ILLUSION042 Posted November 16, 2021 ID:1488597 Share Posted November 16, 2021 I have a problem of my pc maybe because of undetectable virus maybe? its freezing and the sounds that come out from my speaker during this event is "drrrrrrr". I already used rogue killer and same thing happened. hopefully someone can answer my problem. I really need this pc for my home schooling because of the virus. Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2021 ID:1488606 Share Posted November 16, 2021 Hello ILLUSION042 and welcome to Malwarebytes, Disable smart screen ONLY if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Next, Lets grab some logs and see whats going on, continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Open Malwarebytes, select Target scope inside Scanner window, In the new window select "Reports" tab. All recent scan reports will be listed. Hover cursor over latest report (Indentified by date and time) you will see eye tab, download tab and recycle bin tab. Select "Download" tab, download, name and save report to place of your choice (recommend Desktop) Attach that report to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488738 Share Posted November 17, 2021 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021 Ran by Administrator (administrator) on WIN-SKRMTT21HGK (Gigabyte Technology Co., Ltd. A320M-S2H V2) (17-11-2021 11:57:45) Running from C:\Users\Administrator\Downloads Loaded Profiles: Administrator Platform: Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe (ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0372402.inf_amd64_ac618ec7b5ee5b9e\B372333\atieclxx.exe (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0372402.inf_amd64_ac618ec7b5ee5b9e\B372333\atiesrxx.exe (Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <21> (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe <2> (Spotify AB -> Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe <6> (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe [1343072 2021-11-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:maps;cortana;cortana-language;windowsinsider;windowsinsider-optin;windowsdefender;findmydevice HKLM\...\Policies\Explorer: [DisableThumbnails] 0 HKU\S-1-5-21-3116131230-4231881200-3627952479-500\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Administrator\AppData\Local\Microsoft\Teams\Update.exe [2454240 2021-10-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3116131230-4231881200-3627952479-500\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-14] (Valve -> Valve Corporation) HKU\S-1-5-21-3116131230-4231881200-3627952479-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [18750392 2021-11-12] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3116131230-4231881200-3627952479-500\...\Policies\Explorer: [DisableThumbnails] 0 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-02] (Google LLC -> Google LLC) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2021-11-05] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {023CB7AD-4A8A-478C-AD2E-758353FDBC26} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Administrator => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5968264 2021-01-14] (Janos Mathe -> H.D.S. Hungary) Task: {05DE8768-BD4C-4791-8A48-2E671B3188BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5729184 2021-10-26] (Microsoft Corporation -> Microsoft Corporation) Task: {18C9F0F9-4395-4792-B8C2-B8968646A951} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5729184 2021-10-26] (Microsoft Corporation -> Microsoft Corporation) Task: {621D49D4-A610-4369-8475-B4BEA6BA735E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-24] (Google LLC -> Google LLC) Task: {640F462A-A6F6-40A4-9461-A5689693EBFF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134528 2021-10-26] (Microsoft Corporation -> Microsoft Corporation) Task: {66454698-B26B-4E8F-810F-93990EEAFF91} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {66F9F1F2-9CCB-41C0-AC57-E13F6CE790F1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134528 2021-10-26] (Microsoft Corporation -> Microsoft Corporation) Task: {70F52E6D-4469-4437-B254-D777543325CF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation) Task: {737C5988-F45F-495C-9DF5-29F34AB03EB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-10-24] (Google LLC -> Google LLC) Task: {78520E64-D839-41B0-A84A-03F2A2046E11} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {AA43D874-627C-4514-A883-13563370F491} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation) Task: {BD82B8F6-9EB3-4445-A6F6-F0D141839BA2} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3978624 2021-11-07] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{85e5b068-01de-4340-9521-067489c3214a}: [DhcpNameServer] 192.168.1.1 192.168.68.1 Tcpip\..