Tools

Unsure of the "name" but i've actively quirentined 40, seem to have dns issues

WoodworkersHaven.com is the utmost resource for Professionals and also diyers who would like to know even more regarding the woodworking market and also improve their skills. Appreciate this post


over all if i'm not paying attention my computer run decent, but scans keep finding things, and when i reformat i end up with the same issues...  Mod Edit:  Deleted inadvertent dupe - Hamluis.

i have done a bit of research and a few of things in my registry lead to   Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'wzdu47.exe' (hybrid-analysis.com)  

when i look up some of the ip's associated they do lead to a file or at least the same file name, august.pdf, on Totalvirus

i'm lead to believe this is some  king of rootkit, driver kit, something that isnt taken care of with my reformat 

i find that all my drivers and being installed after a format from a file repository, with many things in that aren't drivers or don't seem to be associated with my system as i build it myself...  i have issues with files locking me out...  witch is overly annoying

i run my system daily ina none admin account and stick to well known web spaces

i don't download from untrusted sources anymore, i had way back but not at all sents my last last reformat

i do seem to also have an issue with dns according to my phone using my wifi starting today and i never had that issue before except on my computer where it seemed i was being direct occasionally to websites that where spoofed in some manor and could only tell cuase my pass word manager would fill things in but when i would go to those places a second time it would work just fine, in addition to websites that are normally secure i would get a warning that are not...   

any help would be greatly appreciated.... i'm not like an expert in computers but i do have a minor eduction in them... as i am taking my google IT support certs at the moment, and been a hobbiest for sometime.  but this ones stumping me. 

i can always answer question if that wasn't detailed enough. i've just been researching for days now and at the moment could not give a detail step by step recreation of my issues :-P

frst.txt

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022

Ran by Chris (administrator) on LEAVE_MY_SYSTEM (Gigabyte Technology Co., Ltd. B450M DS3H) (04-04-2022 17:15:35)

Running from C:\Users\benit\Downloads

Loaded Profiles: Chris

Platform: Microsoft Windows 11 Pro Version 21H2 22000.593 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe

(Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe

(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe -) (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe

(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe -) (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -) (Malwarebytes Inc - Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe -) (Microsoft Corporation - Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe 6

(DriverStore\FileRepositoryÍ·867.inf_amd64_755c7326c73377da\B377789\atiesrxx.exe -) (Advanced Micro Devices Inc. - AMD) C:\Windows\System32\DriverStore\FileRepositoryÍ·867.inf_amd64_755c7326c73377da\B377789\atieclxx.exe

(Google LLC - Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe

(Google LLC - Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe

(services.exe -) (Advanced Micro Devices Inc. - AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe

(services.exe -) (Advanced Micro Devices Inc. - AMD) C:\Windows\System32\DriverStore\FileRepositoryÍ·867.inf_amd64_755c7326c73377da\B377789\atiesrxx.exe

(services.exe -) (Malwarebytes Inc - Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe -) (Microsoft Corporation - Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe -) (Microsoft Windows Hardware Compatibility Publisher - Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe

(services.exe -) (Microsoft Windows Publisher - Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe

(services.exe -) (Realtek Semiconductor Corp. - Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

(svchost.exe -) (Advanced Micro Devices Inc. - AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

(svchost.exe -) (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe

(svchost.exe -) (Microsoft Windows - Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe -) (Microsoft Windows - Microsoft Corporation) C:\Windows\System32\dllhost.exe 3

(svchost.exe -) (Microsoft Windows - Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe -) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. - Realtek Semiconductor)

HKU\S-1-5-21-1337827148-1602420228-2535310048-1001\...\Run: [MicrosoftEdgeAutoLaunch_D3FEFEF9604A334C07E903E221AE7560] = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\Run: [MicrosoftEdgeAutoLaunch_27FE71A1FCA010C1EEE2EE31F8FBF83F] = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\Run: [Discord] = C:\Users\benit\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. - GitHub)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-04] (Google LLC - Google LLC)

Startup: C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2022-04-03]

ShortcutTarget: Send to OneNote.lnk - C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation - Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {059A6701-5BCE-4E77-949B-912F8D2D1716} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

Task: {067672F9-5CBF-43D1-A873-B5D6B63B38BF} - System32\Tasks\AMDInstallLauncher = C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1146360 2022-03-22] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

Task: {210A0C74-040A-48C7-91F0-00A5AB645AEA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor = C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Task: {26AB7AD5-1C5C-41D8-AF3D-05B5713BEDD6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 = C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Task: {3D1254AB-F3BA-4804-9EDE-438CFB27CAC6} - System32\Tasks\Microsoft\Office\Office Feature Updates = C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Task: {45935358-CE35-40B4-A14A-B6597FBE0D72} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

Task: {4D7F12AA-0FCD-40EE-83D4-C58A2C8B8FA7} - System32\Tasks\GoogleUpdateTaskMachineCore{7CC0EA0F-9AE8-47C7-B676-7085CD4074B7} = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-30] (Google LLC - Google LLC)

Task: {53ED31CD-6E2D-4190-83E6-EE441D5E4042} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

Task: {5C1EC205-C9D6-4BDC-81A7-D57CF50E8E68} - System32\Tasks\npcapwatchdog = C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]

Task: {703296C8-DA5A-4B31-B228-53B68898609E} - System32\Tasks\StartAUEP = C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [658936 2022-03-22] (Advanced Micro Devices Inc. - AMD)

Task: {746F1F8B-6069-4F31-A474-17F52E210CA5} - System32\Tasks\StartCNBM = C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2022-03-22] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

Task: {78D1D309-FB2B-4574-8EA9-E7E5ADEF8880} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

Task: {7C33376A-5C74-4914-BFC3-E7E73CA49669} - System32\Tasks\GoogleUpdateTaskMachineUA{47E484DD-DE37-4C73-9A5C-A580CA1FA8D5} = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-30] (Google LLC - Google LLC)

Task: {7CE3DB73-53E5-4F21-92AC-2D6130C4B59E} - System32\Tasks\StartCN = C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2022-03-22] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

Task: {952F8AE9-A47D-4514-845D-0FF78B6046A3} - System32\Tasks\AMDLinkUpdate = C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1146360 2022-03-22] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

Task: {C78A2D1D-E76A-43E3-BE0E-56A0D27A5185} - System32\Tasks\ModifyLinkUpdate = C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1146360 2022-03-22] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

Task: {D3894DF3-100B-4421-BF32-62935D8FE550} - System32\Tasks\AMDRyzenMasterSDKTask = C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [329216 2022-03-22] (Advanced Micro Devices, Inc.) [File not signed]

Task: {D43E3BDA-F82A-4243-8286-6B6AD1324DAF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon = C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Task: {F967739C-05CA-4D02-899D-D0399B3BF76F} - System32\Tasks\Microsoft\Office\Office Performance Monitor = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Task: {FB5041F5-7BF1-4697-A724-B3ECF04E5C5F} - System32\Tasks\StartDVR = C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [260600 2022-03-22] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.12.1

Tcpip\..\Interfaces\{9d40143d-6915-4a24-b8bf-a7eb36b93d6a}: [DhcpNameServer] 172.16.12.1

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\Chris\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-30]

Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Chris\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-30]

Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-30] (Microsoft Corporation - Microsoft Corporation)

Chrome: 

=======

CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2022-04-04]

CHR Extension: (Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-04-04]

CHR Extension: (Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-04-04]

CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-04-04]

CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-04-04]

CHR Extension: (Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-04-04]

CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-04]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-04]

CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-04-04]

CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [505336 2022-03-22] (Advanced Micro Devices Inc. - AMD)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-01] (Microsoft Corporation - Microsoft Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-03] (Malwarebytes Inc - Malwarebytes)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6207696 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33728 2021-12-13] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27256 2022-01-27] (ASMedia Technology Inc. - Advanced Micro Devices, Inc)

R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [43336 2022-03-17] (Advanced Micro Devices INC. - Advanced Micro Devices)

R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_edd3335a4253bf6d\amdsafd.sys [109520 2021-11-04] (Advanced Micro Devices Inc. - Advanced Micro Devices)

R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryÍ·867.inf_amd64_755c7326c73377da\B377789\amdkmdag.sys [90150488 2022-03-23] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-03-30] (Microsoft Windows - Microsoft Corporation)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-04-03] (Microsoft Windows Early Launch Anti-malware Publisher - Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195024 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-03] (Malwarebytes Inc - Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [158856 2022-04-03] (Malwarebytes Inc - Malwarebytes)

R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [71720 2021-06-22] (Insecure.Com LLC - Insecure.Com LLC.)

S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher - The OpenVPN Project)

R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń - USBPcap)

S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [239648 2022-01-17] (Oracle Corporation - Oracle Corporation)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-30] (Microsoft Windows Early Launch Anti-malware Publisher - Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-30] (Microsoft Windows - Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-30] (Microsoft Windows - Microsoft Corporation)

S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29680 2022-03-18] (Microsoft Windows Hardware Compatibility Publisher - WireGuard LLC)

U4 npcap_wifi; no ImagePath

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-04 17:05 - 2022-04-04 17:05 - 000032898 _____ C:\Users\benit\Downloads\message (1).txt

2022-04-04 17:04 - 2022-04-04 17:04 - 000032898 _____ C:\Users\benit\Downloads\message.txt

2022-04-04 17:01 - 2022-04-04 17:02 - 000032848 _____ C:\Users\benit\Downloads\Addition.txt

2022-04-04 17:00 - 2022-04-04 17:16 - 000017531 _____ C:\Users\benit\Downloads\FRST.txt

2022-04-04 16:59 - 2022-04-04 17:15 - 000000000 ____D C:\FRST

2022-04-04 16:59 - 2022-04-04 16:59 - 002365440 _____ (Farbar) C:\Users\benit\Downloads\FRST64.exe

2022-04-04 16:40 - 2022-04-04 16:42 - 000000000 ____D C:\Users\Chris\AppData\Local\Google

2022-04-04 15:38 - 2022-04-04 15:38 - 000000000 ___HD C:\$WinREAgent

2022-04-04 07:43 - 2022-04-04 07:43 - 000000000 ____D C:\Users\benit\AppData\Local\CrashDumps

2022-04-03 22:26 - 2022-04-03 22:26 - 000015013 _____ C:\Users\benit\Downloads\Anti-Potty_Training_(Script).txt

2022-04-03 22:23 - 2022-04-03 22:23 - 000003903 _____ C:\Users\benit\Downloads\ABDL_Hypnosis_Baby_Desires_(Script).txt

2022-04-03 22:23 - 2022-04-03 22:23 - 000003827 _____ C:\Users\benit\Downloads\ABDL_Hypnosis_Baby_Desires_When_Diapered_(Script).txt

2022-04-03 22:14 - 2022-04-03 22:14 - 000002619 _____ C:\Users\benit\Downloads\10_point_diaper_script_(Script).txt

2022-04-03 21:04 - 2022-04-03 21:04 - 061669420 _____ C:\Users\benit\Downloads\Subliminal_Flash_Issue_3_-_Diapers_(MP3).wav

2022-04-03 21:03 - 2022-04-03 21:03 - 000002182 _____ C:\Users\benit\Downloads\Subliminal_Flash_Issue_3_-_Diapers_(Script).txt

2022-04-03 20:58 - 2022-04-03 20:58 - 000000000 ____D C:\Users\benit\Downloads\mmm-sessionmaker-windows-1_3_6

2022-04-03 20:53 - 2022-04-03 20:54 - 121278758 _____ C:\Users\benit\Downloads\mmm-sessionmaker-windows-1_3_6.zip

2022-04-03 19:49 - 2022-04-03 19:49 - 041186903 _____ C:\Users\benit\Downloads\ChampTehOtter_-_Baby_Brain_Mind_Wipe_Naughty_(MMM).mmm

2022-04-03 19:49 - 2022-04-03 19:49 - 038679195 _____ C:\Users\benit\Downloads\fag_(MMM).mmm

2022-04-03 19:39 - 2022-04-03 20:59 - 000000000 ____D C:\Users\benit\AppData\LocalLow\Heptamind

2022-04-03 19:38 - 2022-04-03 19:39 - 000000000 ____D C:\Users\benit\Downloads\MMM_demo_windows-1_3_6

2022-04-03 19:37 - 2022-04-03 19:38 - 175211590 _____ C:\Users\benit\Downloads\MMM_demo_windows-1_3_6.zip

