Cloning virus attack, please help!!!

Hi Malware Fighter @ JSntgRvr

 

First of all thank you , for assisting me with the issue.

 

I have attached the files and also pasted content here. Kindly let me know next steps.

 

—————————————————————FRST.txt—————————————————————

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2021

Ran by(administrator) on DESKTOP-7FKHRPL (LENOVO 20354) (25-08-2021 23:37:49)

Running from C:UserspalabDesktop

Loaded Profiles:palabhi2015

Platform: Windows 10 Home Single Language Version 21H1 19043.1165 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Conexant Systems, Inc. -> Conexant Systems Inc.) C:WindowsSystem32CxAudMsg64.exe

(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:Program FilesCONEXANTcAudioFilterAgentCAudioFilterAgent64.exe

(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:WindowsSysWOW64SASrv.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrl.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrlHelper.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDIntelligent.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDService.exe

(Fortemedia Inc -> ) C:Program FilesCONEXANTForteConfigfmapp.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.102GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.102GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <23>

(Intel® pGFX -> ) C:WindowsSystem32igfxTray.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxHK.exe

(Kilonova LLC -> Skillbrains) C:Program Files (x86)Skillbrainslightshot5.5.0.7Lightshot.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16EXCEL.EXE

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32osk.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:WindowsRtkBtManServ.exe

(Notepad++ -> Don HO [email protected]) C:Program FilesNotepad++notepad++.exe

(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvlti.inf_amd64_2216898e7feeb52dDisplay.NvContainerNVDisplay.Container.exe <2>

(Realtek Semiconductor Corp -> Realtek semiconductor) C:WindowsRTFTrack.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [ForteConfig] => C:Program FilesConexantForteConfigfmapp.exe [49056 2010-10-27] (Fortemedia Inc -> )

HKLM…Run: [cAudioFilterAgent] => C:Program FilesConexantcAudioFilterAgentcAudioFilterAgent64.exe [919768 2014-11-21] (Conexant Systems, Inc. -> Conexant Systems, Inc.)

HKLM…Run: [SmartAudio] => C:Program FilesCONEXANTSAIISACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)

HKLM…Run: [RtsFT] => C:WINDOWSRTFTrack.exe [5166872 2016-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor)

HKLM…Run: [KeePass 2 PreLoad] => C:Program FilesKeePass Password Safe 2KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)

HKLM-x32…Run: [TeamsMachineInstaller] => C:Program Files (x86)Teams InstallerTeams.exe [109324536 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32…Run: [Lightshot] => C:Program Files (x86)SkillbrainslightshotLightshot.exe [226728 2019-07-21] (Kilonova LLC -> )

HKUS-1-5-21-2113477449-3484941277-3011581078-1001…Run: [OneDrive] => C:Program Files (x86)Microsoft OneDriveOneDrive.exe [2196344 2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

HKUS-1-5-21-2113477449-3484941277-3011581078-1001…Run: [com.squirrel.Teams.Teams] => C:UserspalabAppDataLocalMicrosoftTeamsUpdate.exe [2454240 2021-08-24] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKUS-1-5-21-2113477449-3484941277-3011581078-500…RunOnce: [OneDrive] => C:Program Files (x86)Microsoft OneDriveOneDrive.exe [2196344 2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication92.0.4515.159Installerchrmstp.exe [2021-08-24] (Google LLC -> Google LLC)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {14811F99-4CC3-4294-9486-08C5D39E6272} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [139112 2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

Task: {4669A4D8-6370-4A6D-BD68-A43042908E23} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [139112 2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

Task: {653C52C6-AB21-4B6D-B5E0-BA5F2ADD1573} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {70D8DAD0-2096-4788-BEFF-4A8DCE278B8C} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-08-24] (Google LLC -> Google LLC)

Task: {A2159800-CF38-4608-B558-218FBEA88F47} – System32Tasksupdate-sys => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

Task: {A2AA645B-C4FC-4155-B997-2903A68AD86A} – System32TasksOneDrive Per-Machine Standalone Update Task => C:Program Files (x86)Microsoft OneDriveOneDriveStandaloneUpdater.exe [2989424 2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

Task: {A4141F06-90F5-444C-9ED1-B01231B79B49} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-08-24] (Google LLC -> Google LLC)

Task: {AAB989CB-60FE-4775-AEA9-F80FD0580304} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {DC603230-832C-4854-9D42-7E83BD7CC722} – System32Tasksupdate-S-1-5-21-2113477449-3484941277-3011581078-1001 => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksupdate-S-1-5-21-2113477449-3484941277-3011581078-1001.job => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe

Task: C:WINDOWSTasksupdate-sys.job => C:Program Files (x86)SkillbrainsUpdaterUpdater.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.18.1

Tcpip..Interfaces{23409061-67b3-4097-a5a2-ac77ef7807e0}: [DhcpNameServer] 192.168.18.1

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:UserspalabAppDataLocalMicrosoftEdgeUser DataDefault [2021-08-25]

 

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

 

Chrome: 

=======

CHR Profile: C:UserspalabAppDataLocalGoogleChromeUser DataDefault [2021-08-25]

CHR Extension: (Slides) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2021-08-24]

CHR Extension: (Docs) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2021-08-24]

CHR Extension: (Google Drive) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2021-08-24]

CHR Extension: (YouTube) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-24]

CHR Extension: (uBlock Origin) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-08-24]

CHR Extension: (Sheets) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2021-08-24]

CHR Extension: (Google Docs Offline) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-24]

CHR Extension: (Chrome Web Store Payments) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-08-24]

CHR Extension: (Gmail) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2021-08-24]

CHR Extension: (Chrome Media Router) – C:UserspalabAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-24]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)

S3 FileSyncHelper; C:Program Files (x86)Microsoft OneDrive21.150.0725.0001FileSyncHelper.exe [2382200 2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

S2 LPlatSvc; C:WINDOWSSystem32LPlatSvc.exe [774552 2017-12-03] (Lenovo -> Lenovo.)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7497336 2021-08-24] (Malwarebytes Inc -> Malwarebytes)