\Interfaces\{fbd4d86f-cec4-462b-ba9a-9766c4904c70}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-17] Edge HKU\S-1-5-21-3116131230-4231881200-3627952479-500\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx <not found> FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-26] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-11-17] CHR Notifications: Default -> hxxps://meet.google.com; hxxps://web.skype.com CHR Extension: (Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-24] CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-24] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-24] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-24] CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-27] CHR Extension: (Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-24] CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-24] CHR Extension: (Pinterest Save Button) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-11-12] CHR Extension: (Grammarly for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-13] CHR Extension: (IDM Integration Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-11-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-24] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-24] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9250696 2021-10-03] (Microsoft Corporation -> Microsoft Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.205.1003.0005\FileSyncHelper.exe [3253120 2021-11-07] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-17] (Malwarebytes Inc -> Malwarebytes) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.205.1003.0005\OneDriveUpdaterService.exe [3721600 2021-11-07] (Microsoft Corporation -> Microsoft Corporation) R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-11-09] (ADLICE (ASCOET JULIEN) -> ) S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation) S3 ucldr_MirTrilogy4_ST; C:\Program Files\Common Files\UNCHEATER\ucldr_MirTrilogy4_ST.exe [6958832 2021-11-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0372402.inf_amd64_ac618ec7b5ee5b9e\B372333\amdkmdag.sys [80502832 2021-11-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-11-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-17] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 MpKslb5ac9409; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E83B88D7-B4CB-42D0-A53E-D756926098AE}\MpKslDrv.sys [130296 2021-11-16] (Microsoft Windows -> Microsoft Corporation) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-11-16] (Adlice -> ) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-03] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-03] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [2729456 2021-11-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-17 11:57 - 2021-11-17 11:58 - 000015767 _____ C:\Users\Administrator\Downloads\FRST.txt 2021-11-17 11:55 - 2021-11-17 11:58 - 000000000 ____D C:\FRST 2021-11-17 11:51 - 2021-11-17 11:51 - 002311680 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2021-11-17 11:36 - 2021-11-17 11:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-11-17 11:36 - 2021-11-17 11:36 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-11-17 11:36 - 2021-11-17 11:36 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-11-17 11:36 - 2021-11-17 11:36 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-11-17 11:36 - 2021-11-17 11:36 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-11-17 11:36 - 2021-11-17 11:36 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-11-17 11:36 - 2021-11-17 11:36 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-11-17 11:36 - 2021-11-17 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam 2021-11-17 11:35 - 2021-11-17 11:35 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-11-17 11:35 - 2021-11-17 11:35 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-11-17 11:26 - 2021-11-17 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-11-17 11:25 - 2021-11-17 11:31 - 000000000 ____D C:\Program Files\Malwarebytes 2021-11-17 11:25 - 2021-11-17 11:25 - 002101944 _____ (Malwarebytes) C:\Users\Administrator\Downloads\MBSetup-119967.119967-consumer.exe 2021-11-17 11:25 - 2021-11-17 11:25 - 002101944 _____ (Malwarebytes) C:\Users\Administrator\Downloads\MBSetup-10789.10789-consumer.exe 2021-11-16 14:20 - 2021-11-16 19:55 - 002729456 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys 2021-11-16 14:20 - 2021-11-16 14:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\WELLBIA 2021-11-16 14:20 - 2021-11-16 14:20 - 000000000 ____D C:\Program Files\Common Files\UNCHEATER 2021-11-15 20:50 - 2021-11-15 20:55 - 000000000 ____D C:\ProgramData\ADiag 2021-11-15 20:50 - 2021-11-15 20:50 - 000000809 _____ C:\Users\Public\Desktop\Diag.lnk 2021-11-15 20:50 - 2021-11-15 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diag 2021-11-15 20:50 - 2021-11-15 20:50 - 000000000 ____D C:\Program Files\Diag 2021-11-15 20:48 - 2021-11-15 20:49 - 028374040 _____ (Adlice Software ) C:\Users\Administrator\Downloads\Diag_setup.exe 2021-11-15 20:22 - 2021-11-15 20:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\UnrealEngine 2021-11-15 12:34 - 2021-11-16 21:21 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys 2021-11-15 12:34 - 2021-11-15 18:05 - 000000000 ____D C:\ProgramData\RogueKiller 2021-11-15 12:34 - 2021-11-15 12:34 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2021-11-15 12:34 - 2021-11-15 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2021-11-15 12:34 - 2021-11-15 12:34 - 000000000 ____D C:\Program Files\RogueKiller 2021-11-15 12:32 - 2021-11-15 12:33 - 041652744 _____ (Adlice Software ) C:\Users\Administrator\Downloads\RogueKiller_setup.exe 2021-11-15 11:24 - 2021-11-15 11:24 - 000000223 _____ C:\Users\Administrator\Desktop\MIR4.url 2021-11-13 20:17 - 2021-11-13 