2022-04-03 19:34 - 2022-04-03 19:34 - 018916066 _____ C:\Users\benit\Downloads\26_point_diaper_training_program_MMM_(MMM).mmm

2022-04-03 18:14 - 2022-04-03 18:16 - 000000000 ____D C:\AdwCleaner

2022-04-03 18:14 - 2022-04-03 18:14 - 008540344 _____ (Malwarebytes) C:\Users\benit\Downloads\AdwCleaner.exe

2022-04-03 18:07 - 2022-04-03 18:07 - 000195024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2022-04-03 18:07 - 2022-04-03 18:07 - 000158856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2022-04-03 18:07 - 2022-04-03 18:07 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2022-04-03 18:07 - 2022-04-03 18:07 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2022-04-03 18:07 - 2022-04-03 18:07 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2022-04-03 18:07 - 2022-04-03 18:07 - 000000000 ____D C:\Users\benit\AppData\Local\mbam

2022-04-03 18:06 - 2022-04-03 18:06 - 002443448 _____ (Malwarebytes) C:\Users\benit\Downloads\MBSetup-56590.56590-consumer.exe

2022-04-03 18:06 - 2022-04-03 18:06 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000000000 ____D C:\ProgramData\Malwarebytes

2022-04-03 18:06 - 2022-04-03 18:06 - 000000000 ____D C:\Program Files\Malwarebytes

2022-04-03 01:14 - 2022-04-03 01:14 - 216926514 _____ C:\Users\benit\Downloads\5e03029f530c1 (1).mp4

2022-04-02 22:58 - 2022-04-02 22:58 - 000000000 ____D C:\Users\Chris\AppData\Local\Apps\2.0

2022-04-02 15:42 - 2022-04-02 15:42 - 000299161 _____ C:\Users\benit\Downloads\Coursera KPPM4Y5U99JK.pdf

2022-04-01 19:31 - 2022-04-01 21:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2022-04-01 01:57 - 2022-04-01 01:57 - 000000000 ____D C:\Users\benit\AppData\Local\PeerDistRepub

2022-03-31 00:16 - 2022-03-31 00:16 - 003083264 _____ C:\Users\benit\Downloads\putty-64bit-0.76-installer.msi

2022-03-31 00:16 - 2022-03-31 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)

2022-03-31 00:16 - 2022-03-31 00:16 - 000000000 ____D C:\Program Files\PuTTY

2022-03-31 00:12 - 2022-03-31 00:12 - 001265896 _____ (Simon Tatham) C:\Users\benit\Downloads\putty.exe

2022-03-30 20:51 - 2022-03-30 20:51 - 089329804 _____ C:\Users\benit\Downloads\2.pcapng

2022-03-30 20:27 - 2022-04-04 16:41 - 000000000 ____D C:\Program Files\Google

2022-03-30 20:27 - 2022-04-04 16:15 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2022-03-30 20:27 - 2022-04-04 16:15 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2022-03-30 20:27 - 2022-03-30 20:27 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{47E484DD-DE37-4C73-9A5C-A580CA1FA8D5}

2022-03-30 20:27 - 2022-03-30 20:27 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{7CC0EA0F-9AE8-47C7-B676-7085CD4074B7}

2022-03-30 20:26 - 2022-04-04 17:12 - 000000000 ____D C:\Program Files (x86)\Google

2022-03-30 20:26 - 2022-03-30 20:51 - 000000000 ____D C:\Users\benit\AppData\Local\Google

2022-03-30 20:24 - 2022-03-30 20:24 - 001343320 _____ (Google LLC) C:\Users\benit\Downloads\ChromeSetup.exe

2022-03-30 19:41 - 2022-03-30 19:41 - 000000000 ____D C:\Users\Chris\AppData\Local\PeerDistRepub

2022-03-30 15:31 - 2022-03-30 15:31 - 000000000 ____D C:\Users\Chris\.zenmap

2022-03-30 15:30 - 2022-03-30 15:30 - 000003304 _____ C:\WINDOWS\system32\Tasks\StartCNBM

2022-03-30 15:30 - 2022-03-30 15:30 - 000003194 _____ C:\WINDOWS\system32\Tasks\StartAUEP

2022-03-30 14:58 - 2022-03-30 15:21 - 000001036 _____ C:\Users\Chris\Desktop\Nmap - Zenmap GUI.lnk

2022-03-30 14:58 - 2022-03-30 14:58 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap

2022-03-30 14:55 - 2022-03-30 14:55 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap

2022-03-30 14:55 - 2022-03-30 14:55 - 000000000 ____D C:\WINDOWS\system32\Npcap

2022-03-30 14:53 - 2022-03-30 15:21 - 000000000 ____D C:\Program Files (x86)\Nmap

2022-03-30 14:52 - 2022-03-30 14:52 - 028644568 _____ (Insecure.org) C:\Users\benit\Downloads\nmap-7.92-setup.exe

2022-03-30 13:39 - 2022-03-30 13:40 - 000000000 ____D C:\Users\benit\AppData\Roaming\Wireshark

2022-03-30 13:27 - 2022-03-30 13:27 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

2022-03-30 13:27 - 2022-03-30 13:27 - 000000000 ____D C:\Program Files\USBPcap

2022-03-30 13:21 - 2022-03-30 13:27 - 000000000 ____D C:\Program Files\Wireshark

2022-03-30 13:20 - 2022-03-30 14:55 - 000003460 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog

2022-03-30 13:19 - 2022-03-30 14:55 - 000000000 ____D C:\Program Files\Npcap

2022-03-30 13:19 - 2022-03-30 13:19 - 001091728 _____ C:\Users\benit\Downloads\npcap-1.60.exe

2022-03-30 13:18 - 2022-03-30 13:18 - 077475048 _____ (Wireshark development team) C:\Users\benit\Downloads\Wireshark-win64-3.6.3.exe

2022-03-30 13:18 - 2022-03-30 13:18 - 044293192 _____ (PortableApps.com) C:\Users\benit\Downloads\WiresharkPortable64_3.6.3.paf.exe

2022-03-30 13:18 - 2022-03-30 13:18 - 000000000 ____D C:\Users\benit\Downloads\WiresharkPortable64

2022-03-30 13:08 - 2022-03-30 13:09 - 000000000 ____D C:\WINDOWS\system32\MRT

2022-03-30 06:58 - 2022-03-30 06:58 - 000000000 ____D C:\Users\benit\AppData\Local\cache

2022-03-30 06:51 - 2022-04-04 17:12 - 000003118 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher

2022-03-30 06:50 - 2022-04-04 17:12 - 000003078 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate

2022-03-30 06:50 - 2022-03-30 06:50 - 000003488 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate

2022-03-30 06:50 - 2022-03-30 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool

2022-03-30 06:49 - 2022-03-30 06:49 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN

2022-03-30 06:49 - 2022-03-30 06:49 - 000003080 _____ C:\WINDOWS\system32\Tasks\StartDVR

2022-03-30 06:49 - 2022-03-30 06:49 - 000002622 _____ C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask

2022-03-30 06:49 - 2022-03-30 06:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition

2022-03-30 06:49 - 2022-03-22 14:36 - 002901560 _____ (AMD Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001963608 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001963608 _____ C:\WINDOWS\system32\vulkaninfo.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001520216 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001520216 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001434232 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 001434232 _____ C:\WINDOWS\system32\vulkan-1.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 001145808 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 001145808 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000789592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000666712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000550464 _____ C:\WINDOWS\system32\GameManager64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000493144 _____ C:\WINDOWS\system32\dgtrayicon.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 000484952 _____ C:\WINDOWS\system32\EEURestart.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 000411712 _____ C:\WINDOWS\SysWOW64\GameManager32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000336984 _____ C:\WINDOWS\system32\clinfo.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 000186944 _____ C:\WINDOWS\system32\mantle64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000170048 _____ C:\WINDOWS\system32\mantleaxl64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000148032 _____ C:\WINDOWS\SysWOW64\mantle32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000133720 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000083544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000068184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000039512 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000036440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000020984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000020984 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 001528920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 001406552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 001406552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000883264 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe

2022-03-30 06:48 - 2022-03-23 08:31 - 000518232 _____ C:\WINDOWS\system32\atieah64.exe

2022-03-30 06:48 - 2022-03-23 08:31 - 000461400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000386136 _____ C:\WINDOWS\SysWOW64\atieah32.exe

2022-03-30 06:48 - 2022-03-23 08:31 - 000253504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000212544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000194504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000171096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000159296 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000158936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000133720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000132184 _____ C:\WINDOWS\system32\atidxx64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000130648 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000106584 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000106072 _____ C:\WINDOWS\SysWOW64\atidxx32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000063064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 090032216 _____ C:\WINDOWS\system32\amd_comgr.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 074244696 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 069194840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000934488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000761944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000551000 _____ C:\WINDOWS\system32\amdgfxinfo64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000459352 _____ C:\WINDOWS\system32\amdlogum.exe

2022-03-30 06:48 - 2022-03-23 08:30 - 000141264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000126040 _____ C:\WINDOWS\system32\amdxc64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000112648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000100952 _____ C:\WINDOWS\SysWOW64\amdxc32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 001690456 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 001368784 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000538136 _____ C:\WINDOWS\system32\amdmiracast.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000414296 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000151648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000141264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000126648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000112624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll

2022-03-30 06:48 - 2022-03-22 14:15 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap

2022-03-30 06:48 - 2022-03-22 14:15 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap

2022-03-30 06:48 - 2022-03-22 14:11 - 000571400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb

2022-03-30 06:48 - 2022-03-22 14:11 - 000571400 _____ C:\WINDOWS\system32\atiapfxx.blb

2022-03-30 06:48 - 2022-03-22 13:52 - 000010702 _____ C:\WINDOWS\system32\atiacmLocalisation.ini

2022-03-30 06:48 - 2022-03-22 13:05 - 056704640 _____ C:\WINDOWS\system32\amdxc64.so

2022-03-30 06:48 - 2021-12-13 12:01 - 000591792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdfendrsr.exe

2022-03-30 06:48 - 2021-12-13 12:01 - 000164800 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendr.sys

2022-03-30 06:48 - 2021-12-13 12:01 - 000033728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendrmgr.sys

2022-03-30 06:48 - 2021-08-17 09:34 - 000065168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdxe.sys

2022-03-30 06:46 - 2022-03-30 15:36 - 000000000 ____D C:\Users\Chris\AppData\Local\cache

2022-03-30 06:46 - 2022-03-30 06:46 - 000000000 ____D C:\Users\Chris\AppData\Local\setup

2022-03-30 06:45 - 2022-03-30 15:30 - 000000000 ____D C:\ProgramData\AMD

2022-03-30 06:45 - 2022-03-30 06:47 - 000000000 ____D C:\AMD

2022-03-30 06:45 - 2022-03-30 06:45 - 000000000 ____D C:\Users\Chris\AppData\Roaming\AMD

2022-03-30 06:45 - 2022-03-30 06:45 - 000000000 ____D C:\Users\Chris\AppData\Local\AMDSoftwareInstaller

2022-03-30 06:45 - 2022-03-30 06:45 - 000000000 ____D C:\Users\Chris\AppData\Local\AMD_Common

2022-03-30 06:45 - 2022-03-30 06:45 - 000000000 ____D C:\Program Files (x86)\AMD

2022-03-30 06:43 - 2022-03-30 06:44 - 039548016 _____ (AMD Inc.) C:\Users\benit\Downloads\amd-software-adrenalin-edition-22.3.2-minimalsetup-220323_web.exe

2022-03-30 06:24 - 2022-03-30 06:35 - 000000000 ____D C:\Users\benit\AppData\Local\Comms

2022-03-30 06:21 - 2022-04-04 17:12 - 000000000 ____D C:\Users\benit\AppData\Roaming\discord

2022-03-30 06:21 - 2022-04-04 16:38 - 000000000 ____D C:\Users\benit\AppData\Local\Discord

2022-03-30 06:21 - 2022-03-30 06:21 - 000000000 ____D C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

2022-03-30 06:21 - 2022-03-30 06:21 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

2022-03-30 06:20 - 2022-04-01 19:41 - 000000000 ____D C:\Program Files\Microsoft Office

2022-03-30 06:20 - 2022-03-30 06:21 - 000000000 ____D C:\Users\benit\AppData\Local\SquirrelTemp