S3 OneDrive Updater Service; C:Program Files (x86)Microsoft OneDrive21.150.0725.0001OneDriveUpdaterService.exe [2739576 2021-08-24] (Microsoft Corporation -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2107.4-0MsMpEng.exe [136656 2021-08-25] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynvlti.inf_amd64_2216898e7feeb52dDisplay.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynvlti.inf_amd64_2216898e7feeb52dDisplay.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleKmdfFilter; C:WINDOWSSystem32driversAppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 dg_ssudbus; C:WINDOWSSystem32driversssudbus.sys [120416 2017-03-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))

R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [160176 2021-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [210344 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-08-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [198888 2021-08-25] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [68528 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-08-25] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [149424 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R0 PMDRVS; C:WINDOWSSystem32driverspmdrvs.sys [43208 2017-12-03] (Lenovo -> Lenovo.)

S3 Spyder5; C:WINDOWSSystem32driversdccmtr.sys [15360 2015-04-13] (Microsoft Windows Hardware Compatibility Publisher -> Datacolor)

S3 ssudcdf; C:WINDOWSSystem32driversssudcdf.sys [34488 2012-02-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssuddmgr; C:WINDOWSSystem32driversssuddmgr.sys [203320 2012-02-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssudobex; C:WINDOWSSystem32driversssudobex.sys [203320 2012-02-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssudqcfilter; C:WINDOWSSystem32driversssudqcfilter.sys [55904 2017-03-17] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)

S3 ssudrmnet; C:WINDOWSSystem32driversssudrmnet.sys [66360 2012-02-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)

S3 ssudserd; C:WINDOWSSystem32driversssudserd.sys [203320 2012-02-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))

R3 trufos; C:WINDOWSSystem32driverstrufos.sys [641736 2021-08-25] (Bitdefender SRL -> Bitdefender)

S3 ViGEmBus; C:WINDOWSSystem32driversViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)

S3 vjoy; C:WINDOWSSystem32driversvjoy.sys [67448 2019-07-14] (On-site Dental Systems (Justin Shafer) -> Shaul Eizikovich)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [49568 2021-08-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WDC_SAM; C:WINDOWSSystem32driverswdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [434424 2021-08-25] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [78072 2021-08-25] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-08-25 23:37 – 2021-08-25 23:38 – 000016366 _____ C:UserspalabDesktopFRST.txt

2021-08-25 23:36 – 2021-08-25 23:38 – 000000000 ___DC C:FRST

2021-08-25 23:25 – 2021-08-25 23:25 – 002300928 _____ (Farbar) C:UserspalabDesktopFRST64.exe

2021-08-25 23:23 – 2021-08-25 23:26 – 000000000 __HDC C:$WinREAgent

2021-08-25 20:58 – 2021-08-25 20:58 – 000000000 ____D C:UserspalabDesktopPass storage Esxi

2021-08-25 20:57 – 2021-08-25 20:57 – 000000000 ____D C:UserspalabDesktopService Disable SSH EXSI

2021-08-25 18:41 – 2021-08-25 18:42 – 023004595 _____ C:WINDOWSREGBK00.ZIP

2021-08-25 18:35 – 2021-08-25 23:02 – 000000054 _____ C:WINDOWSLic.xxx

2021-08-25 18:35 – 2021-08-25 18:35 – 000000000 ___DC C:PUB

2021-08-25 18:34 – 2021-08-25 18:34 – 000641736 _____ (Bitdefender) C:WINDOWSsystem32Driverstrufos.sys

2021-08-25 18:34 – 2021-08-25 18:31 – 000632064 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvcr80.dll

2021-08-25 18:34 – 2021-08-25 18:31 – 000554240 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msvcp80.dll

2021-08-25 18:34 – 2021-08-25 18:31 – 000176760 _____ (MicroWorld Technologies Inc.) C:WINDOWSSysWOW64eEmpty.exe

2021-08-25 18:33 – 2021-08-25 18:33 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys

2021-08-25 18:33 – 2021-08-25 18:33 – 000149424 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys

2021-08-25 18:33 – 2021-08-25 18:33 – 000068528 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys

2021-08-25 18:31 – 2021-08-25 18:31 – 000000000 ____D C:UserspalabDocumentsCustom Office Templates

2021-08-25 18:30 – 2021-08-25 18:31 – 000000000 ____D C:ProgramDataMicroWorld

2021-08-25 16:27 – 2021-08-25 18:32 – 000287075 _____ C:UserspalabDesktopQA_SLA_Report_20210825.csv

2021-08-25 06:16 – 2021-08-25 05:27 – 000000000 ____D C:WINDOWSPanther

2021-08-25 06:15 – 2021-08-25 05:27 – 000000000 ___DC C:Windows.old

2021-08-25 06:14 – 2021-08-25 06:14 – 000000000 ____D C:ProgramDatassh

2021-08-25 06:10 – 2021-08-25 06:10 – 001687040 _____ C:WINDOWSsystem32libcrypto.dll

2021-08-25 06:10 – 2021-08-25 06:10 – 000581120 _____ (Microsoft Corporation) C:WINDOWSsystem32PhotoScreensaver.scr

2021-08-25 06:10 – 2021-08-25 06:10 – 000499200 _____ (Microsoft Corporation) C:WINDOWSSysWOW64PhotoScreensaver.scr

2021-08-25 06:10 – 2021-08-25 06:10 – 000095744 _____ C:WINDOWSsystem32VirtualMonitorManager.dll

2021-08-25 06:10 – 2021-08-25 06:10 – 000067584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wscui.cpl

2021-08-25 06:10 – 2021-08-25 06:10 – 000007680 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MsraLegacy.tlb

2021-08-25 06:10 – 2021-08-25 06:10 – 000007680 _____ (Microsoft Corporation) C:WINDOWSsystem32MsraLegacy.tlb

2021-08-25 06:10 – 2021-08-25 06:10 – 000006656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rendezvousSession.tlb