20:17 - 000000000 ____D C:\WINDOWS\Minidump 2021-11-13 20:09 - 2021-11-13 20:09 - 000000000 ___HD C:\$SysReset 2021-11-13 19:11 - 2021-11-13 19:11 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-11-13 19:11 - 2021-11-13 19:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-11-13 19:11 - 2021-11-13 19:11 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-11-13 19:10 - 2021-11-13 19:10 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-11-13 18:51 - 2021-11-13 18:51 - 000000000 ___HD C:\$WinREAgent 2021-11-13 18:48 - 2021-11-13 18:48 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2021-11-13 18:48 - 2021-11-13 18:48 - 000000000 ____D C:\Program Files\PCHealthCheck 2021-11-12 23:14 - 2021-11-13 00:10 - 1529155584 _____ C:\Users\Administrator\Downloads\Win10_21H1_English_x64.iso 2021-11-12 22:05 - 2021-11-12 22:05 - 002688921 _____ C:\Users\Administrator\Downloads\Compound-Interest (1).pdf 2021-11-12 21:27 - 2021-11-12 21:27 - 002688921 _____ C:\Users\Administrator\Downloads\Compound-Interest.pdf 2021-11-12 21:14 - 2021-11-12 21:14 - 001507328 _____ C:\Users\Administrator\Downloads\Unconfirmed 273515.crdownload 2021-11-12 20:33 - 2021-11-12 20:33 - 578551808 _____ C:\Users\Administrator\Downloads\Unconfirmed 886685.crdownload 2021-11-12 15:31 - 2021-11-12 15:31 - 000035057 ____H C:\Users\Administrator\Downloads\~WRL0825.tmp 2021-11-12 14:49 - 2021-11-17 11:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Spotify 2021-11-12 14:49 - 2021-11-17 11:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Spotify 2021-11-12 14:49 - 2021-11-12 14:49 - 000726552 _____ (Spotify Ltd) C:\Users\Administrator\Downloads\SpotifySetup (1).exe 2021-11-12 14:49 - 2021-11-12 14:49 - 000001890 _____ C:\Users\Administrator\Desktop\Spotify.lnk 2021-11-12 14:49 - 2021-11-12 14:49 - 000001876 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2021-11-12 06:45 - 2021-11-13 20:23 - 093323264 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-11-12 06:39 - 2021-11-12 06:45 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2021-11-11 17:49 - 2021-11-11 17:49 - 000000219 _____ C:\Users\Administrator\Desktop\Dota 2.url 2021-11-11 16:47 - 2021-11-11 16:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-11-11 16:46 - 2021-11-11 16:47 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-11-11 16:46 - 2021-11-11 16:46 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-11-11 16:43 - 2021-11-11 16:43 - 000000000 ____D C:\ProgramData\ssh 2021-11-11 16:39 - 2021-11-11 16:39 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-11-11 16:39 - 2021-11-11 16:39 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-11-11 16:39 - 2021-11-11 16:39 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll 2021-11-11 16:39 - 2021-11-11 16:39 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll 2021-11-11 16:38 - 2021-11-11 16:38 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-11-11 16:37 - 2021-11-11 16:37 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-11-11 16:37 - 2021-11-11 16:37 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-11-11 16:37 - 2021-11-11 16:37 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-11-11 16:37 - 2021-11-11 16:37 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-11-11 16:36 - 2021-11-11 16:36 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2021-11-11 16:36 - 2021-11-11 16:36 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-11-11 16:36 - 2021-11-11 16:36 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-11-11 16:36 - 2021-11-11 16:36 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll 2021-11-11 16:36 - 2021-11-11 16:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-11-11 16:31 - 2021-11-11 16:31 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk 2021-11-11 09:33 - 2021-11-13 20:06 - 000000000 ____D C:\Users\Administrator\Documents\Sound recordings 2021-11-11 09:20 - 2021-11-11 09:20 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-11-11 09:18 - 2021-11-12 20:21 - 000000000 ____D C:\ProgramData\Packages 2021-11-11 09:18 - 2021-11-11 09:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers 2021-11-11 09:17 - 2021-11-11 09:17 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2021-11-11 09:17 - 2021-11-11 09:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore 2021-11-11 01:01 - 2021-11-16 21:27 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-11-11 01:01 - 2021-11-16 21:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-11-11 01:01 - 2021-11-13 18:59 - 000001908 _____ C:\WINDOWS\diagwrn.xml 2021-11-11 01:01 - 2021-11-13 18:59 - 000001908 _____ C:\WINDOWS\diagerr.xml 2021-11-11 01:01 - 2021-11-11 01:02 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-11-11 01:01 - 2021-11-11 01:02 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-11-11 01:01 - 2021-11-11 01:02 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2021-11-11 01:01 - 2021-11-11 01:01 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-11-11 01:01 - 2021-11-11 01:01 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-11-11 01:01 - 2021-11-11 01:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\HardDiskSentinel 2021-11-11 00:53 - 2021-11-16 21:20 - 000000000 ____D C:\Users\Administrator 2021-11-11 00:50 - 2021-11-17 11:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-11-11 00:50 - 2021-11-16 21:20 - 000008192 ___SH C:\DumpStack.log.tmp 2021-11-11 00:50 - 2021-11-13 20:20 - 000435384 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-11-10 21:20 - 2021-11-10 21:20 - 000066463 _____ C:\Users\Administrator\Downloads\FT Assignment 2B - Capsa Enterprises-bonavente.xlsx 2021-11-10 20:15 - 2021-11-10 20:49 - 000066471 _____ C:\Users\Administrator\Downloads\FT Assignment 2B - Capsa Enterprises.xlsx 2021-11-10 15:03 - 2021-11-13 16:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\karastar 2021-11-10 15:03 - 2021-11-10 15:03 - 000002303 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Karastar.lnk 2021-11-10 15:03 - 2021-11-10 15:03 - 000002295 _____ C:\Users\Administrator\Desktop\Karastar.lnk 2021-11-10 15:03 - 2021-11-10 15:03 - 000000000 ____D C:\Users\Administrator\AppData\Local\karastar-updater 2021-11-10 14:32 - 2021-11-10 14:32 - 000140028 _____ C:\Users\Administrator\Downloads\Template (2).xlsx 2021-11-09 16:08 - 2021-11-12 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2021-11-09 15:12 - 2021-11-09 15:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\CosmoViewerNG 2021-11-09 15:11 - 2021-11-12 16:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\CosmoViewerNG 2021-11-09 15:01 - 2021-11-09 15:01 - 1841852795 _____ C:\WINDOWS\MEMORY.DMP 2021-11-09 14:46 - 2021-11-09 14:46 - 000016722 _____ C:\Users\Administrator\Documents\FT Assignment No. 2 - Adie Enterprises-Bonavente.xlsx 2021-11-09 14:46 - 2021-11-09 14:46 - 000000165 ____H C:\Users\Administrator\Documents\~$FT Assignment No. 2 - Adie Enterprises-Bonavente.xlsx 2021-11-09 14:34 - 2021-11-09 14:45 - 000069403 _____ C:\Users\Administrator\Documents\FT Assignment No. 2 - Adie Enterprises.xlsx 2021-11-09 14:11 - 2021-11-09 14:32 - 000070063 _____ C:\Users\Administrator\Downloads\Template (1).xlsx 2021-11-09 14:11 - 2021-11-09 14:11 - 000140028 _____ C:\Users\Administrator\Downloads\Template.xlsx 2021-11-09 13:56 - 2021-11-13 18:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-11-09 13:54 - 2021-11-12 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-11-09 13:53 - 2021-11-09 15:05 - 000000000 ____D C:\Program Files\ruxim 2021-11-06 20:09 - 2021-11-06 20:09 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2021-11-06 18:46 - 2021-11-15 10:23 - 000000000 ___DC C:\WINDOWS\Panther 2021-11-06 07:25 - 2021-11-12 13:07 - 000000000 ____D C:\Program Files\Common Files\Adobe 2021-11-06 07:25 - 2021-11-06 18:00 - 000000000 ___HD C:\adobeTemp 2021-11-06 07:25 - 2021-11-06 17:59 - 000000000 ____D C:\Program Files\Adobe 2021-11-06 07:25 - 2021-11-06 07:25 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-11-06 07:24 - 2021-11-15 20:21 - 000000000 ____D C:\ProgramData\Package Cache 2021-11-06 07:24 - 2021-11-12 13:07 - 000000000 ____D C:\ProgramData\Adobe 2021-11-06 07:24 - 2021-11-06 07:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2021-11-05 20:26 - 2021-11-05 20:26 - 000087566 _____ C:\Users\Administrator\Downloads\translucenttaskbar_1_2_by_arkenthera_dausz1z.rmskin 2021-11-05 19:55 - 2021-11-05 19:55 - 000196227 _____ C:\Users\Administrator\Downloads\elementary-1-5.rmskin 2021-11-05 19:25 - 2021-11-05 20:26 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Rainmeter 2021-11-05 19:25 - 2021-11-05 19:25 - 000000000 ____D C:\Users\Administrator\Documents\Rainmeter 2021-11-05 19:24 - 2021-11-05 19:24 - 002451256 _____ (Rainmeter) C:\Users\Administrator\Downloads\Rainmeter-4.5.4.exe 2021-11-05 19:24 - 2021-11-05 19:24 - 000001707 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2021-11-05 19:24 - 2021-11-05 19:24 - 000000000 ____D C:\Program Files\Rainmeter 2021-11-05 17:15 - 2021-11-11 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-11-05 17:15 - 2021-11-11 00:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-11-05 16:56 - 2021-11-12 13:13 - 000000000 ____D C:\Program Files\WinRAR 2021-11-03 02:58 - 2021-11-03 02:58 - 001143176 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys 2021-11-03 02:48 - 2021-11-03 02:58 - 048046994 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2021-11-03 02:47 - 2021-11-03 02:48 - 006582064 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2021-11-03 02:43 - 2021-11-03 02:43 - 001860656 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2021-11-03 02:43 - 2021-11-03 02:43 - 001860656 _____ C:\WINDOWS\system32\vulkaninfo.exe 2021-11-03 02:42 - 2021-11-03 02:43 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2021-11-03 02:42 - 2021-11-03 02:43 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2021-11-03 02:42 - 2021-11-03 02:42 - 001107176 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 001107176 _____ C:\WINDOWS\system32\vulkan-1.