Scribd
Upload
79 views15 pages

FRST

scanrecovery

Uploaded by

Anwar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
79 views15 pages

FRST

scanrecovery

Uploaded by

Anwar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 15

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.07.

2024
Ran by ak (administrator) on AKPC (12-07-2024 10:13:03)
Running from C:\Users\Lenovo\Downloads\FRST64.exe
Loaded Profiles: ak
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Language: English
(United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\


Update\1.3.361.149\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\
Update\1.3.361.149\BraveCrashHandler64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe ->)
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\
Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe <2>
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\
BraveSoftware\Brave-Browser\Application\brave.exe <14>
(JAM Software GmbH -> JAM Software) C:\Program Files\JAM Software\TreeSize Free\
TreeSizeFree.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Program Files\HP\HP LaserJet
M1210 MFP Series\ReceiveFaxUtility.exe
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (HP) [File not signed] C:\Program Files (x86)\HP\
HPLaserJetService\HPLaserJetService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\
DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\
DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\
WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel
Corporation) C:\Windows\System32\DriverStore\FileRepository\
dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\
ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\
MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\
ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\
NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Program Files\EZCast\
WifiAutoInstall\WifiAutoInstallSrv.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program
Files\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe\
CalculatorApp.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\
WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Brother Industries, Ltd.) [File not signed] C:\ProgramData\
SystemPropertiesDataExecutionPrevention\.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\
ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\
wbem\WMIC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)

HKLM\...\Run: [PrintDisp] => C:\WINDOWS\system32\PrintDisp.exe [595080 2019-03-21]


(ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files\Adobe\Acrobat DC\
Acrobat\Acrotray.exe" (No File)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common
Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\
bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [0 0000-00-00] () <====
ATTENTION [zero byte File/Folder]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction
<==== ATTENTION
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Run: [CCXProcess] => C:\
Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008
2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Run: [IDMan] => C:\Program
Files (x86)\Internet Download Manager\IDMan.exe /onboot (No File)
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Run:
[MicrosoftEdgeAutoLaunch_5EF70F99B4529735F3564FFE246DB961] => "C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-
start [3883560 2024-07-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Run: [file.dll] => rundll32
C:\Users\Lenovo\AppData\Local\Temp\1000595011\file.dll, slumlike (No File) <====
ATTENTION
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Run:
[com.squirrel.Teams.Teams] => C:\Users\Lenovo\AppData\Local\Microsoft\Teams\
Update.exe [2591920 2024-03-08] (Microsoft 3rd Party Application Component ->
Microsoft Corporation)
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Run: [bt] => C:\Users\
Lenovo\AppData\Roaming\bittorrent\BitTorrent.exe [2261000 2024-03-13] (BitTorrent
Inc -> BitTorrent Limited)
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Run: [Outlook Attachment
Extractor] => "C:\Program Files\Outlook Attachment Extractor\
OutlookAttachmentExtractor.exe" (No File)
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\RunOnce: [Application
Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
[2866712 2024-06-25] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\MountPoints2: {4b69a745-
dc75-11ee-bda3-806e6f6e6963} - "J:\SISetup.exe"
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\MountPoints2: {64581df7-
4a0e-11ed-bd4f-00e04c6805f0} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\MountPoints2: {7b194ca8-
36aa-11ee-bd7f-00e04c6805f0} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\MountPoints2: {c34a06ed-
bdac-11ed-bd6f-00e04c6805f0} - "D:\LaunchU3.exe" -a
HKLM\...\Windows x64\Print Processors\ActMaskR: C:\Windows\System32\spool\prtprocs\
x64\ActPrint.dll [51848 2018-09-14] (ActMask Group Co., Ltd -> ActMask Co.,Ltd)
HKLM\...\Windows x64\Print Processors\HPM1210PrintProc: HPM1210PP (No File)
HKLM\...\Print\Monitors\HPM1210LM: C:\Windows\system32\HPM1210LM.DLL [409088 2012-
09-29] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Nitro PDF Port 13 Monitor: C:\Windows\system32\
NxPrinterMonitor13.dll [361736 2020-10-23] (Nitro Software, Inc. -> Nitro Software,
Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-
AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.127\
Installer\chrmstp.exe [2024-06-27] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-
AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\
126.1.67.123\Installer\chrmstp.exe [2024-06-26] (Brave Software, Inc. -> Brave
Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-
2D75-11D2-995D-00C04F98BBC9}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk
[2024-04-03]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk
Software GmbH -> AnyDesk Software GmbH)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

Task: {9B59B1CE-EADE-476E-9B02-423202F56743} - System32\Tasks\AAct => C:\Windows\