2021-08-25 06:10 – 2021-08-25 06:10 – 000006656 _____ (Microsoft Corporation) C:WINDOWSsystem32rendezvousSession.tlb

2021-08-25 06:09 – 2021-08-25 06:09 – 004898144 _____ (Microsoft Corporation) C:WINDOWSsystem32rtmpltfm.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 003860832 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rtmpltfm.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb

2021-08-25 06:09 – 2021-08-25 06:09 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb

2021-08-25 06:09 – 2021-08-25 06:09 – 002371072 _____ C:WINDOWSsystem32rdpnano.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 001354080 _____ (Microsoft Corporation) C:WINDOWSsystem32rtmpal.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 001333760 _____ C:WINDOWSSysWOW64TextInputMethodFormatter.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 001314128 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-08-25 06:09 – 2021-08-25 06:09 – 001163776 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-08-25 06:09 – 2021-08-25 06:09 – 001091936 _____ (Microsoft Corporation) C:WINDOWSsystem32rtmcodecs.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 001032544 _____ (Microsoft Corporation) C:WINDOWSsystem32ortcengine.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000980320 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rtmpal.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000915296 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rtmcodecs.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000732000 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ortcengine.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000729600 _____ (Microsoft Corporation) C:WINDOWSsystem32hhctrl.ocx

2021-08-25 06:09 – 2021-08-25 06:09 – 000700928 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000611952 _____ C:WINDOWSSysWOW64TextShaping.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000595968 _____ (Microsoft Corporation) C:WINDOWSsystem32appwiz.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000575488 _____ (Microsoft Corporation) C:WINDOWSSysWOW64hhctrl.ocx

2021-08-25 06:09 – 2021-08-25 06:09 – 000570880 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000469504 _____ (Microsoft Corporation) C:WINDOWSSysWOW64appwiz.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000452608 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000446976 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mmsys.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv

2021-08-25 06:09 – 2021-08-25 06:09 – 000330752 _____ C:WINDOWSSysWOW64ssdm.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000304128 _____ (Microsoft Corporation) C:WINDOWSsystem32ksproxy.ax

2021-08-25 06:09 – 2021-08-25 06:09 – 000266240 _____ C:WINDOWSSysWOW64Windows.Internal.UI.Shell.WindowTabManager.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000266240 _____ (Microsoft Corporation) C:WINDOWSsystem32mpg2splt.ax

2021-08-25 06:09 – 2021-08-25 06:09 – 000240640 _____ C:WINDOWSSysWOW64CoreMas.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000238592 _____ (Microsoft Corporation) C:WINDOWSsystem32intl.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000235520 _____ C:WINDOWSSysWOW64HeatCore.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000234496 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ksproxy.ax

2021-08-25 06:09 – 2021-08-25 06:09 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-08-25 06:09 – 2021-08-25 06:09 – 000221184 _____ (Microsoft Corporation) C:WINDOWSSysWOW64bthprops.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000204800 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mpg2splt.ax

2021-08-25 06:09 – 2021-08-25 06:09 – 000182272 _____ (Microsoft Corporation) C:WINDOWSSysWOW64timedate.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000178688 _____ (Microsoft Corporation) C:WINDOWSSysWOW64intl.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000170496 _____ (Microsoft Corporation) C:WINDOWSsystem32VBICodec.ax

2021-08-25 06:09 – 2021-08-25 06:09 – 000135168 _____ (Microsoft Corporation) C:WINDOWSSysWOW64VBICodec.ax

2021-08-25 06:09 – 2021-08-25 06:09 – 000112128 _____ (Microsoft Corporation) C:WINDOWSSysWOW64activeds.tlb

2021-08-25 06:09 – 2021-08-25 06:09 – 000102912 _____ (Microsoft Corporation) C:WINDOWSsystem32ncpa.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000100864 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ncpa.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000087552 _____ (Microsoft Corporation) C:WINDOWSsystem32tdc.ocx

2021-08-25 06:09 – 2021-08-25 06:09 – 000084992 _____ (Microsoft Corporation) C:WINDOWSsystem32wscui.cpl

2021-08-25 06:09 – 2021-08-25 06:09 – 000072704 _____ (Microsoft Corporation) C:WINDOWSSysWOW64tdc.ocx

2021-08-25 06:09 – 2021-08-25 06:09 – 000067072 _____ C:WINDOWSsystem32BWContextHandler.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000056672 _____ (Microsoft Corporation) C:WINDOWSsystem32rtmmvrortc.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000055376 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rtmmvrortc.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000053760 _____ C:WINDOWSSysWOW64BWContextHandler.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000048640 _____ (Adobe Systems) C:WINDOWSsystem32atmlib.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000047472 _____ C:WINDOWSSysWOW64umpdc.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000045880 _____ C:WINDOWSsystem32HvSocket.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000039936 _____ (Adobe Systems) C:WINDOWSSysWOW64atmlib.dll

2021-08-25 06:09 – 2021-08-25 06:09 – 000023552 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msacm32.drv

2021-08-25 06:09 – 2021-08-25 06:09 – 000011347 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-08-25 06:09 – 2021-08-25 06:09 – 000010752 _____ C:WINDOWSSysWOW64agentactivationruntimestarter.exe

2021-08-25 06:08 – 2021-08-25 06:08 – 004227116 _____ C:WINDOWSsystem32DefaultHrtfs.bin

2021-08-25 06:08 – 2021-08-25 06:08 – 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 002254336 _____ C:WINDOWSsystem32dwmscene.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 001823280 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-08-25 06:08 – 2021-08-25 06:08 – 001393480 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-08-25 06:08 – 2021-08-25 06:08 – 000707016 _____ C:WINDOWSsystem32TextShaping.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv

2021-08-25 06:08 – 2021-08-25 06:08 – 000544768 _____ (Microsoft Corporation) C:WINDOWSsystem32mmsys.cpl