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000959856 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000959856 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000788528 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000665648 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000193088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000172592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin 2021-11-03 02:42 - 2021-11-03 02:42 - 000149568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin 2021-11-03 02:42 - 2021-11-03 02:42 - 000134208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000082480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000067120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000038448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll 2021-11-03 02:42 - 2021-11-03 02:42 - 000035376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll 2021-11-03 02:41 - 2021-11-03 02:42 - 000121168 _____ C:\WINDOWS\system32\kapp_si.sbin 2021-11-03 02:41 - 2021-11-03 02:41 - 000548928 _____ C:\WINDOWS\system32\GameManager64.dll 2021-11-03 02:41 - 2021-11-03 02:41 - 000492096 _____ C:\WINDOWS\system32\dgtrayicon.exe 2021-11-03 02:41 - 2021-11-03 02:41 - 000482880 _____ C:\WINDOWS\system32\EEURestart.exe 2021-11-03 02:41 - 2021-11-03 02:41 - 000410176 _____ C:\WINDOWS\SysWOW64\GameManager32.dll 2021-11-03 02:41 - 2021-11-03 02:41 - 000335408 _____ C:\WINDOWS\system32\clinfo.exe 2021-11-03 02:41 - 2021-11-03 02:41 - 000128048 _____ C:\WINDOWS\system32\kapp_ci.sbin 2021-11-03 02:41 - 2021-11-03 02:41 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2021-11-03 02:41 - 2021-11-03 02:41 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2021-11-03 02:01 - 2021-11-03 02:01 - 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat 2021-11-03 02:01 - 2021-11-03 02:01 - 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat 2021-11-03 02:01 - 2021-11-03 02:01 - 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat 2021-11-03 02:01 - 2021-11-03 02:01 - 000157144 _____ C:\WINDOWS\system32\ativvsva.dat 2021-11-03 02:01 - 2021-11-03 02:01 - 000012344 _____ C:\WINDOWS\system32\brandingWS_RSX.bmp 2021-11-03 02:01 - 2021-11-03 02:01 - 000012344 _____ C:\WINDOWS\system32\brandingRSX.bmp 2021-11-03 02:01 - 2021-11-03 02:01 - 000000822 _____ C:\WINDOWS\system32\branding.bmp 2021-11-03 01:56 - 2021-11-03 01:57 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2021-11-03 01:50 - 2021-11-03 01:51 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2021-11-03 01:47 - 2021-11-03 01:47 - 000170032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2021-11-03 01:47 - 2021-11-03 01:47 - 000132656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2021-11-03 01:29 - 2021-11-03 01:29 - 000839720 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2021-11-03 01:29 - 2021-11-03 01:29 - 000251968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2021-11-03 01:29 - 2021-11-03 01:29 - 000211008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2021-11-03 01:29 - 2021-11-03 01:29 - 000158272 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2021-11-03 01:29 - 2021-11-03 01:29 - 000139704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2021-11-03 01:29 - 2021-11-03 01:29 - 000111088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2021-11-03 01:28 - 2021-11-03 01:29 - 000516136 _____ C:\WINDOWS\system32\atieah64.exe 2021-11-03 01:28 - 2021-11-03 01:28 - 000384576 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2021-11-03 01:28 - 2021-11-03 01:28 - 000130600 _____ C:\WINDOWS\system32\atidxx64.dll 2021-11-03 01:28 - 2021-11-03 01:28 - 000104512 _____ C:\WINDOWS\SysWOW64\atidxx32.dll 2021-11-03 01:16 - 2021-11-03 01:16 - 000460328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2021-11-03 01:16 - 2021-11-03 01:16 - 000193432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2021-11-03 01:16 - 2021-11-03 01:16 - 000157376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2021-11-03 01:15 - 2021-11-03 01:15 - 001386536 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2021-11-03 01:15 - 2021-11-03 01:15 - 001386536 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2021-11-03 01:15 - 2021-11-03 01:15 - 000562656 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2021-11-03 01:15 - 2021-11-03 01:15 - 000562656 _____ C:\WINDOWS\system32\atiapfxx.blb 2021-11-03 01:14 - 2021-11-03 01:15 - 001839680 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2021-11-03 01:14 - 2021-11-03 01:14 - 001528384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll 2021-11-03 01:14 - 2021-11-03 01:14 - 000061992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll 2021-11-03 01:14 - 2021-11-03 01:14 - 000011014 _____ C:\WINDOWS\system32\atiacmLocalisation.ini 2021-11-03 01:12 - 2021-11-03 01:12 - 000129064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll 2021-11-03 01:12 - 2021-11-03 01:12 - 000105024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll 2021-11-03 01:11 - 2021-11-03 01:12 - 001689408 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll 2021-11-03 01:11 - 2021-11-03 01:11 - 001368224 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll 2021-11-03 00:59 - 2021-11-03 00:59 - 000124968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2021-11-03 00:59 - 2021-11-03 00:59 - 000101424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2021-11-03 00:47 - 2021-11-03 00:59 - 058447000 _____ C:\WINDOWS\system32\amdxc64.so 2021-11-03 00:11 - 2021-11-03 00:11 - 000139728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2021-11-03 00:11 - 2021-11-03 00:11 - 000111064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2021-11-02 23:45 - 2021-11-02 23:45 - 000535568 _____ C:\WINDOWS\system32\amdmiracast.dll 2021-11-02 23:33 - 2021-11-02 23:33 - 000933416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2021-11-02 