Windows 11- 64 bit.
I have a legal version that was upgraded via the windows insider beta tester program. Not the dev stream but the stable one. I am a week behind on schoolwork and my prof knows what's going on. I graduate in December, but this is really getting in the way. My wife lives in the Philippines and I am supposed to move there to be with her and I haven't seen her in two years, Please Help I don't want to get delayed longer because of this 
On 10/22 noticed changes to windows event viewer security logs admin logs and a number of other suspicious activities. Realized something was going on, restored the PC was not aware of current exploits with Windows 11, however other devices in the network have been affected. I do not know if my windows 11 PC was the original infection vector, my dads windows 7 work PC which is ssupposed to managed by his job remotely including I.T .... and we have Smart-Tv's an Ipad, and 2 mac book Pros. I am not allowed to fix the Macs, but plan on blocking their M.A.C.s and the other devices once I secure this device.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021
Ran by yoyoyo (administrator) on CRITZPC (Gigabyte Technology Co., Ltd. A320M-S2H) (02-11-2021 16:26:29)
Running from C:\Users\Stephany\Desktop
Loaded Profiles: Stephany & yoyoyo
: Microsoft Windows 11 Home Version 21H2 22000.282 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͲ237.inf_amd64_ca055f96f4d6d53c\B372174\atieclxx.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͲ237.inf_amd64_ca055f96f4d6d53c\B372174\atiesrxx.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <21>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.40\msedgewebview2.exe <6>
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe
0 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20034.345.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe [1343072 2021-08-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.40\Installer\setup.exe [2846096 2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\RunOnce: [{98358E01-00B9-46F1-90F3-9B5B63B12791}] => cmd.exe /C start /D "C:\Users\yoyoyo\AppData\Local\Temp\{98358E01-00B9-46F1-90F3-9B5B63B12791}" /B {4E4B4DA8-ABCF-4181-BFA1-2F81F9BE8498}.exe -accepteula -accepteulaksn -activeimages -postboot <==== ATTENTION
HKU\S-1-5-21-3678219419-748281994-263920046-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\hieva\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3678219419-748281994-263920046-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\hieva\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3678219419-748281994-263920046-1003\...\RunOnce: [Uninstall 21.050.0310.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\hieva\AppData\Local\Microsoft\OneDrive\21.050.0310.0001\amd64"
HKU\S-1-5-21-3678219419-748281994-263920046-1003\...\RunOnce: [Uninstall 21.050.0310.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\hieva\AppData\Local\Microsoft\OneDrive\21.050.0310.0001"
HKU\S-1-5-21-3678219419-748281994-263920046-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [831488 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3678219419-748281994-263920046-1008\...\RunOnce: [Uninstall 21.196.0921.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephany\AppData\Local\Microsoft\OneDrive\21.196.0921.0007"
HKU\S-1-5-21-3678219419-748281994-263920046-1011\...\RunOnce: [NetworkResetPostReboot] => netsh.exe trace postreset
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\95.1.31.88\Installer\chrmstp.exe [2021-11-02] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {45CF73C8-9A94-47C5-8E45-347738A58FC5} - \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser -> No File <==== ATTENTION
Task: {5743056B-3ACE-42C3-A636-51C23D2D1C3E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-11-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5C308380-FE34-4517-ADBB-40C56C75FFFB} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-11-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {AEE606C1-2943-46BD-A0C9-BF486C61196A} - \OneDrive Standalone Update Task-S-1-5-21-1733586790-1356426552-2423923172-500 -> No File <==== ATTENTION
Task: {B8F0DEC7-8392-4F57-9990-74FCB934033F} - \Microsoft\Windows\HelloFace\FODCleanupTask -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0ab8a956-13a0-427f-bc2e-82e966531cd5}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{a6886d97-dbf5-498d-881f-da58ec4883ee}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\yoyoyo\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-29]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-11-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-11-02] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-02] (Malwarebytes Inc -> Malwarebytes)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41376 2021-07-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryͲ237.inf_amd64_ca055f96f4d6d53c\B372174\amdkmdag.sys [80502320 2021-09-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64880 2020-11-11] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-02 16:26 - 2021-11-02 16:26 - 000011215 _____ C:\Users\Stephany\Desktop\FRST.txt
2021-11-02 16:24 - 2021-11-02 16:24 - 000000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-11-02 15:48 - 2021-11-02 15:48 - 002311168 _____ (Farbar) C:\Users\Stephany\Desktop\FRST64.exe
2021-11-02 15:10 - 2021-11-02 15:11 - 000000000 ____D C:\Users\Stephany\AppData\Local\BraveSoftware
2021-11-02 15:10 - 2021-11-02 15:10 - 000003438 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-11-02 15:10 - 2021-11-02 15:10 - 000003314 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-11-02 15:10 - 2021-11-02 15:10 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-11-02 15:10 - 2021-11-02 15:10 - 000002403 _____ C:\Users\Public\Desktop\Brave.lnk
