Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

StartupCheckLibrary.dll is missing


  • Please log in to reply

#1
XmutanoX

XmutanoX

    New Member

  • Member
  • Pip
  • 6 posts

I've been having this message pop-up every time I start the system, have no clue if it's some leftover from a malware or anything, also when I FRST it came up with some ATTENTION tags for some registry entries, should I be worried?

post-428652-0-29293300-1555697370.png

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by Duplat (administrator) on DESKTOP-O5SD2IS (Gigabyte Technology Co., Ltd. AB350-Gaming 3) (09-10-2019 01:42:46)
Running from C:\Users\Duplat\Desktop
Loaded Profiles: Duplat (Available Profiles: Duplat)
Platform: Windows 10 Pro Version 1809 17763.737 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.x64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.301\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.301\GoogleCrashHandler64.exe
(Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Martin Malik - REALiX -> REALiX) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RtkAudUService] => "C:\WINDOWS\System32\RtkAudUService64.exe" -background
HKLM\...\Run: [Screen+] => C:\Program Files\Screen+\ScreenLM64.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9267656 2018-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-11-03] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5007408 2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-09-11] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [6113328 2019-08-21] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Run: [NoxDaemon] => C:\Users\Duplat\AppData\Roaming\NoxSrv\NoxSrv.exe [115712 2019-06-23] () [File not signed]
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\MountPoints2: {2f41768c-fc40-11e8-9567-1c1b0de53af9} - "F:\Setup.exe"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\MountPoints2: {a2a55c41-df1a-11e8-bf1e-806e6f6e6963} - "F:\Setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\77.0.69.132\Installer\chrmstp.exe [2019-10-03] (Brave Software, Inc.) [File not signed]
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
Startup: C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2018-11-03]
ShortcutTarget: AudioSwitch.lnk -> C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe () [File not signed]
Startup: C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-05-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Duplat\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-04-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EE4A41C-DA51-487F-81EB-BCAD3C67FC6A} - System32\Tasks\GIGABYTE OC GURU => C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
Task: {127AF4B7-5E62-4FBD-9C9C-77E81BA81D52} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [770344 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {217E3C54-166E-4C4D-AA94-B18EB4EB5151} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-18] (Adobe Inc. -> Adobe)
Task: {2B162AC9-E078-4FA0-884C-B39696ADBBD1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-19] (Adobe Inc. -> Adobe)
Task: {2E4F4314-9FC6-4638-A8B7-A86011B8A99B} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {3333BBBF-FBF2-488E-AABB-F2BCA0161B51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {38A0C235-691E-4473-A72D-5D42A68E4E4B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [103472 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {406E1DEE-87CF-4516-81D6-D701D4F58A9D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {42EB9377-B525-4264-8F46-9394627B5C37} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE [4447264 2019-09-25] (Martin Malik - REALiX -> REALiX)
Task: {479F5831-1144-423D-A697-DED82BFF7421} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26045560 2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {547B60F9-A75A-4C03-AAA9-963F0594C065} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5814EA04-05E4-45FE-B3A6-909BE63AA842} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-02] (Google Inc -> Google Inc.)
Task: {6843A9C7-3360-4A12-B36B-FA8E0C000BF4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26045560 2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {88C01602-4775-4E66-A1E1-B140CC394B85} - System32\Tasks\Opera scheduled Autoupdate 1547765085 => C:\Users\Duplat\AppData\Local\Programs\Opera\launcher.exe [1520152 2019-10-04] (Opera Software AS -> Opera Software)
Task: {9A82BA2C-86C3-4B19-9745-EC3A150EB840} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-02] (Google Inc -> Google Inc.)