2022-03-30 06:20 - 2022-03-30 06:20 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk

2022-03-30 06:20 - 2022-03-30 06:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2022-03-30 06:19 - 2022-03-30 06:19 - 000000000 ____D C:\Program Files\Microsoft Office 15

2022-03-30 06:18 - 2022-03-30 06:18 - 000000000 ____D C:\Users\benit\AppData\Local\OneDrive

2022-03-30 06:09 - 2022-03-30 06:09 - 000000000 ____D C:\Users\Chris\AppData\Local\Comms

2022-03-30 06:08 - 2022-04-04 15:38 - 000000000 ___RD C:\Users\benit\OneDrive

2022-03-30 06:08 - 2022-04-01 19:31 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1337827148-1602420228-2535310048-1003

2022-03-30 06:08 - 2022-04-01 19:31 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1337827148-1602420228-2535310048-1003

2022-03-30 06:08 - 2022-04-01 19:31 - 000002383 _____ C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2022-03-30 06:08 - 2022-03-31 04:00 - 000000000 ____D C:\Users\benit\AppData\Local\PlaceholderTileLogoFolder

2022-03-30 06:08 - 2022-03-30 06:08 - 000000000 ____D C:\Users\benit\AppData\Local\VirtualStore

2022-03-30 06:07 - 2022-04-04 08:01 - 000000000 ____D C:\Users\benit\AppData\Local\AMD

2022-03-30 06:07 - 2022-04-04 07:56 - 000000000 ____D C:\Users\benit\AppData\Local\D3DSCache

2022-03-30 06:07 - 2022-04-02 18:16 - 000000000 ____D C:\Users\benit\AppData\Local\Packages

2022-03-30 06:07 - 2022-03-30 06:52 - 000000000 ____D C:\Users\benit\AppData\Local\ConnectedDevicesPlatform

2022-03-30 06:07 - 2022-03-30 06:07 - 000000000 ____D C:\Users\benit\AppData\Roaming\Adobe

2022-03-30 06:07 - 2022-03-30 06:07 - 000000000 ____D C:\Users\benit\AppData\LocalLow\AMD

2022-03-30 06:07 - 2022-03-30 06:07 - 000000000 ____D C:\Users\benit\AppData\Local\Publishers

2022-03-30 06:06 - 2022-04-04 17:12 - 000000000 ____D C:\Users\benit

2022-03-30 06:06 - 2022-03-30 06:06 - 000000020 ___SH C:\Users\benit\ntuser.ini

2022-03-30 06:06 - 2021-06-05 05:04 - 000001281 _____ C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk

2022-03-30 06:06 - 2021-06-05 05:04 - 000000407 _____ C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk

2022-03-30 06:01 - 2022-03-30 06:01 - 002080992 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll

2022-03-30 06:01 - 2022-03-30 06:01 - 000069632 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2022-03-30 06:01 - 2022-03-30 06:01 - 000015018 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2022-03-30 06:00 - 2022-03-30 06:00 - 002550832 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll

2022-03-30 06:00 - 2022-03-30 06:00 - 000372736 _____ C:\WINDOWS\system32\hwreqchk.dll

2022-03-30 06:00 - 2022-03-30 06:00 - 000032768 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe

2022-03-30 05:52 - 2022-03-30 06:09 - 000000000 ___HD C:\OneDriveTemp

2022-03-30 05:52 - 2022-03-30 05:52 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1337827148-1602420228-2535310048-1001

2022-03-30 05:52 - 2022-03-30 05:52 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1337827148-1602420228-2535310048-1001

2022-03-30 05:52 - 2022-03-30 05:52 - 000002367 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2022-03-30 05:52 - 2022-03-30 05:52 - 000000000 ___RD C:\Users\Chris\OneDrive

2022-03-30 05:52 - 2022-03-30 05:52 - 000000000 ____D C:\Users\Chris\AppData\Local\VirtualStore

2022-03-30 05:51 - 2022-03-30 05:51 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\AMD

2022-03-30 05:51 - 2022-03-30 05:51 - 000000000 ____D C:\Users\Chris\AppData\Local\PlaceholderTileLogoFolder

2022-03-30 05:51 - 2022-03-30 05:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2022-03-30 05:50 - 2022-04-04 17:16 - 000000000 ____D C:\Users\Chris\AppData\Local\D3DSCache

2022-03-30 05:50 - 2022-04-02 18:16 - 000000000 ____D C:\ProgramData\Packages

2022-03-30 05:50 - 2022-03-30 15:36 - 000000000 ____D C:\Users\Chris\AppData\Local\AMD

2022-03-30 05:50 - 2022-03-30 06:50 - 000000000 ____D C:\Users\Chris\AppData\Local\Packages

2022-03-30 05:50 - 2022-03-30 06:07 - 000000000 __RHD C:\Users\Public\AccountPictures

2022-03-30 05:50 - 2022-03-30 06:06 - 000000000 ____D C:\Users\Chris\AppData\Local\ConnectedDevicesPlatform

2022-03-30 05:50 - 2022-03-30 05:50 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Adobe

2022-03-30 05:50 - 2022-03-30 05:50 - 000000000 ____D C:\Users\Chris\AppData\Local\Publishers

2022-03-30 05:49 - 2022-04-01 01:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin

2022-03-30 05:49 - 2022-03-30 15:30 - 000000000 ____D C:\Program Files\AMD

2022-03-30 05:49 - 2022-03-30 06:50 - 000000000 ____D C:\WINDOWS\system32\AMD

2022-03-30 05:49 - 2022-03-23 08:30 - 000101392 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys

2022-03-30 05:49 - 2019-10-30 02:20 - 005623256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPOU64.dll

2022-03-30 05:49 - 2019-10-30 02:20 - 001126344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll

2022-03-30 05:49 - 2019-10-30 02:20 - 000481888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll

2022-03-30 05:49 - 2019-10-29 23:20 - 000856288 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkAudUService64.exe

2022-03-30 05:49 - 2019-10-29 23:20 - 000821336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll

2022-03-30 05:49 - 2019-10-29 23:20 - 000215032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll

2022-03-30 05:48 - 2022-04-04 17:12 - 000000000 ____D C:\Users\Chris

2022-03-30 05:48 - 2022-03-30 05:48 - 000000020 ___SH C:\Users\Chris\ntuser.ini

2022-03-30 05:48 - 2021-06-05 05:04 - 000001281 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk

2022-03-30 05:48 - 2021-06-05 05:04 - 000000407 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk

2022-03-30 05:35 - 2022-04-04 15:43 - 000803404 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2022-03-30 05:28 - 2022-03-30 05:28 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2022-03-30 05:28 - 2022-03-30 05:28 - 000000000 ____D C:\WINDOWS\CSC

2022-03-30 05:26 - 2022-04-04 15:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2022-03-30 05:26 - 2022-04-02 22:18 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2022-03-30 05:26 - 2022-04-02 22:18 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2022-03-30 05:26 - 2022-03-30 13:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2022-03-30 05:26 - 2022-03-30 05:27 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2022-03-30 05:26 - 2022-03-30 05:27 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2022-03-30 05:24 - 2022-04-04 15:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2022-03-30 05:24 - 2022-03-30 06:52 - 000329360 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2022-03-30 05:24 - 2022-03-30 05:24 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2022-03-30 05:18 - 2022-03-30 05:18 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient

2022-03-30 05:13 - 2022-03-30 05:13 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe

2022-03-30 05:13 - 2022-03-30 05:13 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe

2022-03-30 05:13 - 2022-03-30 05:13 - 000339968 _____ C:\WINDOWS\system32\pku2u.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000247808 _____ C:\WINDOWS\SysWOW64\pku2u.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000040960 _____ C:\WINDOWS\system32\prxyqry.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000013824 _____ C:\WINDOWS\SysWOW64\prxyqry.dll

2022-03-30 05:12 - 2022-03-30 05:12 - 000339968 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll

2022-03-30 05:12 - 2022-03-30 05:12 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll

2022-03-30 05:08 - 2022-03-30 05:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

2022-03-30 04:40 - 2022-03-30 05:34 - 000000000 ___DC C:\WINDOWS\Panther

2022-03-29 17:08 - 2022-03-29 17:08 - 000000000 ____D C:\inetpub

2022-03-24 01:03 - 2022-04-04 15:37 - 000012288 ___SH C:\DumpStack.log.tmp

2022-03-22 13:39 - 2022-03-22 13:39 - 000683520 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Device.dll

2022-03-22 13:39 - 2022-03-22 13:39 - 000065024 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Platform.dll

2022-03-18 19:31 - 2022-03-18 19:31 - 000029680 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\wintun.sys

2022-03-18 18:19 - 2022-03-18 18:19 - 000000000 _SHDL C:\Documents and Settings

2022-03-17 09:27 - 2022-03-17 09:27 - 000043336 _____ (Advanced Micro Devices) C:\WINDOWS\system32\AMDRyzenMasterDriver.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-04 17:14 - 2021-06-05 05:10 - 000000000 ___HD C:\Program Files\WindowsApps

2022-04-04 17:14 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\AppReadiness

2022-04-04 17:12 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\NDF

2022-04-04 17:12 - 2021-06-05 05:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2022-04-04 17:03 - 2021-06-05 05:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2022-04-04 17:02 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SystemTemp

2022-04-04 15:43 - 2021-06-05 05:09 - 000000000 ____D C:\WINDOWS\INF

2022-04-04 15:37 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\ServiceState

2022-04-03 18:06 - 2021-06-05 05:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2022-04-01 01:49 - 2021-06-05 05:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2022-03-31 11:27 - 2021-06-05 05:01 - 000000000 ____D C:\WINDOWS\CbsTemp

2022-03-31 11:12 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\appcompat

2022-03-30 13:39 - 2021-06-05 05:10 - 000000000 ____D C:\Program Files\Windows Defender

2022-03-30 06:23 - 2021-06-05 05:10 - 000000000 ___RD C:\WINDOWS\PrintDialog

2022-03-30 06:21 - 2021-06-05 05:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2022-03-30 06:21 - 2021-06-05 05:01 - 000000000 ____D C:\WINDOWS\servicing

2022-03-30 06:07 - 2021-06-05 05:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2022-03-30 06:05 - 2021-06-05 07:30 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SystemResources

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\oobe

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\appraiser

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\ShellExperiences

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\DiagTrack

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\bcastdvr

2022-03-30 05:34 - 2021-06-05 07:30 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2022-03-30 05:34 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2022-03-30 05:34 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\spool

2022-03-30 05:34 - 2021-06-05 05:10 - 000000000 ____D C:\ProgramData\USOPrivate

2022-03-30 05:24 - 2021-06-05 05:08 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template

2022-03-30 05:22 - 2021-06-05 05:14 - 000000000 ____D C:\WINDOWS\Setup

2022-03-30 05:18 - 2021-06-05 07:30 - 000000000 ___SD C:\WINDOWS\system32\AppV

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\setup

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\migwiz

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\id-ID

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\et-EE

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\es-MX

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\Dism

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\ShellComponents

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2022-03-23 08:31 - 2022-01-28 17:03 - 001874008 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll

2022-03-23 08:30 - 2022-01-28 17:02 - 000202720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll

2022-03-23 08:30 - 2022-01-28 17:02 - 000169248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll

==================== Files in the root of some directories ========

2022-03-30 15:31 - 2022-03-30 15:36 - 000000143 _____ () C:\Users\Chris\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

addition.txt

Quote

”‹Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022

Ran by Chris (04-04-2022 17:16:41)

Running from C:\Users\benit\Downloads

Microsoft Windows 11 Pro Version 21H2 22000.593 (X64) (2022-03-30 12:34:19)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1337827148-1602420228-2535310048-500 - Administrator - Disabled)

benit (S-1-5-21-1337827148-1602420228-2535310048-1003 - Limited - Enabled) = C:\Users\benit

betre (S-1-5-21-1337827148-1602420228-2535310048-1004 - Limited - Enabled)

Betree (S-1-5-21-1337827148-1602420228-2535310048-1005 - Limited - Enabled)

CBpah (S-1-5-21-1337827148-1602420228-2535310048-1002 - Limited - Enabled)

Chris (S-1-5-21-1337827148-1602420228-2535310048-1001 - Administrator - Enabled) = C:\Users\Chris

DefaultAccount (S-1-5-21-1337827148-1602420228-2535310048-503 - Limited - Disabled)

Guest (S-1-5-21-1337827148-1602420228-2535310048-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-1337827148-1602420228-2535310048-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.3.2 - Advanced Micro Devices, Inc.)

AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden

Branding64 (HKLM\...\{2AF42320-5ECF-4BCA-B756-8F3677262D55}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden

Discord (HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\Discord) (Version: 1.0.9003 - Discord Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)

Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.29 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1337827148-1602420228-2535310048-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation)

Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)

Nmap 7.92 (HKLM-x32\...\Nmap) (Version: 7.92 - Nmap Project)

Npcap (HKLM-x32\...\NpcapInst) (Version: 1.50 - Nmap Project)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden

Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden

PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)

RyzenMasterSDK (HKLM\...\{27555A81-EED9-4B96-8721-900AE920D662}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden

USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)

Wireshark 3.6.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.3 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:

=========

AMD Link - C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.21.50009.0_x64__0a9344xs7nr4m [2022-03-30] (Advanced Micro Devices Inc.)

Microsoft Solitaire Collection - C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-04-04] (Microsoft Studios) [MS Ad]

Realtek Audio Control - C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2022-03-30] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] - {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-03] (Malwarebytes Corporation - Malwarebytes)

ContextMenuHandlers5: [ACE] - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\WINDOWS\System32\atiacm64.dll [2022-03-23] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [MBAMShlExt] - {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-03] (Malwarebytes Corporation - Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-03-22 17:08 - 2022-03-22 17:08 - 018143744 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\avcodec-58.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll

2022-02-15 21:49 - 2022-02-15 21:49 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll

2022-02-15 21:49 - 2022-02-15 21:49 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll

2022-03-22 13:39 - 2022-03-22 13:39 - 000683520 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\CNext\CNext\Device.dll

2022-03-22 13:39 - 2022-03-22 13:39 - 000065024 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\CNext\CNext\Platform.dll

2022-03-22 13:39 - 2022-03-22 13:39 - 000683520 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll

2022-03-22 13:39 - 2022-03-22 13:39 - 000065024 _____ (Advanced Micro Devices) [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll

2022-03-22 17:07 - 2022-03-22 17:07 - 001764864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll

2017-09-05 00:15 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\AMD\CNext\CNext\D3DCOMPILER_47.dll

2022-03-30 06:07 - 2022-03-30 06:07 - 000137168 _____ (Microsoft Windows - Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService = ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService = ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-30] (Microsoft Corporation - Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 05:08 - 2021-06-05 05:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1337827148-1602420228-2535310048-1001\Control Panel\Desktop\\Wallpaper - C:\WINDOWS\web\wallpaper\Windows\img0.jpg

HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\Control Panel\Desktop\\Wallpaper - C:\WINDOWS\web\wallpaper\Windows\img0.jpg

DNS Servers: 172.16.12.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer = (SmartScreenEnabled: )

Windows Firewall is enabled.

Network Binding:

=============

Ethernet: Npcap Packet Driver (NPCAP) - INSECURE_NPCAP (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: = "SecurityHealth"

HKLM\...\StartupApproved\Run: = "RtkAudUService"

HKU\S-1-5-21-1337827148-1602420228-2535310048-1001\...\StartupApproved\Run: = "MicrosoftEdgeAutoLaunch_D3FEFEF9604A334C07E903E221AE7560"

HKU\S-1-5-21-1337827148-1602420228-2535310048-1001\...\StartupApproved\Run: = "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{97BC5127-E984-47D5-99F5-1E9EF39151C9}C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe] = (Allow) C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. - Discord Inc.)

FirewallRules: [UDP Query User{FB49A05D-98B1-4841-B308-04F05B2FB0E5}C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe] = (Allow) C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. - Discord Inc.)

FirewallRules: [TCP Query User{C6401C47-BFEB-4DDA-B5BD-7C4681DC6F7B}C:\program files (x86)\nmap\nmap.exe] = (Allow) C:\program files (x86)\nmap\nmap.exe (Insecure.Com LLC - Insecure.Org)

FirewallRules: [UDP Query User{8DA573CC-CE29-43CC-98BD-C23E664BB651}C:\program files (x86)\nmap\nmap.exe] = (Allow) C:\program files (x86)\nmap\nmap.exe (Insecure.Com LLC - Insecure.Org)

FirewallRules: [{EA00987C-13B7-4AA5-A607-F805D98E2702}] = (Block) LPort=443

FirewallRules: [{3214850B-904E-4B09-9899-EFC20BEAE391}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{47166398-891B-4054-ABA9-C67EB2B61887}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{BEB89906-4AAA-43D3-892F-B9749DDF73DA}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{6C7501AF-A140-4BB6-B1F2-4CAADED376E0}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{55CBA32A-3FB9-4677-AEC8-F06EF9197E0D}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{BEFE15D5-47A9-41ED-80F9-C43167A0EABF}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{24C63200-50EE-440B-A488-39D81ED7A048}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{527ACC3E-0A36-4222-9027-3D29108767D6}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{BDB722D6-EA62-452A-A160-EA142B0D56B2}] = (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe (Microsoft Corporation - Microsoft Corporation)

FirewallRules: [{CF00668D-78B3-4FFF-B9D9-F32B036E39C6}] = (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22070.202.1253.1497_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation - Microsoft Corporation)

FirewallRules: [{FD85D442-E7FE-4A56-B6DF-D28F6D012A4E}] = (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22070.202.1253.1497_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation - Microsoft Corporation)

FirewallRules: [{CD196523-C36A-48CA-87EA-528AFCD69AF8}] = (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC - Google LLC)

FirewallRules: [{D12DBF0E-8E2A-4049-A1DD-F126712BBF47}] = (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22055.502.1226.2344_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation - Microsoft Corporation)

FirewallRules: [{09A4E754-EEC5-4CB1-967C-E561347CD6D9}] = (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22055.502.1226.2344_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation - Microsoft Corporation)

==================== Restore Points =========================

01-04-2022 21:11:23 Removed Microsoft Update Health Tools

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (04/04/2022 03:38:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Mon, 04 Apr 2022 22:38:07 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: 0c294f3b-9d05-4e1e-80c3-3c4b6ddf8567

Method: GET(328ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/04/2022 03:38:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Mon, 04 Apr 2022 22:38:07 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: 3ff8a674-1964-4a5e-8bd2-5d5e6b8e6050

Method: GET(438ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/04/2022 07:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.22000.593, time stamp: 0x59a4b94a

Faulting module name: ucrtbase.dll, version: 10.0.22000.1, time stamp: 0x00e78ce9

Exception code: 0xc0000409

Fault offset: 0x000000000007dd7e

Faulting process id: 0x1f0

Faulting application start time: 0x01d846c583994437

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: c636bb8c-5b9a-4fca-b553-d58e11d430bf

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/02/2022 11:04:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program identity_helper.exe version 100.0.1185.29 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 26e8

Start Time: 01d8472092817b0c

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.29\identity_helper.exe

Report Id: ce7f4716-5261-42ba-8b56-e9b64476930f

Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.55_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (04/02/2022 12:11:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 10.0.22000.593, time stamp: 0x59a4b94a

Faulting module name: ucrtbase.dll, version: 10.0.22000.1, time stamp: 0x00e78ce9

Exception code: 0xc0000409

Fault offset: 0x000000000007dd7e

Faulting process id: 0x13c4

Faulting application start time: 0x01d845a58ff6fbb5

Faulting application path: C:\WINDOWS\Explorer.EXE

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: b7117f64-ddcf-4022-908b-3e6464e1f65c

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/01/2022 01:50:44 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Fri, 01 Apr 2022 08:50:44 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: b9add959-e2bf-44c6-824a-b12d730306ba

Method: GET(141ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/01/2022 01:50:44 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Fri, 01 Apr 2022 08:50:44 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: a8ddbb60-5359-4780-a7dc-2dfedbd3d4d3

Method: GET(250ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/01/2022 01:33:56 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Fri, 01 Apr 2022 08:33:56 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: 01a37316-9ed1-4943-8c17-b299448b8866

Method: GET(141ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

System errors:

=============

Error: (04/04/2022 04:35:17 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:35:04 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:33:21 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:32:56 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:32:35 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 03:38:35 PM) (Source: DCOM) (EventID: 10001) (User: Leave_MY_System)

Description: Unable to start a DCOM Server: {5250E46F-BB09-D602-5891-F476DC89B700} as Unavailable/Unavailable. The error:

"2147958016"

Happened while starting this command:

"C:\WINDOWS\system32\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

Error: (04/04/2022 03:37:50 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 12:48:16 PM on ‎4/‎4/‎2022 was unexpected.

Error: (04/04/2022 07:43:47 AM) (Source: DCOM) (EventID: 10010) (User: Leave_MY_System)

Description: The server {A28430CA-1EBF-48DD-AA17-9221B6F86A6C} did not register with DCOM within the required timeout.

Windows Defender:

================

Date: 2022-04-03 16:23:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-04-02 14:40:16

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-04-01 19:45:53

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-03-31 14:21:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-03-31 11:28:03

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan



CodeIntegrity:

===============

Date: 2022-03-30 05:26:45

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2022-03-30 05:26:45

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

BIOS: American Megatrends International, LLC. F63a 02/17/2022

Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H-CF

Processor: AMD Ryzen 5 2600 Six-Core Processor 

Percentage of memory in use: 16%

Total physical RAM: 32692.4 MB

Available physical RAM: 27376.48 MB

Total Virtual: 37556.4 MB

Available Virtual: 29154.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:131.29 GB) (Free:78.75 GB) (Protected) NTFS

Drive d: (Documents) (Fixed) (Total:47.56 GB) (Free:15.23 GB) NTFS

Drive f: (f) (Fixed) (Total:44 GB) (Free:43.84 GB) NTFS

\\?\Volume{6aacf788-9fa9-4f33-9af8-f4f515a24cfc}\ () (Fixed) (Total:0.6 GB) (Free:0.08 GB) NTFS

\\?\Volume{43761e12-eed1-4d86-b3de-44f744817118}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 19F0C773)

Partition: GPT.

==================== End of Addition.txt =======================”‹

the above two where run from my admin acount that i do not use like hardly ever the next two from the account i use normally

frst.txt

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022

Ran by benit (ATTENTION: The user is not administrator) on LEAVE_MY_SYSTEM (Gigabyte Technology Co., Ltd. B450M DS3H) (04-04-2022 17:00:03)

Running from C:\Users\benit\Downloads

Loaded Profiles: Chris benit

Platform: Microsoft Windows 11 Pro Version 21H2 22000.593 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe

(Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe

(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe -) (Microsoft Windows - Microsoft Corporation) C:\Windows\System32\cmd.exe

(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe -) (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe

(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe -) (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe

(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe -) (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe

(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe -) (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe

(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe -) (Microsoft Corporation - Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe 6

(cmd.exe -) (Malwarebytes Inc - Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe

(Discord Inc. - Discord Inc.) C:\Users\benit\AppData\Local\Discord\app-1.0.9004\Discord.exe 6

(explorer.exe -) (Microsoft Corporation - Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

(Google LLC - Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe 25

(Malwarebytes Inc - Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

(Malwarebytes Inc - Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation - Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 7

(Microsoft Corporation - Microsoft Corporation) C:\Users\benit\AppData\Local\Microsoft\OneDrive\22.055.0313.0001\FileCoAuth.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxOutlook.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxTsr.exe

(Microsoft Windows - Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows - Microsoft Corporation) C:\Windows\System32\dllhost.exe 2

(Microsoft Windows - Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

(RuntimeBroker.exe -) (Malwarebytes Inc - Malwarebytes) C:\Users\benit\Downloads\AdwCleaner.exe

(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe 6

Failed to access process - AggregatorHost.exe

Failed to access process - amdfendrsr.exe

Failed to access process - atieclxx.exe

Failed to access process - atiesrxx.exe

Failed to access process - AUEPDU.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - chrome.exe