2021-08-25 06:08 – 2021-08-25 06:08 – 000455168 _____ C:WINDOWSsystem32ssdm.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000363520 _____ C:WINDOWSsystem32Windows.Internal.UI.Shell.WindowTabManager.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000306688 _____ C:WINDOWSsystem32HeatCore.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000288768 _____ C:WINDOWSsystem32Windows.Management.InprocObjects.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-08-25 06:08 – 2021-08-25 06:08 – 000266752 _____ (Microsoft Corporation) C:WINDOWSsystem32bthprops.cpl

2021-08-25 06:08 – 2021-08-25 06:08 – 000243200 _____ (Microsoft Corporation) C:WINDOWSsystem32timedate.cpl

2021-08-25 06:08 – 2021-08-25 06:08 – 000231248 _____ C:WINDOWSsystem32containerdevicemanagement.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000197632 _____ C:WINDOWSsystem32IHDS.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000190976 _____ C:WINDOWSsystem32BthpanContextHandler.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000165888 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-08-25 06:08 – 2021-08-25 06:08 – 000152064 _____ C:WINDOWSsystem32EoAExperiences.exe

2021-08-25 06:08 – 2021-08-25 06:08 – 000112128 _____ (Microsoft Corporation) C:WINDOWSsystem32activeds.tlb

2021-08-25 06:08 – 2021-08-25 06:08 – 000097792 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-08-25 06:08 – 2021-08-25 06:08 – 000089088 _____ C:WINDOWSsystem32windows.applicationmodel.conversationalagent.proxystub.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000074240 _____ C:WINDOWSsystem32rdsxvmaudio.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000073216 _____ C:WINDOWSsystem32windows.applicationmodel.conversationalagent.internal.proxystub.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000064552 _____ C:WINDOWSsystem32umpdc.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe

2021-08-25 06:08 – 2021-08-25 06:08 – 000030208 _____ (Microsoft Corporation) C:WINDOWSsystem32msacm32.drv

2021-08-25 06:08 – 2021-08-25 06:08 – 000029696 _____ (The ICU Project) C:WINDOWSsystem32icuuc.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000025088 _____ (The ICU Project) C:WINDOWSsystem32icuin.dll

2021-08-25 06:08 – 2021-08-25 06:08 – 000013312 _____ C:WINDOWSsystem32agentactivationruntimestarter.exe

2021-08-25 06:08 – 2021-08-25 06:08 – 000001370 _____ C:WINDOWSsystem32ThirdPartyNoticesBySHS.txt

2021-08-25 06:02 – 2021-08-25 06:02 – 000000000 ____D C:WINDOWSsystem32hi-IN

2021-08-25 06:01 – 2021-08-25 06:01 – 000000000 ____D C:Program FilesReference Assemblies

2021-08-25 06:01 – 2021-08-25 06:01 – 000000000 ____D C:Program FilesMSBuild

2021-08-25 06:01 – 2021-08-25 06:01 – 000000000 ____D C:Program Files (x86)Reference Assemblies

2021-08-25 06:01 – 2021-08-25 06:01 – 000000000 ____D C:Program Files (x86)MSBuild

2021-08-25 06:00 – 2021-08-25 06:00 – 000000000 ____D C:WINDOWSSysWOW64sda

2021-08-25 06:00 – 2019-10-16 03:23 – 000076060 ____C C:WINDOWSsystem32xpsrchvw.xml

2021-08-25 06:00 – 2019-04-19 08:19 – 000076060 ____C C:WINDOWSSysWOW64xpsrchvw.xml

2021-08-25 05:59 – 2021-08-25 05:21 – 000000000 ____D C:Program FilesElantech

2021-08-25 05:57 – 2021-08-25 05:57 – 000008192 _____ C:WINDOWSsystem32configuserdiff

2021-08-25 05:31 – 2021-08-25 18:38 – 000840598 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-08-25 05:27 – 2021-08-25 05:27 – 000000000 SHDCL C:Documents and Settings

2021-08-25 05:23 – 2021-08-25 05:23 – 000000000 ____D C:ProgramDataRealtek

2021-08-25 05:23 – 2021-08-25 05:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsConexant

2021-08-25 05:23 – 2014-12-10 08:41 – 000423128 _____ (Conexant Systems, Inc.) C:WINDOWSSysWOW64SASrv.exe

2021-08-25 05:23 – 2014-10-21 03:24 – 000207576 _____ (Conexant Systems Inc.) C:WINDOWSsystem32CxAudMsg64.exe

2021-08-25 05:22 – 2021-08-25 18:33 – 000000000 ____D C:ProgramDataNVIDIA

2021-08-25 05:22 – 2021-08-25 05:23 – 000000000 ____D C:Program FilesCONEXANT

2021-08-25 05:22 – 2021-08-25 05:22 – 001701376 _____ (TODO: <Company name>) C:WINDOWSSysWOW64RebootPrompt.exe

2021-08-25 05:22 – 2021-08-25 05:22 – 000000000 ____H C:ProgramDataDP45977C.lfl

2021-08-25 05:22 – 2021-08-25 05:22 – 000000000 ____D C:WINDOWSsystem32lxss

2021-08-25 05:22 – 2021-08-25 05:22 – 000000000 ____D C:WINDOWSsystem32DriversNVIDIA Corporation

2021-08-25 05:22 – 2021-08-25 05:22 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDolby

2021-08-25 05:22 – 2021-08-25 05:22 – 000000000 ____D C:ProgramDataConexant

2021-08-25 05:22 – 2021-08-25 05:22 – 000000000 ____D C:Program FilesDolby Digital Plus

2021-08-25 05:22 – 2021-08-24 19:12 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2021-08-25 05:22 – 2013-12-25 04:01 – 000001724 _____ C:WINDOWSsystem32DriversSamSfPa.dat

2021-08-25 05:21 – 2021-08-25 18:33 – 000000180 _____ C:WINDOWSsystem32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2021-08-25 05:21 – 2021-08-25 18:33 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-08-25 05:21 – 2021-08-25 16:15 – 000002449 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-08-25 05:21 – 2021-08-25 15:56 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-08-25 05:21 – 2021-08-25 15:56 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-08-25 05:21 – 2021-08-25 05:21 – 000000200 _____ C:WINDOWSsystem32{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