2021-11-02 15:10 - 2021-11-02 15:10 - 000000000 ____D C:\Program Files\BraveSoftware
2021-11-02 15:10 - 2021-11-02 15:10 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-11-02 15:07 - 2021-11-02 15:09 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-11-02 15:07 - 2021-11-02 15:09 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-11-02 15:07 - 2021-11-02 15:08 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-11-02 15:04 - 2021-11-02 15:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-02 15:04 - 2021-11-02 15:04 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-02 14:49 - 2021-11-02 16:26 - 000000000 ____D C:\FRST
2021-11-02 14:17 - 2021-11-02 14:17 - 000000000 ___HD C:\$SysReset
2021-11-02 14:10 - 2021-11-02 14:10 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\CrashDumps
2021-10-31 20:44 - 2021-10-31 20:44 - 000000000 ____D C:\Users\Stephany\AppData\Local\ToastNotificationManagerCompat
2021-10-31 20:44 - 2021-10-31 20:44 - 000000000 ____D C:\Users\Stephany\AppData\Local\ProtonVPN
2021-10-31 20:33 - 2021-11-02 14:26 - 000000000 ____D C:\WINDOWS\pss
2021-10-31 17:10 - 2021-10-31 17:10 - 000000000 ____D C:\Users\Stephany\AppData\Roaming\Adobe
2021-10-31 15:27 - 2021-10-31 15:27 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\mbam
2021-10-31 15:26 - 2021-11-02 14:52 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-31 15:26 - 2021-11-02 14:52 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-10-31 15:26 - 2021-11-02 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-10-31 15:26 - 2021-11-02 14:52 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-31 15:26 - 2021-10-31 15:26 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-10-31 15:26 - 2021-10-31 15:26 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-10-31 15:26 - 2021-10-31 15:26 - 000000000 ____D C:\Users\Stephany\AppData\Local\mbam
2021-10-31 15:09 - 2021-10-31 15:11 - 000304706 _____ C:\TDSSKiller.3.1.0.28_31.10.2021_15.09.51_log.txt
2021-10-31 15:03 - 2021-10-31 15:05 - 000304590 _____ C:\TDSSKiller.3.1.0.28_31.10.2021_15.03.25_log.txt
2021-10-31 14:55 - 2021-10-31 14:58 - 000007902 _____ C:\TDSSKiller.3.1.0.28_31.10.2021_14.55.58_log.txt
2021-10-31 14:49 - 2021-10-31 14:49 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2021-10-31 14:28 - 2021-10-31 14:28 - 000000000 ____D C:\Users\Stephany\AppData\Local\Comms
2021-10-31 14:19 - 2021-10-31 14:19 - 000000000 ____D C:\Users\Stephany\AppData\Local\OneDrive
2021-10-31 14:13 - 2021-10-31 14:13 - 000000000 ____D C:\Users\Stephany\AppData\Local\VirtualStore
2021-10-31 14:12 - 2021-11-02 16:05 - 000000000 ____D C:\Users\Stephany\AppData\Local\D3DSCache
2021-10-31 14:12 - 2021-11-02 15:56 - 000000000 ____D C:\Users\Stephany\AppData\Local\Packages
2021-10-31 14:12 - 2021-10-31 14:12 - 000000000 ____D C:\Users\Stephany\AppData\Local\Publishers
2021-10-31 14:12 - 2021-10-31 14:12 - 000000000 ____D C:\Users\Stephany\AppData\Local\ConnectedDevicesPlatform
2021-10-31 14:12 - 2021-10-31 14:12 - 000000000 ____D C:\Users\Stephany\AppData\Local\AMD
2021-10-30 18:54 - 2021-10-30 18:54 - 000000020 ___SH C:\Users\Stephany\ntuser.ini
2021-10-30 18:53 - 2021-11-02 14:46 - 000545650 _____ C:\WINDOWS\ntbtlog.txt
2021-10-30 18:53 - 2021-11-02 14:23 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-10-30 02:56 - 2021-10-30 02:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-10-30 02:56 - 2021-10-29 23:11 - 000000000 ____D C:\WINDOWS\Panther
2021-10-30 02:56 - 2021-10-29 23:11 - 000000000 ____D C:\Windows.old
2021-10-30 02:56 - 2021-09-26 13:28 - 000000746 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
2021-10-30 02:56 - 2020-10-24 14:30 - 000000573 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2021-10-30 02:56 - 2020-02-07 16:37 - 000000830 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2021-10-30 02:56 - 2019-10-17 16:59 - 000084732 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2021-10-30 02:55 - 2021-10-30 02:55 - 000000000 ____D C:\WINDOWS\system32\Samsung
2021-10-30 02:54 - 2021-10-30 02:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 __RSD C:\WINDOWS\SysWOW64\WindowsDevicePortal
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ___RD C:\WINDOWS\WebManagement
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\Setup
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\addins
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\ProgramData\ssh
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\Program Files\MSBuild
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-10-30 02:54 - 2021-10-30 02:54 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\0409
2021-10-30 02:53 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\DigitalLocker
2021-10-30 02:51 - 2021-11-02 15:56 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-30 02:51 - 2021-11-02 15:55 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-30 02:51 - 2021-11-02 15:55 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-10-30 02:51 - 2021-11-02 15:55 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-30 02:51 - 2021-11-02 15:55 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-10-30 02:51 - 2021-11-02 15:32 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-30 02:51 - 2021-11-02 15:10 - 000000000 ___RD C:\Program Files (x86)
2021-10-30 02:51 - 2021-11-02 15:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-30 02:51 - 2021-11-02 14:54 - 000000000 ____D C:\WINDOWS\appcompat
2021-10-30 02:51 - 2021-10-31 16:22 - 000000000 ____D C:\WINDOWS\system32\spool
2021-10-30 02:51 - 2021-10-31 16:22 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-30 02:51 - 2021-10-31 15:38 - 000000000 ____D C:\WINDOWS\Registration