AAct_Tools\AAct.exe [1452872 2018-10-04] (WZTeam -> ) [File not signed] ->
%SYSTEMDRIVE%\Windows\AAct_Tools\\/ofs=act
Task: {39A742A2-9CA2-4037-896A-C35B7C51552E} - System32\Tasks\
BraveSoftwareUpdateTaskMachineCore{BB22B7C0-1275-46AF-BA8E-F2EF6D7A3809} => C:\
Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-12] (Brave
Software, Inc. -> BraveSoftware Inc.)
Task: {A844E473-61F5-4154-A408-AA0596C2FFAD} - System32\Tasks\
BraveSoftwareUpdateTaskMachineUA{89C4F589-D63A-4E0E-B057-A01CD24F8F6C} => C:\
Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-12] (Brave
Software, Inc. -> BraveSoftware Inc.)
Task: {8EA77476-9CBB-40AE-B3CA-1CD1E86409E2} - System32\Tasks\Dctooux => C:\Users\
Lenovo\AppData\Local\Temp\b4c594889e\Dctooux.exe (No File) <==== ATTENTION
Task: {C9459A8F-9C63-4A06-90FF-49F94131E1E0} - System32\Tasks\ERGVRDVMSK => C:\
ProgramData\SystemPropertiesDataExecutionPrevention\.exe [5246976 2024-02-29]
(Brother Industries, Ltd.) [File not signed]
Task: {DF4320DA-E180-42E0-94E6-E37431F1CBF5} - System32\Tasks\GoogleSystem\
GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{3620E893-23EF-423E-BB93-
E3D24CF14DD4} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\
updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {C6F37CE3-77AE-45F2-8E88-99CD1FE2BFE2} - System32\Tasks\Intel PTT EK
Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\
iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008
2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {93A48FE6-B836-4CFD-9DD5-3990A2B015EC} - System32\Tasks\Microsoft\Office\
Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\
ClickToRun\OfficeC2RClient.exe [24164440 2018-09-26] (Microsoft Corporation ->
Microsoft Corporation)
Task: {391D233D-AA5B-4364-B388-E7525C904B21} - System32\Tasks\Microsoft\Office\
Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeC2RClient.exe [24164440 2018-09-26] (Microsoft Corporation
-> Microsoft Corporation)
Task: {3FF831EB-F707-45CD-8D86-44CFA572F95E} - System32\Tasks\Microsoft\Office\
Office Feature Updates => C:\Program Files\Microsoft Office\root\vfs\
ProgramFilesCommonX64\Microsoft Shared\OFFICE16\sdxhelper.exe [114984 2024-06-28]
(Microsoft Corporation -> Microsoft Corporation)
Task: {72CA0C4B-E782-4AE3-867A-FFD778DCD63F} - System32\Tasks\Microsoft\Office\
OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\
Office16\officebackgroundtaskhandler.exe [2369816 2024-06-28] (Microsoft
Corporation -> Microsoft Corporation)
Task: {FCBF7A93-8D47-470B-8C3D-B543DCFC8AD3} - System32\Tasks\Microsoft\Office\
OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\
Office16\officebackgroundtaskhandler.exe [2369816 2024-06-28] (Microsoft
Corporation -> Microsoft Corporation)
Task: {BFE454FB-85D8-4E87-AB49-374C35A916CF} - System32\Tasks\Microsoft\Office\
OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\
Office16\msoia.exe [3843368 2024-06-28] (Microsoft Corporation -> Microsoft
Corporation)
Task: {F72D1510-26DC-47C0-B872-4927D6146F17} - System32\Tasks\Microsoft\Office\
OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\
msoia.exe [3843368 2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {830511BA-0D8C-4D1C-BF11-2AB8342F4E6E} - System32\Tasks\Microsoft\Windows\
Autodesk\Autodesk => C:\Windows\system32\wscript.exe [170496 2024-03-07] (Microsoft
Windows -> Microsoft Corporation) -> "%CommonProgramFiles(x86)%\Autodesk Shared\
Network License Manager\Service.vbs" "%CommonProgramFiles(x86)%\Autodesk Shared\
Network License Manager\Service.bat"
Task: {B0E6EC0D-8766-4A0B-A188-CDA9903A1B7D} - System32\Tasks\Microsoft\Windows\
kbdutlin => C:\Windows\SysWOW64\rundll32.exe [61440 2024-03-07] (Microsoft Windows
-> Microsoft Corporation) -> C:\ProgramData\ContainLocks\BerviceKediuf\C:\
ProgramData\ContainLocks\BerviceKediuf\LXSEm_Dlttsigsv.dll,NcsWexigndyaCenreu_iTD
<==== ATTENTION
Task: {7E0D6851-713E-43EC-BB21-2B339D95960B} - System32\Tasks\Microsoft\Windows\
Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\
Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-04]
(Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8ACD2792-3E20-452E-8371-ABA15C0ACB18} - System32\Tasks\Microsoft\Windows\
Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-04] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {E713E138-66BE-4D91-90B1-53BC94EBC0CA} - System32\Tasks\Microsoft\Windows\
Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-04] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {62815D20-874D-4F49-866A-E226E649CBF1} - System32\Tasks\R@1n-KMS\
Windows64Professional => C:\Windows\System32\Wbem\wmic.exe [576000 2024-03-07]
(Microsoft Windows -> Microsoft Corporation) -> path SoftwareLicensingProduct where
(ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {3F04D9E3-CF38-4B4B-92DB-1D81F2C76705} - System32\Tasks\VivaldiUpdateCheck-
f618af6583e3be72 => C:\Users\Lenovo\AppData\Local\Vivaldi\Application\
update_notifier.exe [3694216 2024-06-25] (Vivaldi Technologies AS -> Vivaldi
Technologies AS) -> C:\Users\Lenovo\AppData\Local\Vivaldi\Application\--from-
scheduler
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Dctooux.job => C:\Users\Lenovo\AppData\Local\Temp\


b4c594889e\Dctooux.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\
DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\
IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed


or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2617bc00-919f-4cc1-a09f-4abfb256c0cc}: [DhcpNameServer]
192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{85f57568-260a-481b-9e19-b5cdbc24e24c}: [DhcpNameServer]
192.168.1.1
Tcpip\..\Interfaces\{9aec1fa6-f19e-400e-a531-f900fde3dcab}: [DhcpNameServer]
192.168.1.1