Task: {A4F5CC86-E2A8-4520-9F9A-0AC3C17325AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1403552 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA0670E2-13C6-4D84-BB16-0D685DFBF209} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [665848 2019-06-27] (Advanced Micro Devices INC. -> )
Task: {AAD7BB24-2C05-4929-822F-67AD9BB3A865} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C06E690B-EFA8-491B-95D5-8D287FAF1428} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C1AB7A03-F336-43B7-ABC9-26A8A563170F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {CC33F01E-1AC6-4906-ACA2-EE861428504C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {D0372E85-E6FC-4BE6-9C21-BCB8387E9D76} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-19] (Adobe Inc. -> Adobe)
Task: {D83EEC76-F27C-44E4-AFBD-981047C3E72B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4404384 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC355283-9CCB-4FF9-BDEA-0AC895427C64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E0047307-FC44-44C7-BC3D-5D73AC6485B2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1403552 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8290738-A348-41C7-ABED-2BEEC483702B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [103472 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9ED7EA2-A92A-4CEC-8C3F-CBCC5F118F22} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [758872 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4DC44FB-39F3-4E6D-AFC2-30193EFE8943} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4404384 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE38D026-95A0-4757-8D13-9A613A762F1A} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5984fe02-fac2-4287-93e1-d0498fe68b4b}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{5984fe02-fac2-4287-93e1-d0498fe68b4b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8a6cc755-5246-47af-8b80-4c257bc5341e}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Duplat\Desktop
Edge Session Restore: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001 -> is enabled.
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-12-10]
Edge Extension: (Night Eye - Dark mode on any website) -> EdgeExtension_43069RAZORdeveloperNightEye_c9kkezg6y739m => C:\Program Files\WindowsApps\43069RAZORdeveloper.NightEye_1.9.4.0_neutral__c9kkezg6y739m [2018-12-10]

FireFox:
========
FF DefaultProfile: dfwia8uo.default
FF ProfilePath: C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\dfwia8uo.default [2019-06-22]
FF ProfilePath: C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671 [2019-10-09]
FF Session Restore: Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671 -> is enabled.
FF Extension: (Dark Reader) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-09-18]
FF Extension: (Better TweetDeck) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-09-22]
FF Extension: (Checker Plus for Gmail) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-07-19]
FF Extension: (BetterTTV) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-10-04]
FF Extension: (Panel View for Google™ Translate) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-07-21]
FF Extension: (Méliuz) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-07-26]
FF Extension: (uBlock Origin) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-09-27]
FF Extension: (A Light in Space by MaDonna) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\{6e68ac2f-4352-427d-ae23-bf7a2b854aed}.xpi [2019-07-19]
FF Extension: (Stylus) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2019-09-18]
FF Extension: (Dark Fox) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\{e7fe4ffe-f256-4f85-906d-072fdd698585}.xpi [2019-07-19]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-18] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-18] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.301\npGoogleUpdate3.dll [2019-10-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.301\npGoogleUpdate3.dll [2019-10-09] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com.br/
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default [2019-09-30]
CHR Extension: (Slides) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-02]
CHR Extension: (BetterTTV) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-09-30]
CHR Extension: (Docs) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-02]
CHR Extension: (Google Drive) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-02]
CHR Extension: (MEGA) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-09-30]
CHR Extension: (YouTube) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-02]
CHR Extension: (uBlock Origin) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-09-30]
CHR Extension: (Stylus) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2019-09-30]
CHR Extension: (Dark Vibe) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2018-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-05]
CHR Extension: (Dark Reader) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-09-30]
CHR Extension: (Silver Bird) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2018-11-02]
CHR Extension: (Sheets) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-02]
CHR Extension: (The Great Suspender) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2019-09-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-02]
CHR Extension: (Gmail) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-05]
CHR Extension: (Chrome Media Router) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-30]
CHR HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR DownloadDir: C:\Users\Duplat\Desktop
OPR Extension: (BetterTTV) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-06-19]
OPR Extension: (Dark Reader) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-07-18]
OPR Extension: (Stylus) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2019-01-17]
OPR Extension: (Install Chrome Extensions) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-01-17]
OPR Extension: (BetterTweetDeck) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\micblkellenpbfapmcpcfhcoeohhnpob [2019-07-18]
OPR Extension: (Checker Plus for Gmail™) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2019-06-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 ArcService; D:\Program Files (x86)\Arc\ArcService.exe [123000 2019-03-05] (Perfect World Entertainment Inc. -> Perfect World Entertainment Inc)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-06-09] (BattlEye Innovations e.K. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11153512 2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [52776 2019-09-11] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-06-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-13] (GOG Sp. z o.o. -> GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-13] (GOG Sp. z o.o. -> GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [309664 2019-07-16] (Locktime Software s.r.o. -> Locktime Software)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2347824 2019-09-04] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3222320 2019-09-04] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2019-07-09] (Even Balance, Inc. -> )