2021-10-30 02:51 - 2021-10-31 15:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-30 02:51 - 2021-10-31 14:28 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-10-30 02:51 - 2021-10-31 14:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-30 02:51 - 2021-10-30 02:56 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-10-30 02:51 - 2021-10-30 02:56 - 000000000 __RHD C:\Users\Public\Libraries
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\SystemApps
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\setup
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\id-ID
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2021-10-30 02:51 - 2021-10-30 02:54 - 000000000 ____D C:\WINDOWS\OCR
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\system32\Com
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\IME
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\Help
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\WINDOWS\BrowserCore
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\Program Files\Windows NT
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\Program Files\Common Files\System
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\Program Files (x86)\Windows NT
2021-10-30 02:51 - 2021-10-30 02:53 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\system32\Nui
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\WUModels
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Web
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\WaaS
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Vss
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\UUS
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\tracing
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\TAPI
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\winevt
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\ras
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\Pbr
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\IME
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\icsxml
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\ias
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\DriverState
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\downlevel
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\System
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SKB
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\security
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\schemas
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\SchCache
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Resources
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\rescache
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Provisioning
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\PLA
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Performance
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\ModemLogs
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Media
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\L2Schemas
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\InputMethod
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\IdentityCRL
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Globalization
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Cursors
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Containers
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\Branding
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\ProgramData\USOShared
2021-10-30 02:51 - 2021-10-30 02:51 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2021-10-30 02:51 - 2021-10-30 02:50 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2021-10-30 02:51 - 2021-10-30 02:50 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2021-10-30 02:51 - 2021-10-30 02:50 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2021-10-30 02:51 - 2021-10-30 02:50 - 000078336 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2021-10-30 02:51 - 2021-10-30 02:50 - 000021047 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-10-30 02:51 - 2021-10-30 02:50 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2021-10-30 02:51 - 2021-10-30 02:50 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2021-10-30 02:51 - 2021-10-30 02:50 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2021-10-30 02:51 - 2021-10-30 02:50 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2021-10-30 02:51 - 2021-10-30 02:50 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2021-10-30 02:51 - 2021-10-30 02:50 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2021-10-30 02:51 - 2021-10-29 23:42 - 000000000 ____D C:\Program Files\Windows Defender
2021-10-30 02:51 - 2021-10-29 23:12 - 000000000 ____D C:\ProgramData\USOPrivate
2021-10-30 02:51 - 2021-10-29 23:11 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-30 02:51 - 2021-10-29 23:04 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-10-30 02:51 - 2021-10-29 23:03 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-30 02:51 - 2021-10-29 23:02 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-30 02:51 - 2021-10-29 22:57 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2021-10-30 02:50 - 2021-11-02 16:26 - 000000000 ____D C:\WINDOWS\INF
2021-10-30 02:48 - 2021-11-02 16:04 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-30 02:48 - 2021-11-02 15:57 - 000000000 ____D C:\WINDOWS\servicing
2021-10-30 02:48 - 2021-11-02 15:07 - 099614720 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-10-30 02:48 - 2021-11-02 15:07 - 016252928 _____ C:\WINDOWS\system32\config\SYSTEM
2021-10-30 02:48 - 2021-11-02 15:07 - 001048576 _____ C:\WINDOWS\system32\config\DEFAULT