Edge:
=======
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2024-
07-10]
Edge HomePage: Default -> hxxps://go.microsoft.com/fwlink/p/?
LinkId=619797&pc=UE01&ocid=UE01DHP
Edge Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\Lenovo\
AppData\Local\Microsoft\Edge\User Data\Default\Extensions\
cnlefmmeadmemmdciolhbnfeacpdfbkd [2024-07-05]
Edge Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Microsoft\
Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Lenovo\AppData\Local\
Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-
01-23]
Edge Extension: (AdBlock — block ads across the web) - C:\Users\Lenovo\AppData\
Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog
[2024-06-27]
Edge HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\SOFTWARE\Microsoft\Edge\
Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program
Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found>

FireFox:
========
FF DefaultProfile: q0x637k0.default-1697090705961
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\
q0x637k0.default-1697090705961 [2023-10-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\
Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\
SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\SeaMonkey\Extensions:
[[email protected]] - C:\Users\Lenovo\AppData\Roaming\IDM\
idmmzcc5
FF Extension: (IDM CC) - C:\Users\Lenovo\AppData\Roaming\IDM\idmmzcc5 [2021-10-19]
[Legacy] [not signed]
FF HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\...\SeaMonkey\Extensions:
[[email protected]] - C:\Program Files (x86)\Internet
Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\
Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2024-06-28] (Microsoft Corporation -> Microsoft
Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\
OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF
Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\
Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF
Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\
Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\
Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-06-28]
(Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\
VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\
VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2024-
07-09]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Delete Browsing History) - C:\Users\Lenovo\AppData\Local\Google\
Chrome\User Data\Default\Extensions\ehopggpdjobkakeanhlpiillmocedild [2024-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\
User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-04]
CHR Extension: (Clear Today's History and Cache) - C:\Users\Lenovo\AppData\Local\
Google\Chrome\User Data\Default\Extensions\nkcpfldfdhdkdgogfcnnpfnoilkanemk [2024-
03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\
Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program
Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\SOFTWARE\Google\Chrome\
Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2651249374-2078848904-2009966195-1001\SOFTWARE\Google\Chrome\
Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program
Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program
Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

Brave:
=======
BRA Profile: C:\Users\Lenovo\AppData\Local\BraveSoftware\Brave-Browser\User Data\
Default [2024-07-12]
BRA Notifications: Default -> hxxps://ext.gmass.us
BRA StartupUrls: Default -> "hxxp://www.gmail.com/"
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Lenovo\
AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\
efaidnbmnnnibpcajpcglclefindmkaj [2024-07-05]
BRA Extension: (Black & White) - C:\Users\Lenovo\AppData\Local\BraveSoftware\Brave-
Browser\User Data\Default\Extensions\mhhlgkfginnlendpfkhcmldikeepoefa [2024-03-11]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters
(plaintext))) - C:\Users\Lenovo\AppData\Local\BraveSoftware\Brave-Browser\User
Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-07-10]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Lenovo\AppData\Local\
BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-07-12]
BRA Extension: (Brave NTP background images) - C:\Users\Lenovo\AppData\Local\
BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-05]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext)))
- C:\Users\Lenovo\AppData\Local\BraveSoftware\Brave-Browser\User Data\
bfpgedeaaibpoidldhjcknekahbikncb [2024-07-12]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Lenovo\AppData\Local\
BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-24]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\
Lenovo\AppData\Local\BraveSoftware\Brave-Browser\User Data\
cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-07-12]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Lenovo\AppData\
Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2024-
06-24]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Lenovo\AppData\Local\
BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2024-07-12]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Lenovo\
AppData\Local\BraveSoftware\Brave-Browser\User Data\
gkboaolpopklhgplhaaiboijnklogmbc [2024-07-10]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\Lenovo\AppData\
Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2023-
10-12]
BRA Extension: (Brave Ads Resources) - C:\Users\Lenovo\AppData\Local\BraveSoftware\
Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2024-06-26]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\
Users\Lenovo\AppData\Local\BraveSoftware\Brave-Browser\User Data\
iodkpdagapdfkphljnddpjlldadblomo [2024-07-12]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Lenovo\AppData\
Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-
07-09]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Lenovo\AppData\Local\
BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-25]

Vivaldi:
=======
VIV Profile: C:\Users\Lenovo\AppData\Local\Vivaldi\User Data\Default [2024-07-11]
VIV HomePage: Default -> hxxps://www.google.com/
VIV StartupUrls: Default -> "hxxps://www.google.com/"
VIV Extension: (Torrent Scanner) - C:\Users\Lenovo\AppData\Local\Vivaldi\User Data\
Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-06-06]
VIV Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Lenovo\
AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
[2024-07-09]
StartMenuInternet: (HKU\S-1-5-21-2651249374-2078848904-2009966195-1001)
Vivaldi.XN22U77HZROU4WMOBRHKUVC7K4 - "C:\Users\Lenovo\AppData\Local\Vivaldi\
Application\vivaldi.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
S3 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5323592 2024-04-18]
(AnyDesk Software GmbH -> AnyDesk Software GmbH)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-
10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\
126.1.67.123\elevation_service.exe [2688024 2024-06-25] (Brave Software, Inc. ->
Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424
2023-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\
OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation -> Microsoft
Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\
HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\
ReceiveFaxUtility.exe [361888 2012-07-25] (Hewlett-Packard Company -> HP)
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [126856 2012-11-08] (Hewlett-
Packard Company -> HP)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\
MpDefenderCoreService.exe [1505416 2024-06-04] (Microsoft Windows Publisher ->
Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
[534472 2024-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21585720 2024-
03-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\
NisSrv.exe [3236728 2024-06-04] (Microsoft Windows Publisher -> Microsoft
Corporation)
R2 WifiAutoInstallSrv; C:\Program Files\EZCast\WifiAutoInstall\
WifiAutoInstallSrv.exe [118720 2019-03-21] (Realtek Semiconductor Corp. -> Realtek)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\
MsMpEng.exe [133704 2024-06-04] (Microsoft Windows Publisher -> Microsoft
Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29]