2021-08-25 05:21 – 2021-08-25 05:21 – 000000000 ____H C:WINDOWSsystem32DriversMsft_Kernel_ETDSMBus_01011.Wdf

2021-08-25 05:21 – 2021-08-25 05:21 – 000000000 ____D C:Program FilesIntel

2021-08-25 05:21 – 2021-08-25 05:21 – 000000000 _____ C:WINDOWSsystem32GfxValDisplayLog.bin

2021-08-25 05:21 – 2021-08-25 02:35 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-08-25 05:21 – 2021-08-24 23:14 – 000000000 ___DC C:Intel

2021-08-25 05:20 – 2021-08-25 18:33 – 000008192 ___SH C:DumpStack.log.tmp

2021-08-25 05:20 – 2021-08-25 18:24 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-08-25 05:20 – 2021-08-25 05:21 – 000000000 ____D C:WINDOWSServiceProfiles

2021-08-25 05:20 – 2021-08-24 23:13 – 000451584 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-08-25 03:43 – 2021-08-25 03:43 – 000000000 ____D C:UserspalabDocumentsLightshot

2021-08-25 03:42 – 2021-08-25 04:06 – 000000434 _____ C:WINDOWSTasksupdate-sys.job

2021-08-25 03:42 – 2021-08-25 04:06 – 000000434 _____ C:WINDOWSTasksupdate-S-1-5-21-2113477449-3484941277-3011581078-1001.job

2021-08-25 03:42 – 2021-08-25 03:42 – 000003438 _____ C:WINDOWSsystem32Tasksupdate-S-1-5-21-2113477449-3484941277-3011581078-1001

2021-08-25 03:42 – 2021-08-25 03:42 – 000003360 _____ C:WINDOWSsystem32Tasksupdate-sys

2021-08-25 03:42 – 2021-08-25 03:42 – 000000424 _____ C:UserspalabAppDataLocalUserProducts.xml

2021-08-25 03:42 – 2021-08-25 03:42 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsLightshot

2021-08-25 03:42 – 2021-08-25 03:42 – 000000000 ____D C:Program Files (x86)Skillbrains

2021-08-25 03:04 – 2021-08-25 03:04 – 000438702 _____ C:UserspalabDesktopIntroduction to Boot Sector Virus and the Way to Remove It.pdf

2021-08-25 03:00 – 2021-08-25 03:00 – 001974741 _____ C:UserspalabDesktopWhat Is Antivirus and What Does It Do_.pdf

2021-08-25 02:59 – 2021-08-25 02:59 – 001466407 _____ C:UserspalabDesktopHow to Deal With Boot Sector Viruses.pdf

2021-08-25 02:58 – 2021-08-25 02:58 – 000632001 _____ C:UserspalabDesktopWhat is a Boot Sector Virus and how to prevent or remove them_.pdf

2021-08-25 02:55 – 2021-08-25 02:55 – 000194207 _____ C:UserspalabDesktopHow to Identify which Windows Process is Locking a File or Folder – GSX Help Center.pdf

2021-08-25 02:53 – 2021-08-25 02:53 – 000344491 _____ C:UserspalabDesktopBootsector_Rootkit virus cannot be removed with clean install_ – Microsoft Community.html

2021-08-25 02:53 – 2021-08-25 02:53 – 000000000 ____D C:UserspalabDesktopBootsector_Rootkit virus cannot be removed with clean install_ – Microsoft Community_files

2021-08-25 02:43 – 2021-08-25 02:43 – 000210344 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-08-25 02:31 – 2021-08-25 04:20 – 000036208 _____ (Sysinternals – www.sysinternals.com) C:WINDOWSsystem32DriversPROCEXP152.SYS

2021-08-25 02:30 – 2021-08-25 02:30 – 002650810 _____ C:UserspalabDesktopProcessExplorer.zip

2021-08-25 02:30 – 2021-08-25 02:30 – 000000000 ____D C:UserspalabDesktopProcessExplorer

2021-08-25 01:50 – 2021-08-25 01:50 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms7-Zip

2021-08-25 01:50 – 2021-08-25 01:50 – 000000000 ____D C:Program Files7-Zip

2021-08-25 01:29 – 2021-08-25 01:29 – 000000000 ____D C:UserspalabTracing

2021-08-25 01:28 – 2021-08-25 22:59 – 000000000 ____D C:UserspalabAppDataLocalCrashDumps

2021-08-25 01:28 – 2021-08-25 01:28 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype

2021-08-25 01:10 – 2021-08-25 01:10 – 000000000 ____D C:UserspalabDesktopLinkedin_data

2021-08-25 01:09 – 2021-08-25 01:28 – 000000000 ____D C:UserspalabDesktopSelf_Study

2021-08-25 01:09 – 2021-08-25 01:09 – 000000000 ____D C:UserspalabDesktopCoronavirus

2021-08-25 01:09 – 2021-08-17 15:25 – 000005061 _____ C:UserspalabDesktopuseful_wildcard_for_references.txt

2021-08-25 01:09 – 2021-08-13 13:22 – 000131356 _____ C:UserspalabDesktopSecurity_Consultant_27_July_2021.pdf

2021-08-25 01:09 – 2021-07-26 16:40 – 000127696 _____ C:UserspalabDesktopSecurity_Consultant_12_June_2021.pdf

2021-08-25 01:09 – 2020-12-20 20:56 – 000141276 _____ C:UserspalabDesktopSecurity_Consultant_15_Dec_2020.pdf

2021-08-25 01:03 – 2021-08-25 01:03 – 000001739 _____ C:UserspalabDocumentsWhere are my files.lnk