2021-10-30 02:48 - 2021-11-02 15:07 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-30 02:48 - 2021-11-02 15:07 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2021-10-30 02:48 - 2021-11-02 15:07 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2021-10-30 02:48 - 2021-10-30 02:51 - 000000000 ____D C:\WINDOWS\system32\SMI
2021-10-30 02:48 - 2021-10-29 22:57 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-10-29 23:52 - 2021-10-29 23:52 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3678219419-748281994-263920046-1011
2021-10-29 23:52 - 2021-10-29 23:52 - 000002374 _____ C:\Users\yoyoyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-29 23:52 - 2021-10-29 23:52 - 000000000 ____D C:\Users\yoyoyo\AppData\LocalLow\AMD
2021-10-29 23:52 - 2021-10-29 23:52 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\VirtualStore
2021-10-29 23:52 - 2021-10-29 23:52 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\OneDrive
2021-10-29 23:50 - 2021-10-31 18:55 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\D3DSCache
2021-10-29 23:50 - 2021-10-30 18:40 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\Packages
2021-10-29 23:50 - 2021-10-29 23:50 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\Publishers
2021-10-29 23:50 - 2021-10-29 23:50 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\ConnectedDevicesPlatform
2021-10-29 23:50 - 2021-10-29 23:50 - 000000000 ____D C:\Users\yoyoyo\AppData\Local\AMD
2021-10-29 23:45 - 2021-10-29 23:45 - 000000000 ____D C:\Users\hieva\AppData\Local\Comms
2021-10-29 23:42 - 2021-10-29 23:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-29 23:42 - 2021-10-29 23:42 - 000000020 ___SH C:\Users\yoyoyo\ntuser.ini
2021-10-29 23:41 - 2021-10-29 23:41 - 000000000 ____D C:\Users\hieva\AppData\Local\PlaceholderTileLogoFolder
2021-10-29 23:39 - 2021-10-29 23:45 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3678219419-748281994-263920046-1003
2021-10-29 23:39 - 2021-10-29 23:45 - 000002387 _____ C:\Users\hieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-29 23:39 - 2021-10-29 23:39 - 000000000 ____D C:\Users\hieva\AppData\Local\VirtualStore
2021-10-29 23:39 - 2021-10-29 23:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-10-29 23:37 - 2021-10-29 23:46 - 000000000 ____D C:\Users\hieva\AppData\Local\Packages
2021-10-29 23:37 - 2021-10-29 23:37 - 000000000 ____D C:\Users\hieva\AppData\Local\Publishers
2021-10-29 23:36 - 2021-10-29 23:47 - 000000000 ____D C:\Users\hieva\AppData\Local\D3DSCache
2021-10-29 23:36 - 2021-10-29 23:37 - 000000000 ____D C:\Users\hieva\AppData\Local\ConnectedDevicesPlatform
2021-10-29 23:36 - 2021-10-29 23:36 - 000000020 ___SH C:\Users\hieva\ntuser.ini
2021-10-29 23:36 - 2021-10-29 23:36 - 000000000 ____D C:\Users\hieva\AppData\Local\AMD
2021-10-29 23:10 - 2021-11-02 16:26 - 000848772 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-29 23:07 - 2021-10-29 23:07 - 000000000 _SHDL C:\Users\Default User
2021-10-29 23:07 - 2021-10-29 23:07 - 000000000 _SHDL C:\Users\All Users
2021-10-29 23:04 - 2021-10-31 14:13 - 000000000 ____D C:\Users\yoyoyo
2021-10-29 23:04 - 2021-10-31 14:12 - 000000000 ____D C:\Users\Stephany
2021-10-29 23:04 - 2021-10-29 23:37 - 000000000 ____D C:\Users\hieva
2021-10-29 23:04 - 2021-10-29 23:06 - 000000000 ____D C:\Users\DevToolsUser
2021-10-29 23:04 - 2021-06-05 08:04 - 000001281 _____ C:\Users\yoyoyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2021-10-29 23:04 - 2021-06-05 08:04 - 000001281 _____ C:\Users\Stephany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2021-10-29 23:04 - 2021-06-05 08:04 - 000001281 _____ C:\Users\hieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2021-10-29 23:04 - 2021-06-05 08:04 - 000001281 _____ C:\Users\DevToolsUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2021-10-29 23:04 - 2021-06-05 08:04 - 000000407 _____ C:\Users\yoyoyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2021-10-29 23:04 - 2021-06-05 08:04 - 000000407 _____ C:\Users\Stephany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2021-10-29 23:04 - 2021-06-05 08:04 - 000000407 _____ C:\Users\hieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2021-10-29 23:04 - 2021-06-05 08:04 - 000000407 _____ C:\Users\DevToolsUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2021-10-29 22:57 - 2021-11-02 15:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-29 22:57 - 2021-11-02 15:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-29 22:57 - 2021-11-02 15:07 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-10-29 22:57 - 2021-11-02 14:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-29 22:57 - 2021-10-31 14:29 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-29 22:57 - 2021-10-31 14:29 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-29 22:57 - 2021-10-29 23:11 - 000000000 ____D C:\Program Files\AMD
2021-10-29 22:57 - 2021-10-29 22:57 - 000293560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-29 22:57 - 2021-10-29 22:57 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-29 22:57 - 2021-10-29 22:57 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-29 22:57 - 2021-10-29 22:57 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-10-29 22:57 - 2021-10-29 22:57 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-10-29 21:14 - 2021-10-29 21:14 - 000589824 _____ C:\WINDOWS\system32\TpmDiagnostics.exe