23:33 - 2021-11-02 23:33 - 000760880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2021-11-02 23:32 - 2021-11-02 23:33 - 000458288 _____ C:\WINDOWS\system32\amdlogum.exe 2021-11-02 23:32 - 2021-11-02 23:32 - 000202680 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll 2021-11-02 23:32 - 2021-11-02 23:32 - 000170232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll 2021-11-02 23:32 - 2021-11-02 23:32 - 000076237 _____ C:\WINDOWS\system32\AMDKernelEvents.man 2021-11-02 23:18 - 2021-11-02 23:32 - 069800488 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll 2021-11-02 23:16 - 2021-11-02 23:16 - 000548904 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2021-11-02 23:16 - 2021-11-02 23:16 - 000412200 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2021-11-02 23:15 - 2021-11-02 23:15 - 000150072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2021-11-02 23:15 - 2021-11-02 23:15 - 000141864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2021-11-02 23:15 - 2021-11-02 23:15 - 000125608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2021-11-02 23:15 - 2021-11-02 23:15 - 000122944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2021-11-02 23:01 - 2021-11-02 23:15 - 069085736 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll 2021-11-02 22:44 - 2021-11-02 23:01 - 084037672 _____ C:\WINDOWS\system32\amd_comgr.dll 2021-11-02 22:27 - 2021-11-02 22:27 - 000443192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdtee_api.dll 2021-11-02 22:27 - 2021-11-02 22:27 - 000356664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdtee_api.dll 2021-11-02 22:27 - 2021-11-02 22:27 - 000246200 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys 2021-11-02 22:27 - 2021-11-02 22:27 - 000055096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\Drivers\amdpsp.sys 2021-11-02 22:27 - 2021-11-02 22:27 - 000054984 _____ (Advanced Micro Devices, Inc) C:\WINDOWS\system32\Drivers\amdgpio2.sys 2021-11-02 22:27 - 2021-11-02 22:27 - 000033136 _____ (Advanced Micro Devices, Inc) C:\WINDOWS\system32\Drivers\amdgpio3.sys 2021-11-02 22:26 - 2021-11-09 13:51 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2021-11-02 22:23 - 2021-11-02 22:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\OneDrive 2021-11-02 20:24 - 2021-11-15 10:10 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-11-02 20:24 - 2021-11-15 10:10 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-11-02 20:20 - 2021-11-02 20:20 - 000000000 ____D C:\WINDOWS\CSC 2021-11-02 19:49 - 2021-11-12 13:13 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM 2021-11-02 19:49 - 2021-11-11 18:48 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache 2021-11-02 19:49 - 2021-11-02 19:49 - 000000000 ____D C:\Users\Administrator\Downloads\Video 2021-11-02 19:49 - 2021-11-02 19:49 - 000000000 ____D C:\ProgramData\IDM 2021-11-02 19:48 - 2021-11-12 13:14 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager 2021-10-28 18:49 - 2021-10-28 18:49 - 000142605 _____ C:\Users\Administrator\Downloads\ZAFE-MARC-DANIEL-FABM-ASSIGNMENT-1 (1).pdf 2021-10-28 14:46 - 2021-10-28 14:47 - 000142605 _____ C:\Users\Administrator\Downloads\ZAFE-MARC-DANIEL-FABM-ASSIGNMENT-1.pdf 2021-10-28 13:09 - 2021-11-15 11:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-10-28 13:09 - 2021-10-28 13:09 - 000000222 _____ C:\Users\Administrator\Desktop\Grand Theft Auto V.url 2021-10-28 12:59 - 2021-11-11 09:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2021-10-28 12:58 - 2021-10-28 12:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\Steam 2021-10-28 12:58 - 2021-10-28 12:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF 2021-10-28 12:48 - 2021-11-17 11:58 - 000000000 ____D C:\Program Files (x86)\Steam 2021-10-28 12:48 - 2021-11-11 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2021-10-28 12:48 - 2021-10-28 12:48 - 001770744 _____ C:\Users\Administrator\Downloads\SteamSetup.exe 2021-10-28 12:48 - 2021-10-28 12:48 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk 2021-10-27 21:51 - 2021-10-27 21:52 - 000180826 ____H C:\Users\Administrator\Downloads\~WRL1398.tmp 2021-10-27 11:03 - 2021-10-26 21:43 - 1786521444 _____ C:\Users\Administrator\Downloads\_Getintopc.com_Office_Pro_Plus_2021_v2109_Build_14430.20276.rar 2021-10-27 02:21 - 2021-10-27 02:21 - 000000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg 2021-10-27 01:32 - 2021-10-27 01:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub 2021-10-27 01:13 - 2021-10-27 01:13 - 000000000 ____D C:\Users\Administrator\Documents\Custom Office Templates 2021-10-26 22:18 - 2021-11-11 16:49 - 000000000 ____D C:\Program Files\UNP 2021-10-26 22:10 - 2021-10-26 22:10 - 000002404 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2021-10-26 22:10 - 2021-10-26 22:10 - 000002396 _____ C:\Users\Administrator\Desktop\Microsoft Teams.lnk 2021-10-26 22:10 - 2021-10-26 22:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Teams 2021-10-26 22:10 - 2021-10-26 22:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\SquirrelTemp 2021-10-26 22:03 - 2021-11-07 15:23 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-10-26 22:03 - 2021-10-26 22:03 - 000000000 ___RD C:\Users\Default\OneDrive 2021-10-26 22:03 - 2021-10-26 22:03 - 000000000 ___RD C:\Users\Administrator\OneDrive 