(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [16896 2012-11-08]
(Microsoft Windows Hardware Compatibility Publisher -> )
R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Microsoft
Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [6887936 2019-03-21] (Realtek
Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [1049936 2022-02-25]
(Realtek Semiconductor Corp. -> Realtek Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung
Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-06-04] (Microsoft
Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26]
(WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-06-04]
(Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-04]
(Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-12 10:13 - 2024-07-12 10:13 - 000028752 _____ C:\Users\Lenovo\Downloads\


FRST.txt
2024-07-12 10:12 - 2024-07-12 10:13 - 000000000 ____D C:\FRST
2024-07-12 10:11 - 2024-07-12 10:11 - 002395648 _____ (Farbar) C:\Users\Lenovo\
Downloads\FRST64.exe
2024-07-12 04:50 - 2024-07-12 04:50 - 105906176 _____ C:\WINDOWS\system32\config\
SOFTWARE
2024-07-12 04:50 - 2024-07-12 04:50 - 000000000 ____D C:\WINDOWS\Microsoft
Antimalware
2024-07-11 17:49 - 2024-07-11 17:49 - 000000000 ____D C:\WINDOWS\Panther
2024-07-11 11:40 - 2024-07-11 11:40 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-07-10 12:57 - 2024-07-10 12:57 - 000302551 _____ C:\Users\Lenovo\Downloads\
Ogero.gov.lb has two name servers, one mail server and two IP numbe.._.pdf
2024-07-10 12:40 - 2024-07-11 16:27 - 000000000 ____D C:\Program Files (x86)\
Gammadyne Mailer
2024-07-10 12:33 - 2024-07-10 12:33 - 000000000 ____D C:\ProgramData\DeskSoft
2024-07-10 12:32 - 2024-07-10 12:39 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\DeskSoft
2024-07-10 12:32 - 2024-07-10 12:39 - 000000000 ____D C:\Program Files (x86)\
CheckMail
2024-07-10 12:29 - 2024-07-10 12:31 - 000000000 ____D C:\Program Files (x86)\Email
Sender Deluxe
2024-07-10 12:29 - 2024-07-10 12:29 - 000000000 ____D C:\Users\Lenovo\Documents\
Email Sender Deluxe
2024-07-10 12:22 - 2024-07-10 12:22 - 000000000 ____D C:\Program Files (x86)\
MSECache
2024-07-10 12:15 - 2024-07-10 12:15 - 000000000 ____D C:\ProgramData\Geotac
2024-07-10 12:13 - 2024-07-10 12:13 - 000000191 _____ C:\WINDOWS\ODBCINST.INI
2024-07-10 12:13 - 2024-07-10 12:13 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Gammadyne
2024-07-10 12:13 - 2022-06-26 20:11 - 001209344 _____ (Christian Werner Software &
Consulting) C:\WINDOWS\SysWOW64\sqlite3odbc.dll
2024-07-10 12:11 - 2024-07-10 12:11 - 049954309 _____ C:\Users\Lenovo\Downloads\
Gammadyne.Mailer.v69.0_p30download.com.rar
2024-07-09 16:54 - 2024-07-09 17:01 - 000951491 _____ C:\Users\Lenovo\Documents\
CMCCO E-Accounts 2024.pdf
2024-07-09 14:54 - 2024-07-09 14:54 - 000316631 _____ C:\Users\Lenovo\Downloads\
FIRST FIX-CMCCO CONSULTATION AGREEMENT.pdf
2024-07-09 09:02 - 2024-07-09 09:04 - 017602209 _____ C:\Users\Lenovo\Downloads\
1TB03300-300C04-AMA-LTR-0180-00_STL - Notice to Correct (LR 30.06.24 FG) (002).pdf
2024-07-05 10:24 - 2024-07-05 10:24 - 000001921 _____ C:\Users\Lenovo\Desktop\All
Logs.xlsx - Shortcut.lnk
2024-07-04 12:49 - 2024-07-04 14:49 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Outlook Attachment Extractor 3
2024-07-04 12:47 - 2024-07-04 12:48 - 009970690 _____ C:\Users\Lenovo\Downloads\
Outlook.Attachment.Extractor.v3.10.11_p30download.com.rar
2024-07-04 12:12 - 2024-07-04 12:12 - 000079751 _____ C:\Users\Lenovo\Documents\
Doc1.pdf
2024-07-03 16:47 - 2024-07-03 16:48 - 000000000 ____D C:\Program Files\Mozilla
Thunderbird
2024-07-03 16:46 - 2024-07-03 16:46 - 000001063 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Thunderbird.lnk