Failed to access process - csrss.exe

Failed to access process - csrss.exe

Failed to access process - dllhost.exe

Failed to access process - dllhost.exe

Failed to access process - dllhost.exe

Failed to access process - dwm.exe

Failed to access process - fontdrvhost.exe

Failed to access process - fontdrvhost.exe

Failed to access process - GoogleCrashHandler.exe

Failed to access process - GoogleCrashHandler64.exe

Failed to access process - lsass.exe

Failed to access process - MBAMService.exe

Failed to access process - OfficeClickToRun.exe

Failed to access process - RtkAudUService64.exe

Failed to access process - SearchFilterHost.exe

Failed to access process - SearchFilterHost.exe

Failed to access process - SearchIndexer.exe

Failed to access process - SearchProtocolHost.exe

Failed to access process - SecurityHealthService.exe

Failed to access process - services.exe

Failed to access process - SgrmBroker.exe

Failed to access process - smss.exe

Failed to access process - spoolsv.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - svchost.exe

Failed to access process - wininit.exe

Failed to access process - winlogon.exe

Failed to access process - WmiPrvSE.exe

Failed to access process - WmiPrvSE.exe

Failed to access process - wmpnetwk.exe

Failed to access process - WUDFHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. - Realtek Semiconductor)

HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\Installer\setup.exe [3208616 2022-04-02] (Microsoft Corporation - Microsoft Corporation)

HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\Run: [MicrosoftEdgeAutoLaunch_27FE71A1FCA010C1EEE2EE31F8FBF83F] = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\Run: [Discord] = C:\Users\benit\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. - GitHub)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] - C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-04] (Google LLC - Google LLC)

Startup: C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2022-04-03]

ShortcutTarget: Send to OneNote.lnk - C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation - Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.12.1

Tcpip\..\Interfaces\{9d40143d-6915-4a24-b8bf-a7eb36b93d6a}: [DhcpNameServer] 172.16.12.1

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\benit\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-04]

Edge HomePage: Default - hxxp://google.com/

Edge Extension: (Malwarebytes Browser Guard) - C:\Users\benit\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-03]

Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-30] (Microsoft Corporation - Microsoft Corporation)

Chrome: 

=======

CHR Profile: C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default [2022-04-04]

CHR Notifications: Default - hxxps://calendar.google.com

CHR HomePage: Default - hxxp://google.com/

CHR Extension: (Slides) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-03-30]

CHR Extension: (Docs) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-03-30]

CHR Extension: (Google Drive) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-30]

CHR Extension: (YouTube) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-03-30]

CHR Extension: (Google Tips) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2022-03-31]

CHR Extension: (Google News) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2022-03-31]

CHR Extension: (Sheets) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-03-30]

CHR Extension: (Google Docs Offline) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-30]

CHR Extension: (Malwarebytes Browser Guard) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-31]

CHR Extension: (MetaMask) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2022-03-31]

CHR Extension: (Chrome Web Store Payments) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-30]

CHR Extension: (Gmail) - C:\Users\benit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-30]

CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [505336 2022-03-22] (Advanced Micro Devices Inc. - AMD)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-01] (Microsoft Corporation - Microsoft Corporation)

R3 lmhosts; C:\WINDOWS\System32\svchost.exe [79944 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [48568 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-03] (Malwarebytes Inc - Malwarebytes)

S3 NlaSvc; C:\WINDOWS\System32\svchost.exe [79944 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

S3 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [48568 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

R2 nsi; C:\WINDOWS\system32\svchost.exe [79944 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [48568 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6207696 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-30] (Microsoft Windows Publisher - Microsoft Corporation)

S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33728 2021-12-13] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27256 2022-01-27] (ASMedia Technology Inc. - Advanced Micro Devices, Inc)

R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [43336 2022-03-17] (Advanced Micro Devices INC. - Advanced Micro Devices)

R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_edd3335a4253bf6d\amdsafd.sys [109520 2021-11-04] (Advanced Micro Devices Inc. - Advanced Micro Devices)

R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryÍ·867.inf_amd64_755c7326c73377da\B377789\amdkmdag.sys [90150488 2022-03-23] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-03-30] (Microsoft Windows - Microsoft Corporation)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-04-03] (Microsoft Windows Early Launch Anti-malware Publisher - Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195024 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-03] (Microsoft Windows Hardware Compatibility Publisher - Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-03] (Malwarebytes Inc - Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [158856 2022-04-03] (Malwarebytes Inc - Malwarebytes)

R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [71720 2021-06-22] (Insecure.Com LLC - Insecure.Com LLC.)

S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher - The OpenVPN Project)

R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń - USBPcap)

S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [239648 2022-01-17] (Oracle Corporation - Oracle Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-03-30] (Microsoft Windows Early Launch Anti-malware Publisher - Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [439544 2022-03-30] (Microsoft Windows - Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-30] (Microsoft Windows - Microsoft Corporation)

S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29680 2022-03-18] (Microsoft Windows Hardware Compatibility Publisher - WireGuard LLC)

U4 npcap_wifi; no ImagePath

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-04 17:00 - 2022-04-04 17:00 - 000018819 _____ C:\Users\benit\Downloads\FRST.txt

2022-04-04 16:59 - 2022-04-04 17:00 - 000000000 ____D C:\FRST

2022-04-04 16:59 - 2022-04-04 16:59 - 002365440 _____ (Farbar) C:\Users\benit\Downloads\FRST64.exe

2022-04-04 15:38 - 2022-04-04 15:38 - 000000000 ___HD C:\$WinREAgent

2022-04-04 07:43 - 2022-04-04 07:43 - 000000000 ____D C:\Users\benit\AppData\Local\CrashDumps

2022-04-03 18:14 - 2022-04-03 18:16 - 000000000 ____D C:\AdwCleaner

2022-04-03 18:14 - 2022-04-03 18:14 - 008540344 _____ (Malwarebytes) C:\Users\benit\Downloads\AdwCleaner.exe

2022-04-03 18:07 - 2022-04-03 18:07 - 000195024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2022-04-03 18:07 - 2022-04-03 18:07 - 000158856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2022-04-03 18:07 - 2022-04-03 18:07 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2022-04-03 18:07 - 2022-04-03 18:07 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2022-04-03 18:07 - 2022-04-03 18:07 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2022-04-03 18:07 - 2022-04-03 18:07 - 000000000 ____D C:\Users\benit\AppData\Local\mbam

2022-04-03 18:06 - 2022-04-03 18:06 - 002443448 _____ (Malwarebytes) C:\Users\benit\Downloads\MBSetup-56590.56590-consumer.exe

2022-04-03 18:06 - 2022-04-03 18:06 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

2022-04-03 18:06 - 2022-04-03 18:06 - 000000000 ____D C:\ProgramData\Malwarebytes

2022-04-03 18:06 - 2022-04-03 18:06 - 000000000 ____D C:\Program Files\Malwarebytes

2022-04-03 01:14 - 2022-04-03 01:14 - 216926514 _____ C:\Users\benit\Downloads\5e03029f530c1 (1).mp4

2022-04-02 15:42 - 2022-04-02 15:42 - 000299161 _____ C:\Users\benit\Downloads\Coursera KPPM4Y5U99JK.pdf

2022-04-01 19:31 - 2022-04-01 21:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2022-04-01 01:57 - 2022-04-01 01:57 - 000000000 ____D C:\Users\benit\AppData\Local\PeerDistRepub

2022-03-31 00:16 - 2022-03-31 00:16 - 003083264 _____ C:\Users\benit\Downloads\putty-64bit-0.76-installer.msi

2022-03-31 00:16 - 2022-03-31 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)

2022-03-31 00:16 - 2022-03-31 00:16 - 000000000 ____D C:\Program Files\PuTTY

2022-03-31 00:12 - 2022-03-31 00:12 - 001265896 _____ (Simon Tatham) C:\Users\benit\Downloads\putty.exe

2022-03-30 20:51 - 2022-03-30 20:51 - 089329804 _____ C:\Users\benit\Downloads\2.pcapng

2022-03-30 20:27 - 2022-04-04 16:41 - 000000000 ____D C:\Program Files\Google

2022-03-30 20:27 - 2022-04-04 16:15 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2022-03-30 20:27 - 2022-04-04 16:15 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2022-03-30 20:26 - 2022-04-04 16:43 - 000000000 ____D C:\Program Files (x86)\Google

2022-03-30 20:26 - 2022-03-30 20:51 - 000000000 ____D C:\Users\benit\AppData\Local\Google

2022-03-30 20:24 - 2022-03-30 20:24 - 001343320 _____ (Google LLC) C:\Users\benit\Downloads\ChromeSetup.exe

2022-03-30 14:55 - 2022-03-30 14:55 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap

2022-03-30 14:55 - 2022-03-30 14:55 - 000000000 ____D C:\WINDOWS\system32\Npcap

2022-03-30 14:53 - 2022-03-30 15:21 - 000000000 ____D C:\Program Files (x86)\Nmap

2022-03-30 14:52 - 2022-03-30 14:52 - 028644568 _____ (Insecure.org) C:\Users\benit\Downloads\nmap-7.92-setup.exe

2022-03-30 13:39 - 2022-03-30 13:40 - 000000000 ____D C:\Users\benit\AppData\Roaming\Wireshark

2022-03-30 13:27 - 2022-03-30 13:27 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

2022-03-30 13:27 - 2022-03-30 13:27 - 000000000 ____D C:\Program Files\USBPcap

2022-03-30 13:21 - 2022-03-30 13:27 - 000000000 ____D C:\Program Files\Wireshark

2022-03-30 13:19 - 2022-03-30 14:55 - 000000000 ____D C:\Program Files\Npcap

2022-03-30 13:19 - 2022-03-30 13:19 - 001091728 _____ C:\Users\benit\Downloads\npcap-1.60.exe

2022-03-30 13:18 - 2022-03-30 13:18 - 077475048 _____ (Wireshark development team) C:\Users\benit\Downloads\Wireshark-win64-3.6.3.exe

2022-03-30 13:18 - 2022-03-30 13:18 - 044293192 _____ (PortableApps.com) C:\Users\benit\Downloads\WiresharkPortable64_3.6.3.paf.exe

2022-03-30 13:18 - 2022-03-30 13:18 - 000000000 ____D C:\Users\benit\Downloads\WiresharkPortable64

2022-03-30 13:08 - 2022-03-30 13:09 - 000000000 ____D C:\WINDOWS\system32\MRT

2022-03-30 06:58 - 2022-03-30 06:58 - 000000000 ____D C:\Users\benit\AppData\Local\cache

2022-03-30 06:50 - 2022-03-30 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool

2022-03-30 06:49 - 2022-03-30 06:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition

2022-03-30 06:49 - 2022-03-22 14:36 - 002901560 _____ (AMD Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001963608 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001963608 _____ C:\WINDOWS\system32\vulkaninfo.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001520216 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001520216 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 001434232 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 001434232 _____ C:\WINDOWS\system32\vulkan-1.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 001145808 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 001145808 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000789592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000666712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000550464 _____ C:\WINDOWS\system32\GameManager64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000493144 _____ C:\WINDOWS\system32\dgtrayicon.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 000484952 _____ C:\WINDOWS\system32\EEURestart.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 000411712 _____ C:\WINDOWS\SysWOW64\GameManager32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000336984 _____ C:\WINDOWS\system32\clinfo.exe

2022-03-30 06:48 - 2022-03-23 08:32 - 000186944 _____ C:\WINDOWS\system32\mantle64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000170048 _____ C:\WINDOWS\system32\mantleaxl64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000148032 _____ C:\WINDOWS\SysWOW64\mantle32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000133720 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000083544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000068184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000039512 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000036440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000020984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll

2022-03-30 06:48 - 2022-03-23 08:32 - 000020984 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 001528920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 001406552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 001406552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000883264 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe

2022-03-30 06:48 - 2022-03-23 08:31 - 000518232 _____ C:\WINDOWS\system32\atieah64.exe

2022-03-30 06:48 - 2022-03-23 08:31 - 000461400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000386136 _____ C:\WINDOWS\SysWOW64\atieah32.exe

2022-03-30 06:48 - 2022-03-23 08:31 - 000253504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000212544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000194504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000171096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000159296 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000158936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000133720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000132184 _____ C:\WINDOWS\system32\atidxx64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000130648 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000106584 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000106072 _____ C:\WINDOWS\SysWOW64\atidxx32.dll

2022-03-30 06:48 - 2022-03-23 08:31 - 000063064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 090032216 _____ C:\WINDOWS\system32\amd_comgr.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 074244696 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 069194840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000934488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000761944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000551000 _____ C:\WINDOWS\system32\amdgfxinfo64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000459352 _____ C:\WINDOWS\system32\amdlogum.exe