S3 Rockstar Service; D:\Program Files\Rockstar Games\Launcher\RockstarService.exe [471696 2019-09-18] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5357360 2019-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-09-26] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24528 2019-04-18] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [32760 2019-05-29] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [138544 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriverV13; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [71152 2018-11-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [20472 2019-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45968 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21904 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz148; C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [44648 2019-10-09] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ei2c; C:\WINDOWS\system32\drivers\ei2c.sys [20784 2019-07-16] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
U5 GCSYS; C:\Users\Duplat\AppData\Local\Programs\gamers-club-anti-cheat\resources\GCSYS64.sys [2675624 2019-09-11] (Gamers Club (Gamers Club Ltda) -> )
S3 gdrv; C:\WINDOWS\gdrv.sys [26792 2019-02-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 gdrv2; C:\WINDOWS\gdrv2.sys [32600 2019-07-13] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 GLCKIO2; C:\Program Files (x86)\GIGABYTE\RGBFusion\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [67152 2019-09-25] (Martin Malik - REALiX -> REALiX™)
R2 mi2c; C:\WINDOWS\system32\drivers\mi2c.sys [20784 2019-07-16] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [178944 2019-07-15] (Locktime Software s.r.o. -> Locktime Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830a0263f2ee97ce\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 SSGDIO; C:\WINDOWS\SysWOW64\DRIVERS\ssgdio64.sys [14608 2019-09-30] (ATI Technologies, Inc -> ATI Technologies Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-09-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-09-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-09-26] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Gigabyte\RGBFusion\MODAPI.sys [14544 2019-10-05] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-09-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-06-23] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
S3 leizhveytvn; \??\C:\WINDOWS\system32\leizhveytvn.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-09 01:42 - 2019-10-09 01:45 - 000040725 _____ C:\Users\Duplat\Desktop\FRST.txt
2019-10-09 01:42 - 2019-10-09 01:44 - 000000000 ____D C:\FRST
2019-10-09 01:41 - 2019-10-09 01:41 - 001615872 _____ (Farbar) C:\Users\Duplat\Desktop\FRST64.exe
2019-10-08 03:38 - 2019-10-08 03:38 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Bungie
2019-10-07 21:01 - 2019-10-07 21:01 - 000000000 ____D C:\Users\Duplat\Documents\4A Games
2019-10-07 20:51 - 2019-10-07 20:51 - 000000000 ____D C:\Users\Duplat\AppData\Local\4A Games
2019-10-05 19:07 - 2019-10-05 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-10-05 19:07 - 2019-10-05 19:07 - 000000000 ____D C:\Program Files\qBittorrent
2019-10-05 06:29 - 2019-10-05 06:29 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Misfortune
2019-10-05 01:30 - 2019-07-17 04:37 - 000010148 _____ C:\Users\Duplat\Desktop\CalibratedDisplayProfile-6.icc
2019-10-03 18:42 - 2019-10-04 05:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-03 05:07 - 2019-10-03 05:07 - 002587896 _____ C:\Users\Duplat\Desktop\CSGO F2P FPS Pack by Panj.zip
2019-10-03 05:07 - 2019-10-03 05:07 - 000000000 ____D C:\Users\Duplat\Desktop\New folder
2019-10-03 02:25 - 2019-10-03 05:30 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\gamers-club-anti-cheat
2019-10-03 02:25 - 2019-10-03 02:25 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Gamers Club Anti-Cheat
2019-10-03 02:24 - 2019-10-03 02:24 - 000002570 _____ C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers Club Anti-Cheat.lnk
2019-10-03 02:24 - 2019-10-03 02:24 - 000000000 ____D C:\Users\Duplat\AppData\Local\gamers-club-anti-cheat-updater
2019-10-02 07:10 - 2019-10-02 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2019-10-02 07:09 - 2019-10-02 07:09 - 000000000 ____D C:\Program Files (x86)\Corsair
2019-09-30 22:34 - 2019-09-30 22:34 - 000000000 ____D C:\Users\Duplat\AppData\Local\1usmus
2019-09-30 22:27 - 2019-09-30 22:27 - 000014608 _____ (ATI Technologies Inc.) C:\WINDOWS\SysWOW64\Drivers\ssgdio64.sys
2019-09-30 18:33 - 2019-09-30 18:33 - 000418616 _____ C:\Users\Duplat\Desktop\Laudo_200266220_8feb9f87-2ec9-45ce-a1ef-0d1776a34b3e.pdf
2019-09-30 02:09 - 2019-09-30 08:20 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\FileZilla
2019-09-30 02:09 - 2019-09-30 02:37 - 000000000 ____D C:\Users\Duplat\AppData\Local\FileZilla
2019-09-30 02:09 - 2019-09-30 02:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-09-30 02:09 - 2019-09-30 02:09 - 007976792 _____ (Tim Kosse) C:\Users\Duplat\Downloads\FileZilla_3.45.1_win64-setup.exe
2019-09-29 19:56 - 2019-06-08 18:40 - 003441044 _____ C:\Users\Duplat\Desktop\improved-initiative.json
2019-09-29 19:56 - 2019-02-17 20:05 - 003563511 _____ C:\Users\Duplat\Desktop\improved-initiative (1).json
2019-09-29 19:55 - 2019-10-04 19:34 - 000000000 ____D C:\Users\Duplat\Desktop\BIOS updates
2019-09-27 02:52 - 2019-09-27 02:52 - 165617184 _____ (TunnelBear) C:\Users\Duplat\Desktop\TunnelBear-Installer.exe
2019-09-25 21:23 - 2019-09-25 21:23 - 000000773 _____ C:\Users\Duplat\Desktop\PUBG LITE.lnk
2019-09-25 21:23 - 2019-09-25 21:23 - 000000773 _____ C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PUBG LITE.lnk
2019-09-25 19:28 - 2019-09-25 19:28 - 000000000 ____D C:\Users\Duplat\AppData\Local\NVIDIA
2019-09-25 13:00 - 2019-08-01 10:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-09-24 22:06 - 2018-01-24 17:35 - 003509168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2019-09-24 22:06 - 2018-01-24 17:35 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2019-09-24 22:06 - 2018-01-24 17:35 - 000192944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000691648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000453240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000157304 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000139720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000090136 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 003677128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2019-09-24 22:06 - 2018-01-24 17:33 - 003205576 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 001780584 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 001591024 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000727400 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000708280 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000504272 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000445368 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000253832 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 072520680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2019-09-24 22:06 - 2018-01-24 17:32 - 007178432 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 002922952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 001508896 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000743928 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000441232 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000253864 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000252840 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2019-09-24 22:06 - 2018-01-24 12:59 - 015726401 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-09-24 22:05 - 2018-01-24 17:32 - 001971336 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2019-09-24 22:05 - 2018-01-24 17:32 - 000332976 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2019-09-24 22:05 - 2018-01-24 17:32 - 000278240 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2019-09-24 22:05 - 2018-01-24 17:31 - 007101712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2019-09-24 22:05 - 2018-01-24 17:31 - 000118552 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2019-09-24 22:05 - 2018-01-24 17:31 - 000105272 _____ C:\WINDOWS\system32\audioLibVc.dll