2024-07-03 16:46 - 2024-07-03 16:46 - 000001051 _____ C:\Users\Public\Desktop\
Thunderbird.lnk
2024-07-03 12:10 - 2024-07-03 16:48 - 000000000 ____D C:\Program Files (x86)\
Mozilla Maintenance Service
2024-07-03 12:07 - 2024-07-03 12:07 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Thunderbird
2024-07-03 12:07 - 2024-07-03 12:07 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\Thunderbird
2024-07-03 12:04 - 2024-07-03 12:05 - 060144728 _____ (Mozilla) C:\Users\Lenovo\
Downloads\Thunderbird Setup 115.12.2.exe
2024-07-03 12:04 - 2024-07-03 12:04 - 001498006 _____ C:\Users\Lenovo\Downloads\
Import MBOX to Gmail With_Without Thunderbird _ Manually & Paid.pdf
2024-07-03 11:29 - 2024-07-03 11:29 - 000174630 _____ C:\Users\Lenovo\Downloads\
CMCCO-Memorandum of Understanding (MOU) TRACEJO.pdf
2024-07-02 14:09 - 2024-07-02 14:10 - 000000000 ____D C:\Program Files\VueScan
2024-07-02 14:09 - 2024-07-02 14:09 - 000001060 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\VueScan x64.lnk
2024-07-02 14:09 - 2024-07-02 14:09 - 000001054 _____ C:\Users\Public\Desktop\
VueScan x64.lnk
2024-07-02 14:09 - 2024-07-02 14:09 - 000000000 ____D C:\WINDOWS\twain_64
2024-07-01 15:39 - 2024-07-01 16:13 - 000000000 ____D C:\Users\Lenovo\Downloads\Jan
8-Final Draft Report
2024-07-01 10:46 - 2024-07-01 10:53 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\CData
2024-07-01 10:45 - 2024-07-01 10:45 - 000000000 ____D C:\Program Files\CData
2024-07-01 10:44 - 2024-07-01 10:44 - 007276216 _____ (CData Software, Inc.) C:\
Users\Lenovo\Downloads\ExcelAddInforGoogleCalendars.exe
2024-07-01 10:03 - 2024-07-01 10:03 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Stationery
2024-07-01 10:03 - 2024-07-01 10:03 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Signatures
2024-06-28 16:43 - 2024-06-28 16:43 - 000143233 _____ C:\Users\Lenovo\Downloads\
[email protected]
2024-06-28 15:44 - 2024-06-28 15:44 - 000701251 _____ C:\Users\Lenovo\Downloads\How
to export Google Calendar to Google Sheets automatically - IFTTT -.pdf
2024-06-28 13:13 - 2024-07-05 09:11 - 000000000 ____D C:\WINDOWS\AAct_Tools
2024-06-28 13:11 - 2024-06-28 13:11 - 000002459 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Word.lnk
2024-06-28 13:11 - 2024-06-28 13:11 - 000002458 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\PowerPoint.lnk
2024-06-28 13:11 - 2024-06-28 13:11 - 000002422 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Access.lnk
2024-06-28 13:11 - 2024-06-28 13:11 - 000002421 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Excel.lnk
2024-06-28 13:11 - 2024-06-28 13:11 - 000002415 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Outlook.lnk
2024-06-28 13:11 - 2024-06-28 13:11 - 000000000 ____D C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Microsoft Office Tools
2024-06-28 13:10 - 2024-06-28 13:10 - 000000000 ____D C:\Program Files\Microsoft
Office 15
2024-06-28 12:09 - 2024-06-28 12:09 - 000001437 _____ C:\Users\Lenovo\Desktop\
Thunderbird Converter Wizard.lnk
2024-06-28 12:09 - 2024-06-28 12:09 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\BitRecover
2024-06-28 12:09 - 2024-06-28 12:09 - 000000000 ____D C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Thunderbird Converter Wizard
2024-06-28 12:09 - 2024-06-28 12:09 - 000000000 ____D C:\Program Files (x86)\
BitRecover
2024-06-28 12:08 - 2024-06-28 12:09 - 029751406 _____ C:\Users\Lenovo\Downloads\
BitRecover.Thunderbird.Converter.Wizard.v7.1_p30download.com.rar
2024-06-28 12:06 - 2024-06-28 12:09 - 049669661 _____ C:\Users\Lenovo\Downloads\
SysTools.MBOX.Converter.v7.1_p30download.com.rar