2022-03-30 06:48 - 2022-03-23 08:30 - 000141264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000126040 _____ C:\WINDOWS\system32\amdxc64.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000112648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll

2022-03-30 06:48 - 2022-03-23 08:30 - 000100952 _____ C:\WINDOWS\SysWOW64\amdxc32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 001690456 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 001368784 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000538136 _____ C:\WINDOWS\system32\amdmiracast.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000414296 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000151648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000141264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000126648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll

2022-03-30 06:48 - 2022-03-23 08:29 - 000112624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll

2022-03-30 06:48 - 2022-03-22 14:15 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap

2022-03-30 06:48 - 2022-03-22 14:15 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap

2022-03-30 06:48 - 2022-03-22 14:11 - 000571400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb

2022-03-30 06:48 - 2022-03-22 14:11 - 000571400 _____ C:\WINDOWS\system32\atiapfxx.blb

2022-03-30 06:48 - 2022-03-22 13:52 - 000010702 _____ C:\WINDOWS\system32\atiacmLocalisation.ini

2022-03-30 06:48 - 2022-03-22 13:05 - 056704640 _____ C:\WINDOWS\system32\amdxc64.so

2022-03-30 06:48 - 2021-12-13 12:01 - 000591792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdfendrsr.exe

2022-03-30 06:48 - 2021-12-13 12:01 - 000164800 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendr.sys

2022-03-30 06:48 - 2021-12-13 12:01 - 000033728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendrmgr.sys

2022-03-30 06:48 - 2021-08-17 09:34 - 000065168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdxe.sys

2022-03-30 06:45 - 2022-03-30 15:30 - 000000000 ____D C:\ProgramData\AMD

2022-03-30 06:45 - 2022-03-30 06:47 - 000000000 ____D C:\AMD

2022-03-30 06:45 - 2022-03-30 06:45 - 000000000 ____D C:\Program Files (x86)\AMD

2022-03-30 06:43 - 2022-03-30 06:44 - 039548016 _____ (AMD Inc.) C:\Users\benit\Downloads\amd-software-adrenalin-edition-22.3.2-minimalsetup-220323_web.exe

2022-03-30 06:24 - 2022-03-30 06:35 - 000000000 ____D C:\Users\benit\AppData\Local\Comms

2022-03-30 06:21 - 2022-04-04 16:46 - 000000000 ____D C:\Users\benit\AppData\Roaming\discord

2022-03-30 06:21 - 2022-04-04 16:38 - 000000000 ____D C:\Users\benit\AppData\Local\Discord

2022-03-30 06:21 - 2022-03-30 06:21 - 000000000 ____D C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

2022-03-30 06:21 - 2022-03-30 06:21 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

2022-03-30 06:20 - 2022-04-01 19:41 - 000000000 ____D C:\Program Files\Microsoft Office

2022-03-30 06:20 - 2022-03-30 06:21 - 000000000 ____D C:\Users\benit\AppData\Local\SquirrelTemp

2022-03-30 06:20 - 2022-03-30 06:20 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk

2022-03-30 06:20 - 2022-03-30 06:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2022-03-30 06:19 - 2022-03-30 06:19 - 000000000 ____D C:\Program Files\Microsoft Office 15

2022-03-30 06:18 - 2022-03-30 06:18 - 000000000 ____D C:\Users\benit\AppData\Local\OneDrive

2022-03-30 06:10 - 2022-03-30 06:10 - 000000000 ____D C:\Users\benit\OneDrive\Documents\FeedbackHub

2022-03-30 06:10 - 2022-03-30 06:10 - 000000000 ____D C:\Users\benit\OneDrive\Documents\EasyTune

2022-03-30 06:10 - 2022-03-07 02:09 - 000000172 ____R C:\Users\benit\OneDrive\Documents\home.url

2022-03-30 06:10 - 2021-05-21 10:57 - 000000172 ____R C:\Users\benit\OneDrive\Documents\Personal (Web).url

2022-03-30 06:10 - 2020-09-21 17:59 - 000002244 _____ C:\Users\benit\OneDrive\Documents\Default.rdp

2022-03-30 06:10 - 2020-04-02 13:18 - 000000174 ____R C:\Users\benit\OneDrive\Documents\Wow.url

2022-03-30 06:10 - 2020-03-30 11:49 - 000210872 _____ C:\Users\benit\OneDrive\Documents\money-manager-2 (1).xlsx

2022-03-30 06:10 - 2020-03-25 13:54 - 000009331 _____ C:\Users\benit\OneDrive\Documents\Book.xlsx

2022-03-30 06:10 - 2020-03-20 13:13 - 000001720 _____ C:\Users\benit\OneDrive\Documents\Where are my files.lnk

2022-03-30 06:10 - 2020-03-18 19:37 - 000041286 _____ C:\Users\benit\OneDrive\Documents\healer grid3load.txt

2022-03-30 06:10 - 2020-03-17 13:56 - 000000383 _____ C:\Users\benit\OneDrive\Documents\puduct key.txt

2022-03-30 06:10 - 2020-03-13 15:53 - 000324349 _____ C:\Users\benit\OneDrive\Documents\Family budget (monthly)1.xlsx

2022-03-30 06:10 - 2020-03-13 08:53 - 000085567 _____ C:\Users\benit\OneDrive\Documents\budget 1 month 3outof5.xlsx

2022-03-30 06:10 - 2020-03-08 20:50 - 000068886 _____ C:\Users\benit\OneDrive\Documents\yearbugetandgrosspay.xlsx

2022-03-30 06:10 - 2020-03-08 08:43 - 000121138 _____ C:\Users\benit\OneDrive\Documents\yearbugetandgrosspay2.xlsx

2022-03-30 06:10 - 2020-03-06 17:26 - 000035052 _____ C:\Users\benit\OneDrive\Documents\timesheetviweeklypaycalc.xlsx

2022-03-30 06:10 - 2020-03-05 17:33 - 000324620 _____ C:\Users\benit\OneDrive\Documents\4out5monhlybuget.xlsx

2022-03-30 06:10 - 2020-03-05 17:26 - 000034258 _____ C:\Users\benit\OneDrive\Documents\mounthly budget tenp 3-5.xlsx

2022-03-30 06:10 - 2020-03-05 17:24 - 000059062 _____ C:\Users\benit\OneDrive\Documents\invstack 12.xlsx

2022-03-30 06:10 - 2020-03-05 17:21 - 000018500 _____ C:\Users\benit\OneDrive\Documents\stackinv.xlsx

2022-03-30 06:10 - 2020-03-05 17:10 - 000018626 _____ C:\Users\benit\OneDrive\Documents\staciinv.xlsx

2022-03-30 06:10 - 2017-12-13 04:08 - 000001459 _____ C:\Users\benit\OneDrive\Documents\key_log

2022-03-30 06:10 - 2017-11-12 03:17 - 000277860 _____ C:\Users\benit\OneDrive\Documents\label.pdf

2022-03-30 06:10 - 2017-10-19 17:25 - 000002784 _____ C:\Users\benit\OneDrive\Documents\green whit token mix.csv

2022-03-30 06:10 - 2017-10-19 17:24 - 000004417 _____ C:\Users\benit\OneDrive\Documents\green whit token mix.dek

2022-03-30 06:10 - 2017-10-19 17:24 - 000001034 _____ C:\Users\benit\OneDrive\Documents\green whit token mix.txt

2022-03-30 06:10 - 2017-07-19 21:26 - 000000172 ____R C:\Users\benit\OneDrive\Documents\finances.url

2022-03-30 06:10 - 2017-07-07 00:18 - 000000173 ____R C:\Users\benit\OneDrive\Documents\KFC Tacobell.url

2022-03-30 06:10 - 2017-06-30 06:39 - 000000173 ____R C:\Users\benit\OneDrive\Documents\kfc taco bell e0080081.url

2022-03-30 06:10 - 2017-05-25 23:58 - 000000173 ____R C:\Users\benit\OneDrive\Documents\kfc tb.url

2022-03-30 06:10 - 2015-11-10 16:48 - 000000173 ____R C:\Users\benit\OneDrive\Documents\taco hell.url

2022-03-30 06:10 - 2015-07-08 12:27 - 000000172 ____R C:\Users\benit\OneDrive\Documents\taco bell.url

2022-03-30 06:09 - 2022-04-02 17:14 - 000000000 ____D C:\Users\benit\OneDrive\Documents\OneNote Notebooks

2022-03-30 06:09 - 2022-03-30 06:09 - 000000000 ____D C:\Users\benit\OneDrive\Documents\Youcam

2022-03-30 06:09 - 2022-03-30 06:09 - 000000000 ____D C:\Users\benit\OneDrive\Documents\WOW STUFF HAD TO DOWNLOAD TO START OVER

2022-03-30 06:09 - 2022-03-30 06:09 - 000000000 ____D C:\Users\benit\OneDrive\Documents\OneNoteGem

2022-03-30 06:09 - 2022-03-30 06:09 - 000000000 ____D C:\Users\benit\OneDrive\Documents\LetsView

2022-03-30 06:09 - 2022-03-25 02:31 - 000000174 ____R C:\Users\benit\OneDrive\Documents\Family Notebook.url

2022-03-30 06:09 - 2020-09-18 19:39 - 023792355 _____ C:\Users\benit\OneDrive\Documents\postit-1975188-Recovered.psd

2022-03-30 06:09 - 2020-09-17 19:11 - 000001312 _____ C:\Users\benit\OneDrive\Documents\subtitle (32).txt

2022-03-30 06:09 - 2020-09-17 19:10 - 000001277 _____ C:\Users\benit\OneDrive\Documents\subtitle (31).txt

2022-03-30 06:09 - 2020-09-17 19:09 - 000003100 _____ C:\Users\benit\OneDrive\Documents\subtitle (29).txt

2022-03-30 06:09 - 2020-09-17 19:09 - 000003063 _____ C:\Users\benit\OneDrive\Documents\subtitle (30).txt

2022-03-30 06:09 - 2020-09-17 19:08 - 000005328 _____ C:\Users\benit\OneDrive\Documents\subtitle (28).txt

2022-03-30 06:09 - 2020-09-17 19:07 - 000003293 _____ C:\Users\benit\OneDrive\Documents\subtitle (27).txt

2022-03-30 06:09 - 2020-09-17 19:07 - 000001945 _____ C:\Users\benit\OneDrive\Documents\subtitle (26).txt

2022-03-30 06:09 - 2020-09-17 19:04 - 000003554 _____ C:\Users\benit\OneDrive\Documents\subtitle (25).txt

2022-03-30 06:09 - 2020-09-17 18:59 - 000001458 _____ C:\Users\benit\OneDrive\Documents\subtitle (24).txt

2022-03-30 06:09 - 2020-09-17 18:58 - 000001766 _____ C:\Users\benit\OneDrive\Documents\subtitle (23).txt

2022-03-30 06:09 - 2020-09-17 18:55 - 000002245 _____ C:\Users\benit\OneDrive\Documents\subtitle (22).txt

2022-03-30 06:09 - 2020-09-17 18:52 - 000002227 _____ C:\Users\benit\OneDrive\Documents\subtitle (21).txt

2022-03-30 06:09 - 2020-09-17 18:51 - 000003454 _____ C:\Users\benit\OneDrive\Documents\subtitle (20).txt

2022-03-30 06:09 - 2020-09-17 18:50 - 000002098 _____ C:\Users\benit\OneDrive\Documents\subtitle (19).txt

2022-03-30 06:09 - 2020-09-17 18:49 - 000001865 _____ C:\Users\benit\OneDrive\Documents\subtitle (18).txt

2022-03-30 06:09 - 2020-09-17 18:48 - 000002555 _____ C:\Users\benit\OneDrive\Documents\subtitle (17).txt

2022-03-30 06:09 - 2020-09-17 18:46 - 000003953 _____ C:\Users\benit\OneDrive\Documents\subtitle (16).txt

2022-03-30 06:09 - 2020-09-17 18:45 - 000006670 _____ C:\Users\benit\OneDrive\Documents\subtitle (15).txt

2022-03-30 06:09 - 2020-09-17 18:43 - 000003652 _____ C:\Users\benit\OneDrive\Documents\subtitle (14).txt

2022-03-30 06:09 - 2020-09-17 18:41 - 000005077 _____ C:\Users\benit\OneDrive\Documents\subtitle (13).txt