2021-10-29 21:13 - 2021-10-29 21:13 - 000727576 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-10-29 21:13 - 2021-10-29 21:13 - 000617648 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000614400 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-10-29 21:13 - 2021-10-29 21:13 - 000425984 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000360448 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000335872 _____ C:\WINDOWS\system32\Windows.Internal.UI.Dialogs.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000267264 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Dialogs.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssText3d.scr
2021-10-29 21:13 - 2021-10-29 21:13 - 000221184 _____ C:\WINDOWS\SysWOW64\Microsoft.Internal.FrameworkUdk.System.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000180224 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000121344 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-10-29 21:13 - 2021-10-29 21:13 - 000099560 _____ C:\WINDOWS\system32\wow64con.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe
2021-10-29 21:13 - 2021-10-29 21:13 - 000041594 _____ C:\WINDOWS\SysWOW64\ctac.json
2021-10-29 21:13 - 2021-10-29 21:13 - 000036864 _____ C:\WINDOWS\system32\umpodev.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000024576 _____ C:\WINDOWS\system32\nrtapi.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000014610 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-29 21:13 - 2021-10-29 21:13 - 000009522 _____ C:\WINDOWS\system32\ResPriUHMImageList
2021-10-29 21:13 - 2021-10-29 21:13 - 000009522 _____ C:\WINDOWS\system32\ResPriImageList
2021-10-29 21:13 - 2021-10-29 21:13 - 000009522 _____ C:\WINDOWS\system32\ResPriHMImageList
2021-10-29 21:13 - 2021-10-29 21:13 - 000009402 _____ C:\WINDOWS\system32\ResPriHMImageListLowCost
2021-10-29 21:13 - 2021-10-29 21:13 - 000008964 _____ C:\WINDOWS\system32\ResPriLMImageList
2021-10-29 21:13 - 2021-10-29 21:13 - 000008870 _____ C:\WINDOWS\system32\ResPriImageListLowCost
2021-10-29 21:13 - 2021-10-29 21:13 - 000006656 _____ C:\WINDOWS\SysWOW64\nrtapi.dll
2021-10-29 21:13 - 2021-10-29 21:13 - 000003366 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2021-10-29 21:13 - 2021-10-29 21:13 - 000003366 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2021-10-29 21:12 - 2021-10-29 21:12 - 000311296 _____ C:\WINDOWS\system32\Microsoft.Internal.FrameworkUdk.System.dll
2021-10-29 21:12 - 2021-10-29 21:12 - 000258048 _____ C:\WINDOWS\system32\CoreMas.dll
2021-10-29 21:12 - 2021-10-29 21:12 - 000215552 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2021-10-29 21:12 - 2021-10-29 21:12 - 000208896 _____ C:\WINDOWS\system32\IHDS.dll
2021-10-29 21:12 - 2021-10-29 21:12 - 000172032 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-10-29 21:12 - 2021-10-29 21:12 - 000167936 _____ C:\WINDOWS\system32\TpmTool.exe
2021-10-29 21:12 - 2021-10-29 21:12 - 000041594 _____ C:\WINDOWS\system32\ctac.json
2021-10-29 21:11 - 2021-10-29 21:11 - 000451072 _____ C:\WINDOWS\SysWOW64\TpmDiagnostics.exe
2021-10-29 21:11 - 2021-06-04 23:20 - 000397312 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2021-10-29 21:11 - 2021-06-04 22:43 - 000353792 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2021-10-28 19:05 - 2021-10-28 19:05 - 000013174 _____ C:\TDSSKiller.3.1.0.28_28.10.2021_19.05.00_log.txt
2021-10-28 17:38 - 2021-10-28 17:39 - 000324782 _____ C:\TDSSKiller.3.1.0.28_28.10.2021_17.38.27_log.txt
2021-10-28 17:38 - 2021-10-28 17:38 - 000000562 _____ C:\TDSSKiller.3.1.0.28_28.10.2021_17.38.19_log.txt
2021-10-28 17:33 - 2021-10-28 17:33 - 000000712 _____ C:\Users\Stephany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TDSSKiller_Quarantine.lnk
2021-10-28 15:08 - 2021-10-28 15:08 - 000000000 ___HD C:\$WinREAgent
2021-10-28 14:36 - 2021-10-28 14:36 - 000000000 ____D C:\RegBackup
2021-10-28 14:29 - 2021-10-28 14:29 - 000000000 ___DL C:\Documents and Settings
2021-10-28 14:18 - 2021-10-30 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-10-28 14:06 - 2021-10-28 17:39 - 000000000 ____D C:\TDSSKiller_Quarantine
2021-10-28 14:05 - 2021-10-28 14:10 - 000000000 ____D C:\AdwCleaner
2021-10-28 14:00 - 2021-10-28 14:02 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Stephany\Desktop\tdsskiller.exe
2021-10-28 13:55 - 2021-10-28 13:55 - 000000000 ____D C:\Users\Stephany\AppData\LocalLow\Adobe
2021-10-28 13:07 - 2021-10-28 13:07 - 000000000 ____H C:\Users\Stephany\Documents\Default.rdp
2021-10-28 13:07 - 2021-09-30 10:46 - 001860656 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-10-28 13:07 - 2021-09-30 10:46 - 001860656 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-10-28 13:07 - 2021-09-30 10:46 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-10-28 13:07 - 2021-09-30 10:46 - 001440304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-10-28 13:07 - 2021-09-30 10:46 - 001107176 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 001107176 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000959856 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000959856 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000788528 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000665648 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000548912 _____ C:\WINDOWS\system32\GameManager64.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000482864 _____ C:\WINDOWS\system32\EEURestart.exe
2021-10-28 13:07 - 2021-09-30 10:46 - 000410160 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000193072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000172592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000149552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000134192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000082480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000067120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000038448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2021-10-28 13:07 - 2021-09-30 10:46 - 000035376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 084037672 _____ C:\WINDOWS\system32\amd_comgr.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 069076544 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 001839664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 001528360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 001386544 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 001386544 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000837680 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2021-10-28 13:07 - 2021-09-30 10:45 - 000516144 _____ C:\WINDOWS\system32\atieah64.exe