2021-10-26 22:02 - 2021-10-26 22:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2021-10-26 22:02 - 2021-10-26 22:02 - 000000000 ____D C:\Program Files (x86)\Teams Installer 2021-10-26 22:01 - 2021-11-11 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-10-26 22:01 - 2021-10-26 22:01 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2021-10-26 22:01 - 2021-10-26 22:01 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2021-10-26 22:01 - 2021-10-26 22:01 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2021-10-26 22:01 - 2021-10-26 22:01 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2021-10-26 22:01 - 2021-10-26 22:01 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2021-10-26 22:01 - 2021-10-26 22:01 - 000002361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2021-10-26 22:01 - 2021-10-26 22:01 - 000002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2021-10-26 22:00 - 2021-10-26 22:02 - 000000000 ____D C:\Program Files\Microsoft Office 2021-10-26 22:00 - 2021-10-26 22:00 - 000000000 ____D C:\Program Files\Microsoft Office 15 2021-10-26 21:57 - 2021-11-05 17:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR 2021-10-26 20:54 - 2021-10-26 20:54 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms 2021-10-24 13:51 - 2021-11-13 19:02 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel 2021-10-24 13:51 - 2021-11-11 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel 2021-10-24 13:51 - 2021-10-24 13:51 - 000001156 _____ C:\Users\Administrator\Desktop\Hard Disk Sentinel.lnk 2021-10-24 13:51 - 2021-10-24 13:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hard Disk Sentinel 2021-10-24 13:50 - 2021-10-24 13:50 - 036324820 _____ C:\Users\Administrator\Downloads\hdsentinel_pro_setup.zip 2021-10-24 13:50 - 2021-10-24 13:50 - 000000000 ____D C:\Users\Administrator\Downloads\hdsentinel_pro_setup 2021-10-24 13:47 - 2021-10-24 13:47 - 000000000 ____L (lrepacks.ru) C:\Users\Administrator\Desktop\DriverEasy Portable 2021-10-24 13:47 - 2021-10-24 13:47 - 000000000 ____D C:\Program Files\DriverEasy 2021-10-24 13:43 - 2021-10-24 13:43 - 003581729 _____ C:\Users\Administrator\Downloads\Windows.10.Digital.Activation.CMD.zip 2021-10-24 13:43 - 2021-10-24 13:43 - 000000000 ____D C:\Users\Administrator\Downloads\Windows.10.Digital.Activation.CMD 2021-10-24 13:42 - 2021-11-11 00:58 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-10-24 13:42 - 2021-11-11 00:58 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-10-24 13:42 - 2021-10-27 11:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google 2021-10-24 13:42 - 2021-10-24 13:42 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD 2021-10-24 13:41 - 2021-11-17 11:11 - 000000000 ____D C:\Program Files (x86)\Google 2021-10-24 13:41 - 2021-10-24 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\wget 2021-10-24 13:41 - 2021-10-24 13:41 - 000000000 ____D C:\Program Files\Google 2021-10-24 13:33 - 2021-11-16 20:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache 2021-10-24 13:33 - 2021-10-28 13:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD 2021-10-24 13:31 - 2021-11-11 16:47 - 000000000 ____D C:\WINDOWS\system32\AMD 2021-10-24 13:31 - 2021-10-24 13:31 - 000000000 ____D C:\Program Files\AMD 2021-10-24 13:31 - 2019-10-30 17:20 - 005623256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPOU64.dll 2021-10-24 13:31 - 2019-10-30 17:20 - 001126344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll 2021-10-24 13:31 - 2019-10-30 17:20 - 000481888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2021-10-24 13:31 - 2019-10-30 14:20 - 000856288 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkAudUService64.exe 2021-10-24 13:31 - 2019-10-30 14:20 - 000821336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll 2021-10-24 13:31 - 2019-10-30 14:20 - 000215032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2021-10-24 13:23 - 2021-11-11 16:49 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2021-10-24 13:23 - 2021-11-11 16:31 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2021-10-24 13:23 - 2021-11-11 16:31 - 000000000 ____D C:\Program Files\CPUID 2021-10-24 13:23 - 2021-10-24 13:23 - 000000874 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2021-10-24 13:22 - 2021-11-15 12:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2021-10-24 13:22 - 2021-11-12 13:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2021-10-24 13:22 - 2021-11-11 09:17 - 000000000 ___RD C:\Users\Administrator\3D Objects 2021-10-24 13:22 - 2021-10-24 13:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2021-10-24 13:22 - 2019-11-27 07:11 - 000001580 _____ C:\Users\Administrator\Desktop\Ghost Toolbox.lnk 2021-10-24 13:18 - 2021-10-24 13:18 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2021-10-24 13:17 - 2021-11-13 20:17 - 000737294 ____N C:\WINDOWS\Minidump\111321-30312-01.dmp ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-11-17 11:35 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-11-17 11:08 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-11-16 21:54 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-11-16 21:54 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-11-16 21:27 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF 2021-11-16 19:36 