2024-06-27 16:38 - 2024-06-27 16:38 - 000099050 _____ C:\Users\Lenovo\Downloads\‫أفضل‬
‫ – صناع المال‬2024 ‫شركات مقاوالت في السعودية تصنيف اول‬.html
2024-06-27 16:38 - 2024-06-27 16:38 - 000000000 ____D C:\Users\Lenovo\Downloads\‫أفضل‬
‫ – صناع المال‬2024 ‫_شركات مقاوالت في السعودية تصنيف اول‬files
2024-06-27 15:31 - 2024-06-27 15:31 - 000231481 _____ C:\Users\Lenovo\Downloads\
1TB03300-300C04-STC-LTR-0135 (1).pdf
2024-06-27 12:01 - 2024-07-05 11:10 - 000000000 ____D C:\Users\Lenovo\Documents\
Outlook Files
2024-06-27 12:01 - 2024-06-28 13:32 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Outlook
2024-06-26 09:07 - 2024-06-26 09:07 - 000231481 _____ C:\Users\Lenovo\Downloads\
1TB03300-300C04-STC-LTR-0135.pdf
2024-06-25 16:38 - 2024-06-25 16:38 - 000189448 _____ C:\Users\Lenovo\Downloads\
59227561-Project-Cost-Control-Procedure.pdf
2024-06-25 16:37 - 2024-06-25 16:37 - 007755218 _____ C:\Users\Lenovo\Downloads\
434232893-Cost-Management-Report-on-Cost-Control.pptx
2024-06-25 16:37 - 2024-06-25 16:37 - 000797197 _____ C:\Users\Lenovo\Downloads\
465198057-COST-CONTROL-Cash-flow.pdf
2024-06-25 16:35 - 2024-06-25 16:35 - 000074832 _____ C:\Users\Lenovo\Downloads\
499940371-Prolongation-Cost-revised.xlsx
2024-06-25 16:34 - 2024-06-25 16:34 - 000046080 _____ C:\Users\Lenovo\Downloads\
251867029-Final-Cost-Reporting-Template.xls
2024-06-25 16:33 - 2024-06-25 16:33 - 000241664 _____ C:\Users\Lenovo\Downloads\
120595482-20239754-Cost-Control-Spreadsheet-Blk-A.xls
2024-06-25 16:31 - 2024-06-25 16:31 - 000238870 _____ C:\Users\Lenovo\Downloads\
Difference between Sales and Marketing_ meaning, example.pdf
2024-06-25 16:29 - 2024-06-25 16:29 - 000351744 _____ C:\Users\Lenovo\Downloads\
121503271-Cost-Codes.xls
2024-06-25 16:29 - 2024-06-25 16:29 - 000031167 _____ C:\Users\Lenovo\Downloads\
147300677-Project-Cost-Estimate-excel-sheet.xlsx
2024-06-25 16:28 - 2024-06-25 16:28 - 001119370 _____ C:\Users\Lenovo\Downloads\
452265542-Construction-Project-Cost-Control.pdf
2024-06-25 16:28 - 2024-06-25 16:28 - 000048640 _____ C:\Users\Lenovo\Downloads\
330899488-Project-Cost-Tracking-Report.xls
2024-06-25 16:26 - 2024-06-25 16:28 - 005532044 _____ C:\Users\Lenovo\Downloads\
372692748-1-Basic-of-Cost-Control.pdf
2024-06-25 16:25 - 2024-06-25 16:25 - 009895647 _____ C:\Users\Lenovo\Downloads\
375590302-Project-Control-Procedure.pdf
2024-06-25 12:18 - 2024-06-25 12:19 - 000990929 _____ C:\Users\Lenovo\Downloads\
Server Hosting - Total freedom from server4you.pdf
2024-06-24 16:04 - 2024-06-24 16:04 - 000062410 _____ C:\Users\Lenovo\Downloads\
Temnine Price Adjustment.XLSX
2024-06-24 14:02 - 2024-06-24 14:02 - 000365783 _____ C:\Users\Lenovo\Downloads\
‫الموقع الرسمي لوزارة التربية والتعليم العالي‬.pdf
2024-06-24 13:57 - 2024-06-24 13:57 - 000094800 _____ C:\Users\Lenovo\Downloads\
Law234246.pdf
2024-06-24 12:48 - 2024-06-24 12:48 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Web Server Extensions
2024-06-24 12:47 - 2024-06-24 12:53 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\FrontPage
2024-06-24 12:47 - 2024-06-24 12:47 - 000000000 ___SD C:\Users\Lenovo\Documents\My
Web Sites
2024-06-24 12:45 - 2024-07-10 12:13 - 000000493 _____ C:\WINDOWS\ODBC.INI
2024-06-24 12:45 - 2024-06-24 12:45 - 000002625 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Open Office Document.lnk
2024-06-24 12:45 - 2024-06-24 12:45 - 000002615 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\New Office Document.lnk
2024-06-24 12:45 - 2024-06-24 12:45 - 000000029 _____ C:\Users\Lenovo\Documents\
front page 2023.txt
2024-06-24 12:45 - 2024-06-24 12:45 - 000000000 ____D C:\Program Files (x86)\
Microsoft Works