2021-10-28 13:07 - 2021-09-30 10:45 - 000492080 _____ C:\WINDOWS\system32\dgtrayicon.exe
2021-10-28 13:07 - 2021-09-30 10:45 - 000460336 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000384544 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2021-10-28 13:07 - 2021-09-30 10:45 - 000335400 _____ C:\WINDOWS\system32\clinfo.exe
2021-10-28 13:07 - 2021-09-30 10:45 - 000251952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000210992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000193440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000170032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000158256 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000157360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000132656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000130608 _____ C:\WINDOWS\system32\atidxx64.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000129056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000124968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000105000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000104496 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000101416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000062000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2021-10-28 13:07 - 2021-09-30 10:45 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 069800496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 001689392 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 001368240 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000933408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000760880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000548912 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000535568 _____ C:\WINDOWS\system32\amdmiracast.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000458288 _____ C:\WINDOWS\system32\amdlogum.exe
2021-10-28 13:07 - 2021-09-30 10:44 - 000412224 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000202680 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000170232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000139728 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000139712 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000111088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2021-10-28 13:07 - 2021-09-30 10:44 - 000111072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2021-10-28 13:07 - 2021-09-30 10:43 - 000150088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2021-10-28 13:07 - 2021-09-30 10:43 - 000125592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2021-10-28 13:07 - 2021-09-29 16:27 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2021-10-28 13:07 - 2021-09-29 16:27 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2021-10-28 13:07 - 2021-09-29 16:25 - 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2021-10-28 13:07 - 2021-09-29 16:25 - 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2021-10-28 13:07 - 2021-09-29 16:25 - 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2021-10-28 13:07 - 2021-09-29 16:25 - 000157144 _____ C:\WINDOWS\system32\ativvsva.dat
2021-10-28 13:07 - 2021-09-29 16:14 - 000562656 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2021-10-28 13:07 - 2021-09-29 16:14 - 000562656 _____ C:\WINDOWS\system32\atiapfxx.blb
2021-10-28 13:07 - 2021-09-29 14:31 - 058410136 _____ C:\WINDOWS\system32\amdxc64.so
2021-10-28 13:07 - 2020-12-08 13:15 - 000128048 _____ C:\WINDOWS\system32\kapp_ci.sbin
2021-10-28 13:07 - 2020-12-01 23:56 - 000012344 _____ C:\WINDOWS\system32\brandingRSX.bmp
2021-10-28 13:07 - 2020-10-21 21:36 - 000012344 _____ C:\WINDOWS\system32\brandingWS_RSX.bmp
2021-10-28 13:07 - 2020-08-05 00:50 - 000011014 _____ C:\WINDOWS\system32\atiacmLocalisation.ini
2021-10-28 13:07 - 2020-07-17 11:29 - 000076237 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2021-10-28 13:07 - 2020-05-22 08:23 - 000000822 _____ C:\WINDOWS\system32\branding.bmp
2021-10-28 13:07 - 2019-01-11 15:27 - 000121168 _____ C:\WINDOWS\system32\kapp_si.sbin
2021-10-28 13:07 - 2016-09-02 08:24 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2021-10-28 13:07 - 2013-12-12 06:53 - 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2021-10-27 13:52 - 2021-10-31 14:54 - 000001894 _____ C:\Users\yoyoyo\Desktop\Rkill.txt
2021-10-26 18:35 - 2021-10-29 23:52 - 000000000 ___RD C:\Users\yoyoyo\OneDrive
2021-10-26 14:50 - 2021-11-02 15:54 - 000000000 ___RD C:\Users\Stephany\OneDrive
2021-10-26 14:50 - 2021-10-26 14:50 - 000000000 ____D C:\Users\Stephany\AppData\LocalLow\AMD
2021-10-25 01:02 - 2021-10-25 01:02 - 000048518 _____ C:\Users\hieva\Downloads\Shortcut.txt
2021-10-25 01:01 - 2021-10-25 01:02 - 000110736 _____ C:\Users\hieva\Downloads\Addition.txt
2021-10-25 00:58 - 2021-10-25 01:02 - 000084126 _____ C:\Users\hieva\Downloads\FRST.txt
2021-10-24 20:38 - 2018-10-01 09:25 - 003601699 _____ C:\Users\hieva\Desktop\quickref.pdf
2021-10-24 20:37 - 2021-10-24 20:37 - 003498000 _____ C:\Users\hieva\Downloads\quickref.zip
2021-10-22 16:03 - 2021-10-22 16:03 - 000000000 ____D C:\Users\hieva\AppData\LocalLow\Oracle