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-11-13 20:19 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-11-13 20:18 - 2019-12-07 17:54 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-11-13 20:18 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-11-13 20:18 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-11-13 20:18 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing 2021-11-13 19:17 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-11-12 13:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-11-11 18:50 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-11-11 16:49 - 2019-12-07 17:18 - 000000000 ____D C:\WINDOWS\Setup 2021-11-11 16:49 - 2019-12-07 17:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-11-11 16:49 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-11-11 16:49 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-11-11 16:49 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-11-11 16:49 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-11-11 16:49 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-11-11 16:49 - 2019-03-19 12:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-11-11 16:43 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-11-11 16:43 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-11-11 16:43 - 2019-12-07 17:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\DDFs 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\IME 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-11-11 16:43 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-11-11 16:42 - 2019-12-07 17:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-11-11 16:42 - 2019-12-07 17:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2021-11-11 09:34 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-11-11 09:18 - 2021-07-15 17:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-11-11 01:03 - 2019-12-07 17:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2021-11-11 01:03 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\USOPrivate 2021-11-11 01:02 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-11-11 01:01 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-11-11 00:57 - 2019-12-07 17:14 - 000000000 __RHD C:\Users\Public\Libraries 2021-11-03 06:05 - 2021-07-15 17:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd ==================== Files in the root of some directories ======== 2021-10-27 02:21 - 2021-10-27 02:21 - 000000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488741 Share Posted November 17, 2021 Addition.txt.docx it wont let me post this because of the spam idunno. so im putting it in as a word file Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488757 Share Posted November 17, 2021 ohh i forgot about this Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/17/21 Scan Time: 11:42 AM Log File: 6e44ce96-4758-11ec-84fd-001a7dda7110.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.47270 License: Trial -System Information- OS: Windows 10 (Build 19042.1348) CPU: x64 File System: NTFS User: WIN-SKRMTT21HGK\Administrator -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 287398 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 4 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2021 ID:1488777 Share Posted November 17, 2021 Hello ILLUSION042, Do not see any specific malware or infection in the logs you`ve posted, did you also run Adwcleaner..? can I also see that log. Can you Disable Controlled Folder Access, reboot, does that male any difference..? https://www.tenforums.com/tutorials/113380-how-enable-disable-controlled-folder-access-windows-10-a.html Thank you, Kevin Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488789 Share Posted November 17, 2021 # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-10-26.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-17-2021 # Duration: 00:00:11 # OS: Windows 10 Pro # Scanned: 32012 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488790 Share Posted November 17, 2021 not even adw cleaner can search it Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488793 Share Posted November 17, 2021 is this a kind of a dangerous virus? i already changed my hdd. but nothing happens. if the virus is in the cracked OS is it searchable? Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2021 ID:1488794 Share Posted November 17, 2021 Is the operation system pirated..? Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488795 Share Posted November 17, 2021 yes Link to post Share on other sites More sharing options...
Solution kevinf80 Posted November 17, 2021 Solution ID:1488797 Share Posted November 17, 2021 Unfortunately I cannot offer any further help, piracy is not condoned at Malwarebytes Forums.... https://forums.malwarebytes.com/guidelines/ Link to post Share on other sites More sharing options...
ILLUSION042 Posted November 17, 2021 Author ID:1488801 Share Posted November 17, 2021 thanks a lot sir Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2021 ID:1488820 Share Posted November 17, 2021 Since this issue is resolved the topic will now be closed to prevent others from posting here. If you need assistance please start your own new topic and someone will be happy to assist you. Thanks Link to post Share on other sites More sharing options...
Recommended Posts