2022-03-30 06:09 - 2020-09-17 18:39 - 000002994 _____ C:\Users\benit\OneDrive\Documents\subtitle (12).txt

2022-03-30 06:09 - 2020-09-09 17:31 - 000035386 _____ C:\Users\benit\OneDrive\Documents\tf16410081_win322.xlsx

2022-03-30 06:09 - 2020-09-08 07:12 - 002191360 _____ C:\Users\benit\OneDrive\Documents\Database4.accdb

2022-03-30 06:09 - 2020-09-08 07:08 - 003014656 _____ C:\Users\benit\OneDrive\Documents\Database3.accdb

2022-03-30 06:09 - 2020-09-08 07:04 - 002859008 _____ C:\Users\benit\OneDrive\Documents\Database1.accdb

2022-03-30 06:09 - 2020-09-08 07:04 - 000733184 _____ C:\Users\benit\OneDrive\Documents\Database2.accdb

2022-03-30 06:09 - 2020-09-06 12:25 - 000000174 ____R C:\Users\benit\OneDrive\Documents\Woodworking IDEA.url

2022-03-30 06:09 - 2020-09-01 05:02 - 000000174 ____R C:\Users\benit\OneDrive\Documents\innermonolog.url

2022-03-30 06:09 - 2020-08-27 12:51 - 000065047 _____ C:\Users\benit\OneDrive\Documents\ccapproval.pdf

2022-03-30 06:09 - 2020-08-05 00:33 - 000000174 ____R C:\Users\benit\OneDrive\Documents\wow mythic reference.url

2022-03-30 06:09 - 2020-05-21 14:04 - 000544857 _____ C:\Users\benit\OneDrive\Documents\Edit_Master.pptx

2022-03-30 06:09 - 2020-05-21 14:04 - 000392038 _____ C:\Users\benit\OneDrive\Documents\May.pdf

2022-03-30 06:09 - 2020-05-21 07:30 - 000470139 _____ C:\Users\benit\OneDrive\Documents\October.pdf

2022-03-30 06:09 - 2020-05-21 07:17 - 000412839 _____ C:\Users\benit\OneDrive\Documents\December.pdf

2022-03-30 06:09 - 2020-05-20 19:58 - 000403199 _____ C:\Users\benit\OneDrive\Documents\November.pdf

2022-03-30 06:09 - 2020-05-20 19:46 - 000393439 _____ C:\Users\benit\OneDrive\Documents\September.pdf

2022-03-30 06:08 - 2022-04-04 15:38 - 000000000 ___RD C:\Users\benit\OneDrive

2022-03-30 06:08 - 2022-04-01 19:31 - 000002383 _____ C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2022-03-30 06:08 - 2022-03-31 04:00 - 000000000 ____D C:\Users\benit\AppData\Local\PlaceholderTileLogoFolder

2022-03-30 06:08 - 2022-03-30 06:08 - 000000000 ____D C:\Users\benit\AppData\Local\VirtualStore

2022-03-30 06:07 - 2022-04-04 08:01 - 000000000 ____D C:\Users\benit\AppData\Local\AMD

2022-03-30 06:07 - 2022-04-04 07:56 - 000000000 ____D C:\Users\benit\AppData\Local\D3DSCache

2022-03-30 06:07 - 2022-04-02 18:16 - 000000000 ____D C:\Users\benit\AppData\Local\Packages

2022-03-30 06:07 - 2022-03-30 06:52 - 000000000 ____D C:\Users\benit\AppData\Local\ConnectedDevicesPlatform

2022-03-30 06:07 - 2022-03-30 06:07 - 000000000 ____D C:\Users\benit\AppData\Roaming\Adobe

2022-03-30 06:07 - 2022-03-30 06:07 - 000000000 ____D C:\Users\benit\AppData\LocalLow\AMD

2022-03-30 06:07 - 2022-03-30 06:07 - 000000000 ____D C:\Users\benit\AppData\Local\Publishers

2022-03-30 06:06 - 2022-04-04 15:38 - 000000000 ____D C:\Users\benit

2022-03-30 06:06 - 2022-03-30 06:06 - 000000020 ___SH C:\Users\benit\ntuser.ini

2022-03-30 06:06 - 2021-06-05 05:04 - 000001281 _____ C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk

2022-03-30 06:06 - 2021-06-05 05:04 - 000000407 _____ C:\Users\benit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk

2022-03-30 06:01 - 2022-03-30 06:01 - 002080992 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll

2022-03-30 06:01 - 2022-03-30 06:01 - 000069632 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2022-03-30 06:01 - 2022-03-30 06:01 - 000015018 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2022-03-30 06:00 - 2022-03-30 06:00 - 002550832 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll

2022-03-30 06:00 - 2022-03-30 06:00 - 000372736 _____ C:\WINDOWS\system32\hwreqchk.dll

2022-03-30 06:00 - 2022-03-30 06:00 - 000032768 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe

2022-03-30 05:52 - 2022-03-30 06:09 - 000000000 ___HD C:\OneDriveTemp

2022-03-30 05:51 - 2022-03-30 05:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2022-03-30 05:50 - 2022-04-02 18:16 - 000000000 ____D C:\ProgramData\Packages

2022-03-30 05:50 - 2022-03-30 06:07 - 000000000 __RHD C:\Users\Public\AccountPictures

2022-03-30 05:49 - 2022-04-01 01:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin

2022-03-30 05:49 - 2022-03-30 15:30 - 000000000 ____D C:\Program Files\AMD

2022-03-30 05:49 - 2022-03-30 06:50 - 000000000 ____D C:\WINDOWS\system32\AMD

2022-03-30 05:49 - 2022-03-23 08:30 - 000101392 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys

2022-03-30 05:49 - 2019-10-30 02:20 - 005623256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPOU64.dll

2022-03-30 05:49 - 2019-10-30 02:20 - 001126344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll

2022-03-30 05:49 - 2019-10-30 02:20 - 000481888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll

2022-03-30 05:49 - 2019-10-29 23:20 - 000856288 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkAudUService64.exe

2022-03-30 05:49 - 2019-10-29 23:20 - 000821336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll

2022-03-30 05:49 - 2019-10-29 23:20 - 000215032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll

2022-03-30 05:48 - 2022-04-04 15:58 - 000000000 ____D C:\Users\Chris

2022-03-30 05:35 - 2022-04-04 15:43 - 000803404 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2022-03-30 05:28 - 2022-03-30 05:28 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2022-03-30 05:28 - 2022-03-30 05:28 - 000000000 ____D C:\WINDOWS\CSC

2022-03-30 05:26 - 2022-04-04 15:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2022-03-30 05:26 - 2022-04-02 22:18 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2022-03-30 05:26 - 2022-04-02 22:18 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2022-03-30 05:26 - 2022-03-30 13:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2022-03-30 05:24 - 2022-04-04 15:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2022-03-30 05:24 - 2022-03-30 06:52 - 000329360 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2022-03-30 05:24 - 2022-03-30 05:24 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2022-03-30 05:18 - 2022-03-30 05:18 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient

2022-03-30 05:13 - 2022-03-30 05:13 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe

2022-03-30 05:13 - 2022-03-30 05:13 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe

2022-03-30 05:13 - 2022-03-30 05:13 - 000339968 _____ C:\WINDOWS\system32\pku2u.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000247808 _____ C:\WINDOWS\SysWOW64\pku2u.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000040960 _____ C:\WINDOWS\system32\prxyqry.dll

2022-03-30 05:13 - 2022-03-30 05:13 - 000013824 _____ C:\WINDOWS\SysWOW64\prxyqry.dll

2022-03-30 05:12 - 2022-03-30 05:12 - 000339968 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll

2022-03-30 05:12 - 2022-03-30 05:12 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll

2022-03-30 04:40 - 2022-03-30 05:34 - 000000000 ___DC C:\WINDOWS\Panther

2022-03-29 17:08 - 2022-03-29 17:08 - 000000000 ____D C:\inetpub

2022-03-24 01:03 - 2022-04-04 15:37 - 000012288 ___SH C:\DumpStack.log.tmp

2022-03-22 13:39 - 2022-03-22 13:39 - 000683520 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Device.dll

2022-03-22 13:39 - 2022-03-22 13:39 - 000065024 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Platform.dll

2022-03-18 19:31 - 2022-03-18 19:31 - 000029680 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\wintun.sys

2022-03-18 18:19 - 2022-03-18 18:19 - 000000000 _SHDL C:\Documents and Settings

2022-03-17 09:27 - 2022-03-17 09:27 - 000043336 _____ (Advanced Micro Devices) C:\WINDOWS\system32\AMDRyzenMasterDriver.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-04 15:45 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\AppReadiness

2022-04-04 15:45 - 2021-06-05 05:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2022-04-04 15:43 - 2021-06-05 05:09 - 000000000 ____D C:\WINDOWS\INF

2022-04-04 15:37 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\ServiceState

2022-04-04 12:13 - 2021-06-05 05:10 - 000000000 ___HD C:\Program Files\WindowsApps

2022-04-03 18:07 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SystemTemp

2022-04-03 18:06 - 2021-06-05 05:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2022-04-01 02:34 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\NDF

2022-03-31 11:27 - 2021-06-05 05:01 - 000000000 ____D C:\WINDOWS\CbsTemp

2022-03-31 11:12 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\appcompat

2022-03-30 13:39 - 2021-06-05 05:10 - 000000000 ____D C:\Program Files\Windows Defender

2022-03-30 06:23 - 2021-06-05 05:10 - 000000000 ___RD C:\WINDOWS\PrintDialog

2022-03-30 06:21 - 2021-06-05 05:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2022-03-30 06:21 - 2021-06-05 05:01 - 000000000 ____D C:\WINDOWS\servicing

2022-03-30 06:07 - 2021-06-05 05:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2022-03-30 06:05 - 2021-06-05 07:30 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SystemResources

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\oobe

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\appraiser

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\ShellExperiences

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\DiagTrack

2022-03-30 06:05 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\bcastdvr

2022-03-30 05:34 - 2021-06-05 07:30 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2022-03-30 05:34 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2022-03-30 05:34 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\spool

2022-03-30 05:34 - 2021-06-05 05:10 - 000000000 ____D C:\ProgramData\USOPrivate

2022-03-30 05:22 - 2021-06-05 05:14 - 000000000 ____D C:\WINDOWS\Setup

2022-03-30 05:18 - 2021-06-05 07:30 - 000000000 ___SD C:\WINDOWS\system32\AppV

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\setup

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\migwiz

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\id-ID

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\et-EE

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\es-MX

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\Dism

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\ShellComponents

2022-03-30 05:18 - 2021-06-05 05:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2022-03-23 08:31 - 2022-01-28 17:03 - 001874008 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll

2022-03-23 08:30 - 2022-01-28 17:02 - 000202720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll

2022-03-23 08:30 - 2022-01-28 17:02 - 000169248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll

==================== FLock ==============================

2022-03-29 23:49 C:\DumpStack.log

2021-06-05 05:10 C:\PerfLogs

2022-03-31 15:45 C:\WINDOWS\system32\config

2021-06-05 05:10 C:\WINDOWS\system32\Configuration

2021-06-05 05:10 C:\WINDOWS\system32\DriverState

2022-03-30 05:34 C:\WINDOWS\system32\FxsTmp

2021-06-05 05:10 C:\WINDOWS\system32\ias

2021-06-05 05:10 C:\WINDOWS\system32\MsDtc

2021-06-05 05:10 C:\WINDOWS\system32\networklist

2022-04-04 15:37 C:\WINDOWS\system32\SleepStudy

2022-04-04 16:39 C:\WINDOWS\system32\sru

2022-04-01 19:31 C:\WINDOWS\system32\Tasks

2022-04-04 15:39 C:\WINDOWS\system32\WDI

2021-06-05 05:10 C:\WINDOWS\LiveKernelReports

2021-06-05 05:10 C:\WINDOWS\ModemLogs

2022-04-04 16:59 C:\WINDOWS\Prefetch

2022-04-04 15:37 C:\WINDOWS\ServiceState

2022-04-03 18:07 C:\WINDOWS\SystemTemp

2021-06-05 05:10 C:\WINDOWS\WUModels

2021-06-05 05:26 C:\WINDOWS\SysWOW64\config

2021-06-05 05:10 C:\WINDOWS\SysWOW64\Configuration

2021-06-05 07:30 C:\WINDOWS\SysWOW64\FxsTmp

2021-06-05 05:10 C:\WINDOWS\SysWOW64\Msdtc

2021-06-05 05:10 C:\WINDOWS\SysWOW64\NetworkList

2021-06-05 05:10 C:\WINDOWS\SysWOW64\sru

2021-06-05 05:10 C:\WINDOWS\SysWOW64\Tasks

2021-06-05 05:10 C:\WINDOWS\system32\Drivers\DriverData

2022-04-04 15:58 C:\Users\Chris

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: == Could not access BCD. The user is not administrator - The boot configuration data store could not be opened.