2021-10-11 18:38 - 2021-10-11 18:38 - 000006893 _____ C:\Users\hieva\-1.14-windows.xml
2021-10-11 17:07 - 2021-10-11 17:07 - 000000000 ____D C:\Users\hieva\AppData\LocalLow\AMD
2021-10-10 17:46 - 2021-10-10 17:46 - 001325560 _____ (Electronic Arts) C:\Users\hieva\Downloads\EADesktopInstaller.exe
2021-10-07 21:12 - 2021-10-03 09:37 - 000108872 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2021-10-07 21:06 - 2021-10-26 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Link For Windows
2021-10-07 21:06 - 2021-10-26 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2021-10-07 21:05 - 2021-10-26 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2021-10-07 16:04 - 2021-10-07 20:47 - 000000000 ____D C:\Users\hieva\AppData\LocalLow\BitTorrent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-02 15:55 - 2020-10-05 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-11-02 15:54 - 2019-05-22 14:16 - 000000000 ____D C:\ProgramData\Packages
2021-11-02 15:08 - 2021-04-23 15:20 - 000012288 ___SH C:\DumpStack.log.tmp
2021-10-31 14:12 - 2019-05-22 14:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-10-30 02:56 - 2021-07-08 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-10-30 02:56 - 2021-05-31 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2021-10-30 02:56 - 2021-03-26 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-10-30 02:56 - 2021-03-26 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Ryzen Master
2021-10-30 02:56 - 2021-03-25 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2021-10-30 02:56 - 2021-03-25 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2021-10-30 02:56 - 2021-03-15 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2021-10-30 02:56 - 2020-10-30 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2021-10-30 02:56 - 2020-10-24 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2021-10-30 02:56 - 2020-04-04 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2021-10-30 02:56 - 2020-02-07 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2021-10-30 02:56 - 2020-01-21 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2021-10-30 02:56 - 2019-12-05 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-10-29 23:45 - 2019-12-05 16:58 - 000000000 ___RD C:\Users\hieva\OneDrive
2021-10-29 23:07 - 2021-03-25 14:35 - 000000000 ____D C:\Users\hieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raven Core
2021-10-29 23:07 - 2021-02-12 12:48 - 000000000 ____D C:\Users\hieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2021-10-29 23:06 - 2020-03-25 09:51 - 000000000 ____D C:\Users\hieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-10-29 23:04 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-10-29 23:02 - 2019-05-22 15:07 - 000000000 ___HD C:\WINDOWS\OEM
2021-10-29 23:02 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-10-29 23:02 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-10-29 23:00 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Windows Security
2021-10-28 18:56 - 2020-07-24 14:35 - 000000000 ___HD C:\OneDriveTemp
2021-10-26 18:37 - 2021-04-27 19:04 - 000000000 ____D C:\Users\hieva\Desktop\Gopher
2021-10-26 18:37 - 2020-03-24 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-10-26 18:37 - 2020-01-27 15:07 - 000000000 ____D C:\Users\hieva\Desktop\Gaming Misc
2021-10-26 18:28 - 2020-09-25 13:40 - 000000000 ____D C:\Users\hieva\Desktop\School
2021-10-26 18:28 - 2020-03-24 12:48 - 000000000 ____D C:\Users\hieva\AppData\LocalLow\Sun
2021-10-26 18:25 - 2021-10-02 23:44 - 000000000 ___RD C:\Users\DevToolsUser\OneDrive
2021-10-08 14:51 - 2021-05-31 16:28 - 000000000 ___RD C:\Users\hieva\Desktop\Computer Care
2021-10-08 14:37 - 2021-09-24 22:41 - 000000000 ___RD C:\Users\hieva\Desktop\Windows BAT CMDs
2021-10-07 20:50 - 2019-10-17 15:39 - 000000000 ____D C:\AMD
2021-10-07 18:20 - 2020-02-08 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021
Ran by yoyoyo (02-11-2021 16:27:35)
Running from C:\Users\Stephany\Desktop
Microsoft Windows 11 Home Version 21H2 22000.282 (X64) (2021-10-30 03:11:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3678219419-748281994-263920046-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3678219419-748281994-263920046-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-3678219419-748281994-263920046-1010 - Limited - Enabled) => C:\Users\DevToolsUser
Evan (S-1-5-21-3678219419-748281994-263920046-1003 - Limited - Enabled) => C:\Users\hieva
Guest (S-1-5-21-3678219419-748281994-263920046-501 - Limited - Disabled)
Stephany (S-1-5-21-3678219419-748281994-263920046-1008 - Limited - Enabled) => C:\Users\Stephany
WDAGUtilityAccount (S-1-5-21-3678219419-748281994-263920046-504 - Limited - Disabled)
yoyoyo (S-1-5-21-3678219419-748281994-263920046-1011 - Administrator - Enabled) => C:\Users\yoyoyo
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 95.1.31.88 - Brave Software Inc)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3678219419-748281994-263920046-1003\...\OneDriveSetup.exe) (Version: 21.215.1017.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3678219419-748281994-263920046-1011\...\OneDriveSetup.exe) (Version: 21.050.0310.0001 - Microsoft Corporation)
Windows 11 Installation Assistant (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.1341 - Microsoft Corporation)
Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30021.0_x64__0a9344xs7nr4m [2021-10-31] (Advanced Micro Devices Inc.) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3678219419-748281994-263920046-1008_Classes\CLSID\{cf735251-e329-04f3-083a-05eaa931c32c}\localserver32 -> D:\Program Files\ProtonVPN\ProtonVPN.exe (Proton Technologies AG -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-31] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-09-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-31] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-10-31 14:30 - 2021-10-31 14:30 - 000137152 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20034.345.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\88435295.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\88435295.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2021-11-02 16:24 - 2021-11-02 16:24 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3678219419-748281994-263920046-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\hieva\AppData\Local\Microsoft\BingWallpaperApp\WPImages\\20211026.jpg
HKU\S-1-5-21-3678219419-748281994-263920046-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3678219419-748281994-263920046-1010\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3678219419-748281994-263920046-1011\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-3678219419-748281994-263920046-1008\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [OpenSSH-Server-In-TCP] => (Block) C:\WINDOWS\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) C:\WINDOWS\system32\msra.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [MDNS-In-UDP-Domain-Active] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [Microsoft-Windows-WLANSvc-ASP-CP-In] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Block) C:\WINDOWS\system32\proximityuxhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-In-TCP] => (Block) C:\WINDOWS\system32\WUDFHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-UDP] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-TCP] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-In-TCP] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [CDPSvc-In-UDP] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [NVS-FrameServer-In-TCP-NoScope] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Block) C:\WINDOWS\system32\CastSrv.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [NVS-FrameServer-In-UDP-NoScope] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) C:\WINDOWS\system32\raserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) C:\WINDOWS\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{52E82FB4-76BE-481C-B5D4-ABEC51150317}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{AC911B61-4AD6-4C85-A349-A9506F378C5F}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{AF6D0DBF-D40D-4275-B3AA-F5249C093F35}] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
==================== Restore Points =========================
02-11-2021 16:04:28 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Get Shadow Copy Properties
Delete Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Execution Context: Coordinator
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Get Shadow Copy Properties
Delete Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Execution Context: Coordinator
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (11/02/2021 04:26:37 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}
Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
System errors:
=============
Error: (11/02/2021 04:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
This security ID may not be assigned as the owner of this object.
Error: (11/02/2021 04:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Workstation service terminated with the following error:
This security ID may not be assigned as the owner of this object.
Error: (11/02/2021 04:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
This security ID may not be assigned as the owner of this object.
Error: (11/02/2021 04:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Workstation service terminated with the following error:
This security ID may not be assigned as the owner of this object.
Error: (11/02/2021 04:06:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
This security ID may not be assigned as the owner of this object.
Error: (11/02/2021 04:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Workstation service terminated with the following error:
This security ID may not be assigned as the owner of this object.
Error: (11/02/2021 04:06:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
This security ID may not be assigned as the owner of this object.
Error: (11/02/2021 04:06:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Workstation service terminated with the following error:
This security ID may not be assigned as the owner of this object.
Windows Defender:
================Event[0]
Date: 2021-11-02 14:33:02
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Event[1]
Date: 2021-11-02 14:23:53
Description:
N/A
Event[2]
Date: 2021-11-02 14:00:26
Description:
N/A
Event[3]
Date: 2021-10-31 16:22:56
Description:
N/A
Event[4]
Date: 2021-10-31 14:53:27
Description:
N/A
==================== Memory info ===========================
BIOS: American Megatrends Inc. F41 07/30/2019
Motherboard: Gigabyte A320M-S2H-CF
Processor: AMD Ryzen 3 2300X Quad-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 16331.4 MB
Available physical RAM: 11621.47 MB
Total Virtual: 19275.4 MB
Available Virtual: 12647.54 MB
==================== Drives ================================
Drive c: ( Windows) (Fixed) (Total:237.84 GB) (Free:174.84 GB) NTFS
Drive d: (Hdd-Games) (Fixed) (Total:931.5 GB) (Free:382.11 GB) NTFS
\\?\Volume{065e2199-04d8-434c-a5a5-1196cf93352e}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.05 GB) NTFS
\\?\Volume{4ba2b144-7a0b-482f-9e76-397d4ebc8eef}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 16AE8E4B)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Edited by ItzCritz, 02 November 2021 - 04:05 PM.