2019-09-24 22:00 - 2019-09-24 22:00 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-09-23 02:19 - 2019-09-05 18:19 - 001683032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-09-23 02:19 - 2019-09-05 18:19 - 000228792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-09-23 02:19 - 2019-09-05 18:19 - 000047272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 001012432 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 001012432 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000876240 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000876240 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000447368 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000351944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000301264 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-09-23 02:18 - 2019-09-06 15:29 - 000301264 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-09-23 02:18 - 2019-09-06 15:29 - 000273104 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-09-23 02:18 - 2019-09-06 15:29 - 000273104 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-09-23 02:18 - 2019-09-06 15:28 - 011562376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-09-23 02:18 - 2019-09-06 15:28 - 009937104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 002051008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001550080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001477512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001247432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001140616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000959424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000823552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000812800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000676096 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000658880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000632768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000544648 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000524168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 040444856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 035334536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 017300360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 014921096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 005358472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 004696968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 001726400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443630.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 001491336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443630.dll
2019-09-22 22:05 - 2019-09-22 22:05 - 000000000 ____D C:\Users\Duplat\Documents\Call of Duty Modern Warfare
2019-09-21 13:54 - 2019-09-21 13:54 - 000000000 ____D C:\Users\Duplat\AppData\Local\Rockstar Games
2019-09-21 13:37 - 2019-09-21 13:37 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2019-09-21 13:36 - 2019-09-21 13:36 - 000000000 ____D C:\ProgramData\Rockstar Games
2019-09-20 23:02 - 2019-09-20 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-09-19 22:06 - 2019-09-19 19:57 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-09-19 22:06 - 2019-09-19 19:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-19 19:47 - 2019-09-19 19:47 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 023453696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 020817408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 019011584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 012939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 012244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 011724288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 009941504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 008903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 007871488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 006065664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 005597808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 004874752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 004344832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 003614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002279296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002177336 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002099752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-09-19 19:47 - 2019-09-19 19:47 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-09-19 19:47 - 2019-09-19 19:47 - 001782272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001764352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001604760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001465472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001297120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001075832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000806024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-09-19 19:47 - 2019-09-19 19:47 - 000793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000763392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000660544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000409256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000349144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000317240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-09-19 19:47 - 2019-09-19 19:47 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-09-19 19:47 - 2019-09-19 19:47 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000195224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-09-19 19:47 - 2019-09-19 19:47 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000173216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-09-19 19:47 - 2019-09-19 19:47 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000144080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imm32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000140088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000106048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000098080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Display.BrightnessOverride.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000092832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-09-19 19:47 - 2019-09-19 19:47 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-09-19 19:47 - 2019-09-19 19:47 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shunimpl.dll