2021-08-25 00:06 – 2021-08-25 00:53 – 000000000 ____D C:UsersAdministrator

2021-08-25 00:06 – 2021-08-25 00:52 – 000346128 _____ C:WINDOWSntbtlog.txt

2021-08-25 00:06 – 2021-08-25 00:06 – 000000020 ___SH C:UsersAdministratorntuser.ini

2021-08-25 00:06 – 2021-08-24 17:46 – 000000000 ___RD C:UsersAdministratorOneDrive

2021-08-24 20:02 – 2021-08-25 16:32 – 000000000 ____D C:UserspalabAppDataRoamingKeePass

2021-08-24 19:52 – 2020-01-03 17:28 – 000010978 _____ C:UserspalabDownloadsR10_LogsReview_Template_Final.xlsx

2021-08-24 18:52 – 2021-08-24 18:52 – 000000000 ____D C:UserspalabAppDataLocalLowTemp

2021-08-24 18:38 – 2021-08-24 18:38 – 000068936 _____ (Oracle Corporation) C:WINDOWSsystem32WindowsAccessBridge-64.dll

2021-08-24 18:38 – 2021-08-24 18:38 – 000000000 ____D C:UserspalabAppDataLocalLowOracle

2021-08-24 18:38 – 2021-08-24 18:38 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava Development Kit

2021-08-24 18:38 – 2021-08-24 18:38 – 000000000 ____D C:Program FilesJava

2021-08-24 18:38 – 2021-08-24 18:38 – 000000000 ____D C:Program FilesCommon FilesOracle

2021-08-24 18:35 – 2021-08-24 18:35 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-08-24 18:32 – 2021-08-24 18:34 – 000000000 ____D C:WINDOWSsystem32MRT

2021-08-24 18:29 – 2021-08-24 18:29 – 000000017 _____ C:UserspalabAppDataLocalresmon.resmoncfg

2021-08-24 18:24 – 2021-08-24 18:24 – 000000974 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsKeePass 2.lnk

2021-08-24 18:24 – 2021-08-24 18:24 – 000000000 ____D C:Program FilesKeePass Password Safe 2

2021-08-24 18:11 – 2021-08-25 18:33 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-08-24 18:11 – 2021-08-24 18:11 – 000002044 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-08-24 18:11 – 2021-08-24 18:11 – 000000000 ____D C:UserspalabAppDataLocalmbam

2021-08-24 18:11 – 2021-08-24 18:11 – 000000000 ____D C:ProgramDataMalwarebytes

2021-08-24 18:11 – 2021-08-24 18:10 – 000160176 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2021-08-24 18:11 – 2021-08-24 18:10 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

2021-08-24 18:10 – 2021-08-24 18:10 – 000000000 ____D C:Program FilesMalwarebytes

2021-08-24 18:09 – 2021-08-24 19:33 – 000000000 ____D C:UserspalabAppDataRoamingNotepad++

2021-08-24 18:09 – 2021-08-24 18:09 – 000000888 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsNotepad++.lnk

2021-08-24 18:09 – 2021-08-24 18:09 – 000000000 ____D C:Program FilesNotepad++

2021-08-24 17:51 – 2021-08-24 17:51 – 000002379 _____ C:UserspalabAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams.lnk

2021-08-24 17:51 – 2021-08-24 17:51 – 000000000 ____D C:UserspalabAppDataRoamingTeams

2021-08-24 17:51 – 2021-08-24 17:51 – 000000000 ____D C:UserspalabAppDataLocalSquirrelTemp

2021-08-24 17:50 – 2021-08-24 17:50 – 000302906 _____ C:UserspalabDownloadsQA_SLA_Report_20210824.csv

2021-08-24 17:46 – 2021-08-24 23:49 – 000000000 ____D C:Program Files (x86)Microsoft OneDrive

2021-08-24 17:46 – 2021-08-24 23:43 – 000003206 _____ C:WINDOWSsystem32TasksOneDrive Per-Machine Standalone Update Task

2021-08-24 17:46 – 2021-08-24 23:43 – 000002185 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-08-24 17:46 – 2021-08-24 17:46 – 000000000 ___RD C:UsersDefaultOneDrive

2021-08-24 17:46 – 2021-08-24 17:46 – 000000000 ____D C:Program Files (x86)Teams Installer

2021-08-24 17:45 – 2021-08-24 17:45 – 000000000 ____D C:Program FilesCommon FilesDESIGNER

2021-08-24 17:44 – 2021-08-24 17:44 – 000002467 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype for Business.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000002462 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsWord.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000002461 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPowerPoint.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000002425 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAccess.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000002424 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsExcel.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000002418 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOutlook.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000002412 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPublisher.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000002404 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneNote.lnk

2021-08-24 17:44 – 2021-08-24 17:44 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office Tools

2021-08-24 17:39 – 2021-08-24 17:44 – 000000000 ____D C:Program FilesMicrosoft Office

2021-08-24 17:39 – 2021-08-24 17:39 – 000000000 ____D C:Program FilesMicrosoft Office 15

2021-08-24 17:34 – 2021-08-24 17:34 – 000000000 ____D C:UserspalabAppDataLocalComms

2021-08-24 17:28 – 2021-08-24 17:28 – 000000000 ____D C:UserspalabAppDataLocalOneDrive

2021-08-24 17:27 – 2021-08-24 17:27 – 000000000 ____H C:WINDOWSsystem32DriversMsft_User_WpdFs_01_11_00.Wdf

2021-08-24 17:25 – 2021-08-25 23:30 – 000000000 ____D C:Program Files (x86)Google

2021-08-24 17:25 – 2021-08-24 17:25 – 000003420 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA

2021-08-24 17:25 – 2021-08-24 17:25 – 000003296 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore

2021-08-24 17:25 – 2021-08-24 17:25 – 000002334 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-08-24 17:25 – 2021-08-24 17:25 – 000000000 ____D C:Program FilesGoogle

2021-08-24 17:24 – 2021-08-24 23:53 – 000000000 ____D C:UserspalabAppDataLocalGoogle