2024-06-24 12:45 - 2024-06-24 12:45 - 000000000 ____D C:\Program Files (x86)\
Microsoft Visual Studio
2024-06-24 12:45 - 2024-06-24 12:45 - 000000000 ____D C:\Program Files (x86)\
Microsoft ActiveSync
2024-06-24 12:34 - 2024-06-24 12:34 - 000085504 _____ C:\Users\Lenovo\Downloads\
fphtml.exe
2024-06-21 14:43 - 2024-06-21 14:43 - 000002208 _____ C:\Users\Lenovo\Documents\
Copy of 401-503 list.csv
2024-06-21 14:42 - 2024-06-21 14:42 - 000017497 _____ C:\Users\Lenovo\Documents\
401-503 list.xlsx
2024-06-21 14:25 - 2024-06-21 14:25 - 000787093 _____ C:\Users\Lenovo\Downloads\
Difference between Spam and Phishing Mail - GeeksforGeeks.pdf
2024-06-21 14:21 - 2024-06-21 14:21 - 000035906 _____ C:\Users\Lenovo\Downloads\
Spam vs. Phishing - What's the Difference Between Them_ _ Webroot.pdf
2024-06-20 15:27 - 2024-06-20 15:29 - 000010598 _____ C:\Users\Lenovo\Documents\HR
LOG.xlsx
2024-06-19 13:20 - 2024-06-19 13:20 - 000179806 _____ C:\Users\Lenovo\Downloads\
Cost Control Manager Job Details _ JESA Group.pdf
2024-06-19 13:19 - 2024-06-19 13:19 - 000802120 _____ C:\Users\Lenovo\Downloads\
Cost Control Manager Job Description - ConsultANZ Recruitment.pdf
2024-06-19 11:44 - 2024-06-28 10:36 - 000000000 ____D C:\Users\Lenovo\Downloads\
jUNE 2024-KSA
2024-06-19 09:12 - 2024-06-19 09:12 - 003960030 _____ C:\Users\Lenovo\Downloads\
248688439-Project-Control-System-Manual.pdf
2024-06-14 16:22 - 2024-06-14 16:30 - 000000000 ____D C:\Users\Lenovo\Downloads\
planning and others
2024-06-14 16:19 - 2024-06-14 16:20 - 003417122 _____ C:\Users\Lenovo\Documents\
617192545-‫االول‬-‫الجزء‬-‫ماتريال‬-‫و‬-‫كورسات‬-‫الهندسي‬-‫الدليل‬-‫كتاب‬.pdf
2024-06-14 09:21 - 2024-06-14 09:52 - 000000000 ____D C:\Users\Lenovo\Downloads\
Utube
2024-06-14 09:21 - 2024-06-14 09:21 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\MediaHuman
2024-06-14 09:20 - 2024-06-14 09:20 - 000001125 _____ C:\Users\Lenovo\Desktop\
MediaHuman YouTube Downloader.lnk
2024-06-14 09:20 - 2024-06-14 09:20 - 000000000 ____D C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\MediaHuman
2024-06-14 09:20 - 2024-06-14 09:20 - 000000000 ____D C:\Program Files\MediaHuman
2024-06-13 16:30 - 2024-06-13 16:30 - 000251443 _____ C:\Users\Lenovo\Downloads\
INV#3020- SIGMA CONSULTANT Design and BOQ Payment.pdf
2024-06-13 16:30 - 2024-06-13 16:30 - 000149498 _____ C:\Users\Lenovo\Downloads\
SIGMA CONSULTANT Account Statement As of March 28-2022.pdf
2024-06-13 14:08 - 2024-06-13 14:08 - 000416339 _____ C:\Users\Lenovo\Downloads\
Understanding Benchmarking Analysis_ A Step-by-Step Guide.pdf
2024-06-13 12:46 - 2024-06-13 12:46 - 000000000 ____D C:\Program Files\Common
Files\Autodesk
2024-06-13 12:30 - 2024-06-13 12:30 - 000555335 _____ C:\Users\Lenovo\Downloads\8
Steps of the Benchmarking Process _ Lucidchart Blog.pdf
2024-06-13 11:50 - 2024-06-21 08:42 - 000000000 ____D C:\Program Files\Autodesk
2024-06-13 11:50 - 2024-06-21 08:41 - 000000000 ____D C:\ProgramData\
boost_interprocess
2024-06-13 11:50 - 2024-06-13 11:50 - 000000000 ____D C:\Program Files\dotnet
2024-06-13 11:29 - 2024-06-21 08:44 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\UI Launcher
2024-06-13 11:29 - 2024-06-13 11:29 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2024-06-13 11:25 - 2024-06-13 11:25 - 000000000 ____D C:\Autodesk
2024-06-13 10:39 - 2024-06-13 14:12 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\Autodesk
2024-06-13 10:38 - 2024-06-21 08:44 - 000000000 ____D C:\ProgramData\Autodesk
2024-06-12 16:45 - 2024-06-12 16:45 - 000133340 _____ C:\Users\Lenovo\Downloads\
744e1_ba97c_‫مخطط_نموذج_العمل_التجاري‬.pptx
2024-06-12 13:57 - 2024-06-12 14:33 - 000000000 ____D C:\Users\Lenovo\Downloads\
CADDDD

