kirut\AppData\LocalLow\8e7a3032b72e3c3056869f127cb80e8d7a2aa2aeb0c07838a52f15afbf151616 2024-02-01 19:12 - 2023-09-17 07:54 - 000000130 _____ C:\Users\kirut\AppData\LocalLow\4844a7f98cb66099c05c3690bf4a7d958cf5342c98027ac96958436f67e87dde 2024-02-01 17:04 - 2023-09-19 16:59 - 000011216 _____ C:\Users\kirut\AppData\LocalLow\99a41ac37eea95975bd14e26567f3a65ce922d15d0ed10000344c1b19cafcc16 2024-02-01 16:57 - 2023-09-17 08:00 - 000016811 _____ C:\Users\kirut\AppData\LocalLow\86cda845fb34fc8d76e06b3c2457ab8b8652e36ebdfd4e83d1179764c3415a32 2024-02-01 15:25 - 2023-12-29 09:25 - 000028001 _____ C:\Users\kirut\AppData\LocalLow\ba09f7ec1456a40e1b2184c38f3af451d2db681f5e9f24e83821fdc29b6bbeb7 2024-02-01 15:25 - 2023-12-29 09:25 - 000000130 _____ C:\Users\kirut\AppData\LocalLow\540e7a2fbe4c29219e703256675d2de76282ae6353c8177d53bc1a399055cece 2024-02-01 14:19 - 2023-09-19 16:59 - 000000130 _____ C:\Users\kirut\AppData\LocalLow\b76d41ad74af46db14a156af76fdcffe3a4c6d9995ba1c16d0f42ad0662bd30e 2024-02-01 09:35 - 2023-12-28 11:12 - 000023430 _____ C:\Users\kirut\AppData\LocalLow\a6854f1fe51efe3ba81976ebfb4fad233a73d79e5a802f7e3f1408cf13f2c387 2024-02-01 09:35 - 2023-12-28 11:12 - 000000130 _____ C:\Users\kirut\AppData\LocalLow\b1e4146669058f9e8f258fc1df98ab6b4bb268b3b342fea69124af950e032194 2024-02-01 09:33 - 2023-11-17 20:17 - 000002264 _____ C:\Users\kirut\AppData\LocalLow\1c4786bf3424f01275cb0a451b47bfe92e74dcd110188c45a4e71e8fe936cfed 2024-02-01 06:20 - 2024-01-19 12:43 - 000000000 ____D C:\Users\kirut\AppData\Local\Publishers 2024-02-01 06:20 - 2023-09-17 07:54 - 000011216 _____ C:\Users\kirut\AppData\LocalLow\3dc76121f24ee81c77cdbdc11da3c5b2f881c588aa37c553a09f008fa99fd1f1 2024-02-01 06:10 - 2023-06-26 05:44 - 000000000 ____D C:\ProgramData\Package Cache 2024-01-31 20:48 - 2023-05-15 22:45 - 000000000 ___HD C:\OneDriveTemp 2024-01-31 07:28 - 2024-01-26 20:41 - 000000000 ____D C:\Users\kirut\Downloads\MediaGet Downloads 2024-01-30 12:49 - 2024-01-26 17:19 - 000000000 ____D C:\Users\kirut\OneDrive\Documents\OneNote Notebooks 2024-01-30 10:07 - 2024-01-26 08:57 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Excel 2024-01-30 09:28 - 2024-01-20 12:41 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Word 2024-01-30 09:10 - 2024-01-20 12:41 - 000000000 ____D C:\Users\kirut\AppData\Roaming\Microsoft\Office ==================== Files in the root of some directories ======== 2023-08-11 17:54 - 2023-08-11 17:54 - 000000023 _____ () C:\Users\kirut\AppData\Roaming\epm_user.ini 2023-07-29 11:31 - 2023-07-29 11:31 - 000000098 _____ () C:\Users\kirut\AppData\Roaming\LauncherSettings_live.cfg 2024-02-26 12:11 - 2024-02-26 12:11 - 000000036 _____ () C:\Users\kirut\AppData\Local\housecall.guid.cache 2023-08-25 06:26 - 2023-08-25 06:26 - 000000128 _____ () C:\Users\kirut\AppData\Local\PUTTY.RND 2024-02-26 09:39 - 2024-02-26 09:39 - 000000218 _____ () C:\Users\kirut\AppData\Local\recently-used.xbel 2023-11-22 19:41 - 2024-02-26 10:20 - 000007593 _____ () C:\Users\kirut\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================