2021-08-24 17:19 – 2021-08-25 04:07 – 000000000 ___RD C:UserspalabOneDrive

2021-08-24 17:19 – 2021-08-24 17:35 – 000000000 ____D C:UserspalabAppDataLocalPlaceholderTileLogoFolder

2021-08-24 17:19 – 2021-08-24 17:19 – 000000000 ___DC C:OneDriveTemp

2021-08-24 17:19 – 2021-08-24 17:19 – 000000000 ____D C:UserspalabAppDataLocalNVIDIA

2021-08-24 17:18 – 2021-08-24 17:18 – 000000000 ____D C:ProgramDataMicrosoft OneDrive

2021-08-24 17:17 – 2021-08-25 22:09 – 000000000 ____D C:UserspalabAppDataLocalPackages

2021-08-24 17:17 – 2021-08-25 00:54 – 000000000 __RHD C:UsersPublicAccountPictures

2021-08-24 17:17 – 2021-08-24 23:14 – 000000000 ____D C:UserspalabAppDataLocalConnectedDevicesPlatform

2021-08-24 17:17 – 2021-08-24 17:48 – 000000000 ____D C:UserspalabAppDataLocalD3DSCache

2021-08-24 17:17 – 2021-08-24 17:34 – 000000000 ____D C:ProgramDataPackages

2021-08-24 17:17 – 2021-08-24 17:17 – 000000000 __SHD C:UserspalabIntelGraphicsProfiles

2021-08-24 17:17 – 2021-08-24 17:17 – 000000000 ___RD C:Userspalab3D Objects

2021-08-24 17:17 – 2021-08-24 17:17 – 000000000 ____D C:UserspalabAppDataRoamingAdobe

2021-08-24 17:17 – 2021-08-24 17:17 – 000000000 ____D C:UserspalabAppDataLocalVirtualStore

2021-08-24 17:17 – 2021-08-24 17:17 – 000000000 ____D C:UserspalabAppDataLocalPublishers

2021-08-24 17:13 – 2021-08-25 01:29 – 000000000 ____D C:Userspalab

2021-08-24 17:13 – 2021-08-24 17:13 – 000000020 ___SH C:Userspalabntuser.ini

2021-08-24 15:58 – 2021-08-25 06:17 – 000000000 ___DC C:$SysReset

2021-08-17 16:51 – 2016-07-19 05:19 – 005166872 _____ (Realtek semiconductor) C:WINDOWSRTFTrack.exe

2021-08-17 16:51 – 2016-07-19 05:19 – 003127576 _____ (Realtek Semiconductor Corp.) C:WINDOWSsystem32Driversrtsuvc.sys

2021-08-17 16:51 – 2016-07-19 05:19 – 001989400 _____ (Realtek Semiconductor Corp.) C:WINDOWSSysWOW64RsDecode.dll

2021-08-17 16:51 – 2016-07-19 05:19 – 000598808 _____ (Realtek Semiconductor Corp.) C:WINDOWSsystem32RtCamP64.dll

2021-08-17 16:51 – 2016-07-19 05:19 – 000533272 _____ (Realtek Semiconductor Corp.) C:WINDOWSSysWOW64RtCamP.dll

2021-08-17 16:51 – 2016-07-19 05:19 – 000064784 _____ (Realtek Semiconductor Corp.) C:WINDOWSsystem32RtCamO64.dll

2021-08-17 16:51 – 2016-07-19 05:07 – 001157563 _____ C:WINDOWSFTDataP.xml

2021-08-17 16:51 – 2016-07-19 05:07 – 000946032 _____ C:WINDOWSFTData.xml

2021-08-17 16:51 – 2016-07-19 05:07 – 000817241 _____ C:WINDOWSFTDataR1.xml

2021-08-17 16:51 – 2016-07-19 05:07 – 000817191 _____ C:WINDOWSFTDataR0.xml

2021-08-10 20:32 – 2021-08-06 02:42 – 000067464 _____ (NVIDIA Corporation) C:WINDOWSsystem32Driversnvvhci.sys

2021-08-10 20:28 – 2021-08-06 14:12 – 000645248 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvml.dll

2021-08-10 20:28 – 2021-08-06 14:10 – 005680768 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll

2021-08-10 20:27 – 2021-08-06 14:15 – 001858680 _____ C:WINDOWSsystem32vulkaninfo-1-999-0-0-0.exe

2021-08-10 20:27 – 2021-08-06 14:15 – 001858680 _____ C:WINDOWSsystem32vulkaninfo.exe

2021-08-10 20:27 – 2021-08-06 14:15 – 001474672 _____ (Khronos Group) C:WINDOWSsystem32OpenCL.dll

2021-08-10 20:27 – 2021-08-06 14:15 – 001438840 _____ C:WINDOWSSysWOW64vulkaninfo-1-999-0-0-0.exe

2021-08-10 20:27 – 2021-08-06 14:15 – 001438840 _____ C:WINDOWSSysWOW64vulkaninfo.exe

2021-08-10 20:27 – 2021-08-06 14:15 – 001212536 _____ (Khronos Group) C:WINDOWSSysWOW64OpenCL.dll

2021-08-10 20:27 – 2021-08-06 14:15 – 001097832 _____ C:WINDOWSsystem32vulkan-1-999-0-0-0.dll

2021-08-10 20:27 – 2021-08-06 14:15 – 001097832 _____ C:WINDOWSsystem32vulkan-1.dll

2021-08-10 20:27 – 2021-08-06 14:15 – 000951928 _____ C:WINDOWSSysWOW64vulkan-1-999-0-0-0.dll

2021-08-10 20:27 – 2021-08-06 14:15 – 000951928 _____ C:WINDOWSSysWOW64vulkan-1.dll

2021-08-10 20:27 – 2021-08-06 14:12 – 000716928 _____ C:WINDOWSsystem32nvofapi64.dll

2021-08-10 20:27 – 2021-08-06 14:12 – 000577152 _____ C:WINDOWSSysWOW64nvofapi.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 002112144 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 001595536 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 001520760 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 001171088 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 000919184 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 000750200 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 000706168 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvidia-smi.exe