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-12 10:13 - 2024-02-29 14:00 - 000003546 _____ C:\WINDOWS\system32\Tasks\


ERGVRDVMSK
2024-07-12 10:10 - 2021-07-23 20:49 - 000002446 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-12 10:10 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-12 10:10 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-12 10:07 - 2022-02-21 10:10 - 000840598 _____ C:\WINDOWS\system32\
PerfStringBackup.INI
2024-07-12 10:07 - 2019-12-07 12:13 - 000000000 ____D C:\WINDOWS\INF
2024-07-12 10:04 - 2022-02-21 19:53 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-12 10:04 - 2022-02-21 10:07 - 000003534 _____ C:\WINDOWS\system32\Tasks\
MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 10:04 - 2022-02-21 10:07 - 000003410 _____ C:\WINDOWS\system32\Tasks\
MicrosoftEdgeUpdateTaskMachineCore
2024-07-11 18:01 - 2024-03-25 12:56 - 000000000 ____D C:\Program Files\TeamViewer
2024-07-11 18:01 - 2022-02-21 10:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-11 18:01 - 2021-07-13 07:06 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-11 18:01 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-
06.com.microsoft
2024-07-11 18:00 - 2022-02-21 10:02 - 000000000 ____D C:\WINDOWS\system32\
SleepStudy
2024-07-11 17:49 - 2019-12-07 12:03 - 000524288 _____ C:\WINDOWS\system32\config\
BBI
2024-07-11 17:42 - 2020-12-15 07:42 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\MMC
2024-07-11 17:41 - 2021-07-14 21:39 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\D3DSCache
2024-07-11 17:38 - 2022-02-10 12:29 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\CrashDumps
2024-07-11 16:39 - 2022-02-21 10:04 - 000000000 ____D C:\Users\Lenovo
2024-07-11 11:48 - 2024-03-07 11:43 - 000000028 _____ C:\WINDOWS\OutLog.txt
2024-07-10 14:00 - 2024-05-15 09:54 - 000002468 ____H C:\Users\Lenovo\Documents\
Default.rdp
2024-07-10 13:59 - 2021-08-21 00:21 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Excel
2024-07-10 13:35 - 2021-07-30 22:18 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Word
2024-07-10 12:29 - 2020-12-15 07:35 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\VirtualStore
2024-07-10 11:02 - 2024-06-06 09:57 - 000000527 _____ C:\Users\
Lenovo\.vivaldi_reporting_data
2024-07-10 09:41 - 2022-02-21 10:02 - 000475072 _____ C:\WINDOWS\system32\
FNTCACHE.DAT
2024-07-10 09:35 - 2020-12-15 07:46 - 000000000 ____D C:\ProgramData\Adobe
2024-07-09 10:44 - 2022-02-10 10:44 - 000000000 ____D C:\ProgramData\Mozilla-
1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-05 14:12 - 2024-03-13 11:57 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\bittorrent
2024-07-04 09:29 - 2020-12-15 07:35 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\Packages
2024-07-02 10:48 - 2024-04-09 10:37 - 000001116 _____ C:\Users\Lenovo\Desktop\
RMPrepUSB.lnk
2024-07-01 11:02 - 2021-07-19 22:38 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\PowerPoint
2024-07-01 10:00 - 2024-03-29 15:57 - 000020165 _____ C:\Users\Lenovo\Documents\
TIMESHEET forms.xlsx
2024-06-28 13:13 - 2024-03-08 12:43 - 000003870 _____ C:\WINDOWS\system32\Tasks\
AAct
2024-06-28 13:11 - 2024-03-08 12:41 - 000000000 ____D C:\Program Files\Common
Files\DESIGNER
2024-06-28 13:11 - 2024-03-08 12:40 - 000000000 ____D C:\Program Files\Microsoft
Office
2024-06-28 13:11 - 2019-12-07 12:14 - 000000000 ____D C:\Program Files\Common
Files\microsoft shared
2024-06-28 09:47 - 2024-03-07 17:02 - 000000000 ____D C:\Users\Public\Imou_en
2024-06-27 09:00 - 2024-03-20 10:24 - 000002255 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-27 09:00 - 2024-03-20 10:24 - 000002214 _____ C:\Users\Public\Desktop\
Google Chrome.lnk
2024-06-26 09:42 - 2021-07-19 22:38 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Office
2024-06-26 09:30 - 2023-10-12 09:06 - 000002372 _____ C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Brave.lnk
2024-06-26 09:30 - 2023-10-12 09:06 - 000002331 _____ C:\Users\Public\Desktop\
Brave.lnk
2024-06-26 09:12 - 2024-06-06 09:57 - 000000000 ____D C:\Users\Lenovo\AppData\
Local\Vivaldi
2024-06-26 09:06 - 2024-06-06 09:57 - 000002436 _____ C:\Users\Lenovo\AppData\
Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2024-06-26 09:06 - 2024-06-06 09:57 - 000002399 _____ C:\Users\Lenovo\Desktop\
Vivaldi.lnk
2024-06-25 12:24 - 2024-05-10 11:23 - 000000000 ____D C:\ProgramData\Windows Master
Store
2024-06-24 12:53 - 2021-07-30 22:18 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\Proof
2024-06-24 12:47 - 2021-07-14 22:04 - 000099584 _____ C:\Users\Lenovo\AppData\
Local\GDIPFONTCACHEV1.DAT
2024-06-24 12:45 - 2024-03-08 16:06 - 000000000 ____D C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Microsoft Office
2024-06-24 12:45 - 2020-12-15 07:46 - 000000000 ____D C:\Program Files (x86)\
Microsoft Office
2024-06-24 12:45 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\IME
2024-06-24 12:42 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\System
2024-06-19 13:52 - 2021-07-30 22:18 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Microsoft\UProof
2024-06-14 12:04 - 2020-12-15 07:43 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\vlc
2024-06-14 09:52 - 2024-06-07 15:44 - 000000000 ____D C:\Users\Lenovo\Downloads\
BUSINESS MODEL CANVAS
2024-06-13 12:47 - 2021-07-14 21:43 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-13 11:51 - 2021-07-14 21:58 - 000000000 ____D C:\Users\Lenovo\AppData\
Roaming\Autodesk
2024-06-13 11:50 - 2021-07-14 21:53 - 000000000 ____D C:\ProgramData\Microsoft\
Windows\Start Menu\Programs\Autodesk
2024-06-13 10:41 - 2021-07-14 21:57 - 000000000 ____D C:\Users\Public\Documents\
Autodesk
2024-06-13 10:41 - 2019-12-07 12:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program
Files

==================== Files in the root of some directories ========

2024-03-08 13:19 - 2024-06-21 08:43 - 000000820 _____ () C:\Users\Lenovo\AppData\


Local\oobelibMkey.log
2024-03-07 15:26 - 2024-03-08 15:31 - 000007613 _____ () C:\Users\Lenovo\AppData\
Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

You might also like