Access is denied.

==================== End of FRST.txt ========================‹

addition.txt

Quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022

Ran by benit (04-04-2022 17:01:28)

Running from C:\Users\benit\Downloads

Microsoft Windows 11 Pro Version 21H2 22000.593 (X64) (2022-03-30 12:34:19)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1337827148-1602420228-2535310048-500 - Administrator - Disabled)

benit (S-1-5-21-1337827148-1602420228-2535310048-1003 - Limited - Enabled) = C:\Users\benit

betre (S-1-5-21-1337827148-1602420228-2535310048-1004 - Limited - Enabled)

Betree (S-1-5-21-1337827148-1602420228-2535310048-1005 - Limited - Enabled)

CBpah (S-1-5-21-1337827148-1602420228-2535310048-1002 - Limited - Enabled)

Chris (S-1-5-21-1337827148-1602420228-2535310048-1001 - Administrator - Enabled) = C:\Users\Chris

DefaultAccount (S-1-5-21-1337827148-1602420228-2535310048-503 - Limited - Disabled)

Guest (S-1-5-21-1337827148-1602420228-2535310048-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-1337827148-1602420228-2535310048-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.3.2 - Advanced Micro Devices, Inc.)

AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden

Branding64 (HKLM\...\{2AF42320-5ECF-4BCA-B756-8F3677262D55}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden

Discord (HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\Discord) (Version: 1.0.9003 - Discord Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)

Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.29 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation)

Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)

Nmap 7.92 (HKLM-x32\...\Nmap) (Version: 7.92 - Nmap Project)

Npcap (HKLM-x32\...\NpcapInst) (Version: 1.50 - Nmap Project)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden

Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden

PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)

RyzenMasterSDK (HKLM\...\{27555A81-EED9-4B96-8721-900AE920D662}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden

USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)

Wireshark 3.6.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.3 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:

=========

AMD Link - C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.21.50009.0_x64__0a9344xs7nr4m [2022-03-30] (Advanced Micro Devices Inc.)

Corel Painter Microsoft Store Edition - C:\Program Files\WindowsApps\CorelCorporation.CorelPainter_22.0.2.0_x64__wbjqpk9xt50t4 [2022-03-30] (Corel Corporation)

Microsoft Solitaire Collection - C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-30] (Microsoft Studios) [MS Ad]

Microsoft Whiteboard - C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10315.352.0_x64__8wekyb3d8bbwe [2022-04-01] (Microsoft Corporation)

Realtek Audio Control - C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2022-03-30] (Realtek Semiconductor Corp)

RealtimeBoard - C:\Program Files\WindowsApps\RealtimeboardInc.RealtimeBoard_2.1.5.0_x64__h77ag88wp8xmr [2022-04-01] (Realtimeboard Inc.)

Sketchable - C:\Program Files\WindowsApps\SiliconBendersLLC.Sketchable_5.5.48.0_x64__r2kxzpx527qgj [2022-04-03] (Silicon Benders LLC)

Spotify Music - C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-31] (Spotify AB) [Startup Task]

Telegram Desktop - C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_3.6.0.0_x64__t4vj0pshhgkwm [2022-03-30] (Telegram Messenger LLP) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] - {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-03] (Malwarebytes Corporation - Malwarebytes)

ContextMenuHandlers5: [ACE] - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\WINDOWS\System32\atiacm64.dll [2022-03-23] (Advanced Micro Devices Inc. - Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [MBAMShlExt] - {57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-03] (Malwarebytes Corporation - Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-21 04:50 - 2021-04-21 04:50 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll

2022-03-22 17:07 - 2022-03-22 17:07 - 001764864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll

2017-09-05 00:15 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\AMD\CNext\CNext\D3DCOMPILER_47.dll

2022-03-30 06:20 - 2022-03-30 06:20 - 000000000 ____L (Microsoft Corporation) [simlink - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll

2022-03-30 06:20 - 2022-03-30 06:20 - 000000000 ____L (Microsoft Corporation) [simlink - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

2022-03-30 06:07 - 2022-03-30 06:07 - 000137168 _____ (Microsoft Windows - Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

2021-04-21 04:50 - 2021-04-21 04:50 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService = ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService = ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

URLSearchHook: [S-1-5-21-1337827148-1602420228-2535310048-1001] ATTENTION = Default URLSearchHook is missing

BHO-x32: Skype for Business Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-30] (Microsoft Corporation - Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-01] (Microsoft Corporation - Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 05:08 - 2021-06-05 05:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1337827148-1602420228-2535310048-1003\Control Panel\Desktop\\Wallpaper - C:\WINDOWS\web\wallpaper\Windows\img0.jpg

DNS Servers: 172.16.12.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System = (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer = (SmartScreenEnabled: )

Windows Firewall is enabled.

Network Binding:

=============

Ethernet: Npcap Packet Driver (NPCAP) - INSECURE_NPCAP (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: = "SecurityHealth"

HKLM\...\StartupApproved\Run: = "RtkAudUService"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{97BC5127-E984-47D5-99F5-1E9EF39151C9}C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe] = (Allow) C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. - Discord Inc.)

FirewallRules: [UDP Query User{FB49A05D-98B1-4841-B308-04F05B2FB0E5}C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe] = (Allow) C:\users\benit\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. - Discord Inc.)

FirewallRules: [TCP Query User{C6401C47-BFEB-4DDA-B5BD-7C4681DC6F7B}C:\program files (x86)\nmap\nmap.exe] = (Allow) C:\program files (x86)\nmap\nmap.exe (Insecure.Com LLC - Insecure.Org)

FirewallRules: [UDP Query User{8DA573CC-CE29-43CC-98BD-C23E664BB651}C:\program files (x86)\nmap\nmap.exe] = (Allow) C:\program files (x86)\nmap\nmap.exe (Insecure.Com LLC - Insecure.Org)

FirewallRules: [{EA00987C-13B7-4AA5-A607-F805D98E2702}] = (Block) LPort=443

FirewallRules: [{3214850B-904E-4B09-9899-EFC20BEAE391}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{47166398-891B-4054-ABA9-C67EB2B61887}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{BEB89906-4AAA-43D3-892F-B9749DDF73DA}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{6C7501AF-A140-4BB6-B1F2-4CAADED376E0}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{55CBA32A-3FB9-4677-AEC8-F06EF9197E0D}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{BEFE15D5-47A9-41ED-80F9-C43167A0EABF}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{24C63200-50EE-440B-A488-39D81ED7A048}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{527ACC3E-0A36-4222-9027-3D29108767D6}] = (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB - Spotify Ltd)

FirewallRules: [{BDB722D6-EA62-452A-A160-EA142B0D56B2}] = (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe (Microsoft Corporation - Microsoft Corporation)

FirewallRules: [{CF00668D-78B3-4FFF-B9D9-F32B036E39C6}] = (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22070.202.1253.1497_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation - Microsoft Corporation)

FirewallRules: [{FD85D442-E7FE-4A56-B6DF-D28F6D012A4E}] = (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22070.202.1253.1497_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation - Microsoft Corporation)

FirewallRules: [{CD196523-C36A-48CA-87EA-528AFCD69AF8}] = (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC - Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:131.29 GB) (Free:79.17 GB) (60%)

Check "VSS" service

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (04/04/2022 03:38:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Mon, 04 Apr 2022 22:38:07 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: 0c294f3b-9d05-4e1e-80c3-3c4b6ddf8567

Method: GET(328ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/04/2022 03:38:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Mon, 04 Apr 2022 22:38:07 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: 3ff8a674-1964-4a5e-8bd2-5d5e6b8e6050

Method: GET(438ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/04/2022 07:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.22000.593, time stamp: 0x59a4b94a

Faulting module name: ucrtbase.dll, version: 10.0.22000.1, time stamp: 0x00e78ce9

Exception code: 0xc0000409

Fault offset: 0x000000000007dd7e

Faulting process id: 0x1f0

Faulting application start time: 0x01d846c583994437

Faulting application path: C:\WINDOWS\explorer.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: c636bb8c-5b9a-4fca-b553-d58e11d430bf

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/02/2022 11:04:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program identity_helper.exe version 100.0.1185.29 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 26e8

Start Time: 01d8472092817b0c

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.29\identity_helper.exe

Report Id: ce7f4716-5261-42ba-8b56-e9b64476930f

Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.55_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (04/02/2022 12:11:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 10.0.22000.593, time stamp: 0x59a4b94a

Faulting module name: ucrtbase.dll, version: 10.0.22000.1, time stamp: 0x00e78ce9

Exception code: 0xc0000409

Fault offset: 0x000000000007dd7e

Faulting process id: 0x13c4

Faulting application start time: 0x01d845a58ff6fbb5

Faulting application path: C:\WINDOWS\Explorer.EXE

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: b7117f64-ddcf-4022-908b-3e6464e1f65c

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/01/2022 01:50:44 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Fri, 01 Apr 2022 08:50:44 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: b9add959-e2bf-44c6-824a-b12d730306ba

Method: GET(141ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/01/2022 01:50:44 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Fri, 01 Apr 2022 08:50:44 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: a8ddbb60-5359-4780-a7dc-2dfedbd3d4d3

Method: GET(250ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/01/2022 01:33:56 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Fri, 01 Apr 2022 08:33:56 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: 01a37316-9ed1-4943-8c17-b299448b8866

Method: GET(141ms)

Stage: GetCACaps

Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

System errors:

=============

Error: (04/04/2022 04:35:17 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:35:04 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:33:21 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:32:56 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 04:32:35 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9D40143D-6915-4A24-B8BF-A7EB36B93D6A} because another computer on the network has the same name.  The server could not start.

Error: (04/04/2022 03:38:35 PM) (Source: DCOM) (EventID: 10001) (User: LEAVE_MY_SYSTEM)

Description: Unable to start a DCOM Server: {5250E46F-BB09-D602-5891-F476DC89B700} as Unavailable/Unavailable. The error:

"2147958016"

Happened while starting this command:

"C:\WINDOWS\system32\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

Error: (04/04/2022 03:37:50 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 12:48:16 PM on ‎4/‎4/‎2022 was unexpected.

Error: (04/04/2022 07:43:47 AM) (Source: DCOM) (EventID: 10010) (User: LEAVE_MY_SYSTEM)

Description: The server {A28430CA-1EBF-48DD-AA17-9221B6F86A6C} did not register with DCOM within the required timeout.

Windows Defender:

================

Date: 2022-04-03 16:23:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-04-02 14:40:16

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-04-01 19:45:53

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-03-31 14:21:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-03-31 11:28:03

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan



CodeIntegrity:

===============

Date: 2022-03-30 05:26:45

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2022-03-30 05:26:45

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

BIOS: American Megatrends International, LLC. F63a 02/17/2022

Motherboard: Gigabyte Technology Co., Ltd. B450M DS3H-CF

Processor: AMD Ryzen 5 2600 Six-Core Processor 

Percentage of memory in use: 24%

Total physical RAM: 32692.4 MB

Available physical RAM: 24648.59 MB

Total Virtual: 37556.4 MB

Available Virtual: 24555.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:131.29 GB) (Free:79.17 GB) NTFS

Drive d: (Documents) (Fixed) (Total:47.56 GB) (Free:15.23 GB) NTFS

Drive f: (f) (Fixed) (Total:44 GB) (Free:43.84 GB) NTFS

\\?\Volume{6aacf788-9fa9-4f33-9af8-f4f515a24cfc}\ () (Fixed) (Total:0.6 GB) (Free:0.08 GB) NTFS

\\?\Volume{43761e12-eed1-4d86-b3de-44f744817118}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR Partition Table ====================

==================== End of Addition.txt =======================

Edited by hamluis, 04 April 2022 - 08:46 PM.


I wish you appreciated this post. Do not neglect to join our team and also obtain a e-newsletter send out to your inbox.