2021-08-10 20:27 – 2021-08-06 14:11 – 000676480 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFROpenGL.dll

2021-08-10 20:27 – 2021-08-06 14:11 – 000564352 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFROpenGL.dll

2021-08-10 20:27 – 2021-08-06 14:10 – 008854136 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll

2021-08-10 20:27 – 2021-08-06 14:10 – 007920760 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll

2021-08-10 20:27 – 2021-08-06 14:10 – 004987512 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll

2021-08-10 20:27 – 2021-08-06 14:10 – 002925688 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll

2021-08-10 20:27 – 2021-08-06 14:10 – 000447096 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdebugdump.exe

2021-08-10 20:27 – 2021-08-06 14:09 – 000849024 _____ (NVIDIA Corporation) C:WINDOWSsystem32MCU.exe

2021-08-10 20:27 – 2021-08-06 14:08 – 007280848 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll

2021-08-10 20:27 – 2021-08-06 14:08 – 006215808 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll

2021-08-10 20:27 – 2021-08-06 02:42 – 000083062 _____ C:WINDOWSsystem32nvinfo.pb

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-08-25 23:31 – 2019-12-07 14:33 – 000000000 ____D C:WINDOWSservicing

2021-08-25 23:31 – 2019-12-07 14:33 – 000000000 ____D C:WINDOWSCbsTemp

2021-08-25 23:01 – 2019-12-07 14:44 – 000000562 _____ C:WINDOWSwin.ini

2021-08-25 22:18 – 2019-12-07 14:44 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-08-25 18:38 – 2019-12-07 14:43 – 000000000 ____D C:WINDOWSINF

2021-08-25 18:32 – 2019-12-07 14:33 – 000524288 _____ C:WINDOWSsystem32configBBI

2021-08-25 16:15 – 2019-12-07 14:44 – 000000000 ___HD C:Program FilesWindowsApps

2021-08-25 16:15 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSAppReadiness

2021-08-25 06:15 – 2019-12-07 14:44 – 000028672 _____ C:WINDOWSsystem32configBCD-Template

2021-08-25 06:14 – 2019-12-07 15:22 – 000000000 ____D C:Program FilesWindows Photo Viewer

2021-08-25 06:14 – 2019-12-07 15:22 – 000000000 ____D C:Program Files (x86)Windows Photo Viewer

2021-08-25 06:14 – 2019-12-07 15:20 – 000000000 ____D C:WINDOWSsystem32OpenSSH

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ___SD C:WINDOWSSysWOW64F12

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ___SD C:WINDOWSSysWOW64DiagSvcs

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ___SD C:WINDOWSsystem32UNP

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ___SD C:WINDOWSsystem32F12

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64setup

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64PerceptionSimulation

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64migwiz

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64lv-LV

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64lt-LT

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64Keywords

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64et-EE

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64es-MX

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64Com

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSysWOW64AdvancedInstallers

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSSystemResources

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32WinMetadata

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32SystemResetPlatform

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32Sysprep

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32ShellExperiences

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32setup

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32PerceptionSimulation

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32oobe

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32migwiz

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32lv-LV

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32lt-LT

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32Keywords

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32et-EE

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32es-MX

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32Dism

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32Com

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32appraiser

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32AdvancedInstallers

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSShellExperiences

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSShellComponents

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSProvisioning

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSIME

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSDiagTrack

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSbcastdvr

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:Program FilesCommon FilesSystem

2021-08-25 06:14 – 2019-12-07 14:44 – 000000000 ____D C:Program Files (x86)Windows Defender

2021-08-25 06:13 – 2019-12-07 15:22 – 000023552 _____ (Microsoft Corporation) C:WINDOWSsystem32OEMDefaultAssociations.dll

2021-08-25 06:13 – 2019-12-07 15:22 – 000020908 _____ C:WINDOWSsystem32OEMDefaultAssociations.xml

2021-08-25 06:02 – 2019-12-07 15:21 – 000000000 ____D C:WINDOWSOCR

2021-08-25 05:40 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32WinBioDatabase

2021-08-25 05:29 – 2019-12-07 15:20 – 000000000 ____D C:WINDOWSsystem32FxsTmp

2021-08-25 05:29 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSsystem32spool

2021-08-25 05:21 – 2019-12-07 14:33 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-08-25 03:05 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSappcompat

2021-08-25 02:35 – 2019-12-07 14:44 – 000000000 ____D C:Program FilesWindows Defender

2021-08-25 00:54 – 2019-12-07 14:44 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-08-24 18:11 – 2019-12-07 14:44 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-08-24 17:45 – 2019-12-07 14:44 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-08-24 17:34 – 2019-12-07 14:44 – 000000000 ____D C:WINDOWSServiceState

2021-08-24 17:33 – 2019-12-07 14:44 – 000000000 ___RD C:WINDOWSPrintDialog

2021-08-24 17:12 – 2019-12-07 14:44 – 000000000 ____D C:ProgramDataUSOPrivate

 

==================== Files in the root of some directories ========

 

2021-08-24 18:29 – 2021-08-24 18:29 – 000000017 _____ () C:UserspalabAppDataLocalresmon.resmoncfg

2021-08-25 03:42 – 2021-08-25 03:42 – 000000003 _____ () C:UserspalabAppDataLocalupdater.log

2021-08-25 03:42 – 2021-08-25 03:42 – 000000424 _____ () C:UserspalabAppDataLocalUserProducts.xml

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================


https://www.bleepingcomputer.com/forums/t/757305/cloning-virus-attack-please-help/

Erlando F Rasatro

Next Post

Here's what's changed and improved in Windows 11 build 22557 as well as known issues

Fri Feb 18 , 2022
Steven Parker CEO – Neowin.net Neowin @aSteveParker · Feb 16, 2022 13:54 EST As you may have already seen, Microsoft has just released Windows 11 build 22557 to Windows Insiders in the Dev Channel after which those same Insiders had a two week break from testing the latest and greatest, […]