2019-09-19 19:46 - 2019-09-19 19:47 - 003096576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 022124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 009679672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 006444544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 006310064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 005569024 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 004737536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 003978240 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 003821728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 003634688 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 003333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 003082752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002924344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 002842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002779488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002700784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002438576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002073240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001966096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001899152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001864192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001733120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001721360 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001702096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-09-19 19:46 - 2019-09-19 19:46 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001655976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001573240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001563880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001484592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001479184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001477432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 001466880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-09-19 19:46 - 2019-09-19 19:46 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001278808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 001272560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdrecordcpu.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001267712 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001256960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001222160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 001180248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001081656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000968192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000888120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000811024 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000807760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000782968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000774968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000740904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000736056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000678680 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000652832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000622392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000606088 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000591160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000585184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000554000 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000540240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000535056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000515960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000515440 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000435712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000398928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingDiagSpp.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingDiagSpp.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000330672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000279416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000272648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdwriter.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000262336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000177176 _____ (Microsoft Corporation) C:\WINDOWS\system32\imm32.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000168248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000152080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000130872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000120344 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000114128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsiCx.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2019-09-19 19:45 - 2019-09-19 19:46 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 007690648 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 005573232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 004353016 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 003333984 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002767160 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002593032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002415416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002199864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002148864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002022096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001720120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001662264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001522704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001397048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001387512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001294280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001260560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 001205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001191512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001183744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001054952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001022824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001020416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000865576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000864568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000831288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000806568 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-09-19 19:45 - 2019-09-19 19:45 - 000806568 _____ C:\WINDOWS\system32\locale.nls
2019-09-19 19:45 - 2019-09-19 19:45 - 000799784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000793824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000774192 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000751928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000741392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000732168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000675096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000652600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000649528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000603784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000532192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000520208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000508968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000505128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000449576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000405304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000402368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000396088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000375752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000347576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000330592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000310072 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000294728 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000278624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000253256 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000248120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpprov.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureTimeAggregator.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000200504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000193040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000189712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000164504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000141736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000140600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000125016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000118480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmem.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-09-19 19:45 - 2019-09-19 19:45 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiskSnapshot.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000090632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000087056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000032784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000032568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsiAcpiClient.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-09-19 19:45 - 2019-09-19 19:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-09-19 19:21 - 2019-09-19 19:21 - 021123128 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-09 01:33 - 2018-12-10 03:04 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-09 01:33 - 2018-12-10 03:04 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-09 01:33 - 2018-11-02 17:30 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-09 01:33 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-09 01:29 - 2019-06-22 05:09 - 000000000 ____D C:\Users\Duplat\AppData\LocalLow\Mozilla
2019-10-09 01:28 - 2018-12-10 03:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-09 01:28 - 2018-11-02 22:01 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-09 01:28 - 2018-09-15 04:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-08 04:33 - 2018-09-15 03:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-10-07 23:19 - 2018-11-03 00:01 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\discord
2019-10-07 19:31 - 2018-11-02 23:35 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\vlc
2019-10-07 19:20 - 2018-12-10 02:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-07 18:58 - 2019-01-17 19:44 - 000004214 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1547765085
2019-10-07 18:58 - 2019-01-17 19:44 - 000001416 _____ C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-10-07 01:58 - 2018-05-16 13:39 - 000000000 ____D C:\Nova
2019-10-07 01:35 - 2018-11-03 06:36 - 000000000 ____D C:\Users\Duplat\AppData\Local\Ubisoft Game Launcher
2019-10-07 01:08 - 2019-07-09 17:57 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2019-10-07 01:08 - 2019-07-09 17:57 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2019-10-06 21:30 - 2018-11-03 06:50 - 000000000 ____D C:\Users\Duplat\AppData\Local\Battle.net
2019-10-06 20:29 - 2018-11-03 06:50 - 000000000 ____D C:\Users\Duplat\AppData\Local\Blizzard Entertainment
2019-10-06 04:40 - 2019-04-24 22:29 - 000003144 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2019-10-06 04:40 - 2018-11-04 05:56 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\qBittorrent
2019-10-06 04:39 - 2019-05-25 08:51 - 000000000 ____D C:\TBBT
2019-10-05 23:38 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-05 20:20 - 2018-11-03 00:27 - 000000000 ____D C:\Users\Duplat\AppData\Local\D3DSCache
2019-10-05 19:39 - 2019-07-30 14:58 - 000000000 ____D C:\Users\Duplat\Desktop\IntelBurnTest
2019-10-05 19:37 - 2018-11-03 00:20 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-10-04 06:36 - 2018-11-03 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-10-04 05:52 - 2019-06-22 05:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-03 23:59 - 2018-11-03 00:20 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2019-10-03 23:55 - 2019-06-22 05:09 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-03 18:45 - 2019-03-19 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2019-10-03 18:30 - 2019-04-27 10:28 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-10-03 05:17 - 2018-11-02 23:40 - 000000000 ____D C:\Users\Duplat\AppData\Local\CrashDumps
2019-10-02 07:10 - 2018-09-15 04:31 - 000000000 ____D C:\WINDOWS\INF
2019-09-30 22:04 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-30 04:05 - 2018-05-16 19:26 - 000000000 ____D C:\Filmes
2019-09-27 03:57 - 2019-07-10 00:09 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Origin
2019-09-27 03:57 - 2018-11-03 06:33 - 000000000 ____D C:\ProgramData\Origin
2019-09-27 00:12 - 2019-05-28 23:36 - 000074552 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2019-09-26 17:38 - 2018-11-02 21:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-25 19:40 - 2018-11-02 22:19 - 000000000 ____D C:\Users\Duplat\AppData\Local\NVIDIA Corporation
2019-09-25 14:30 - 2019-08-03 11:49 - 000067152 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2019-09-25 14:29 - 2019-07-19 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2019-09-25 14:29 - 2019-07-19 05:47 - 000000000 ____D C:\Program Files\HWiNFO64
2019-09-25 12:58 - 2018-11-02 22:01 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-09-25 12:58 - 2018-11-02 22:01 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-09-25 12:58 - 2018-11-02 17:36 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-09-24 22:32 - 2018-12-09 23:05 - 000000000 ____D C:\Users\Duplat\AppData\Local\ElevatedDiagnostics
2019-09-24 22:07 - 2019-07-14 12:17 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-09-24 22:07 - 2018-11-02 22:16 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-09-24 22:04 - 2018-11-03 10:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-09-23 18:37 - 2018-11-02 17:32 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-23 18:37 - 2018-11-02 17:32 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-23 18:37 - 2018-11-02 17:32 - 000002270 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-23 01:55 - 2018-12-10 03:02 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-21 13:55 - 2018-12-14 20:25 - 000000000 ____D C:\Program Files\Rockstar Games
2019-09-21 13:55 - 2018-12-14 19:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-09-21 13:54 - 2018-11-03 00:27 - 000000000 ____D C:\Users\Duplat\Documents\Rockstar Games
2019-09-21 13:36 - 2018-11-02 22:12 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-20 23:02 - 2019-07-20 08:07 - 000002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-20 23:01 - 2018-11-22 02:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-19 23:52 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\tracing
2019-09-19 22:07 - 2018-11-02 17:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-09-19 22:07 - 2018-11-02 17:23 - 000000000 ___RD C:\Users\Duplat\3D Objects
2019-09-19 22:06 - 2018-12-10 02:46 - 000458736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-09-19 22:00 - 2018-09-15 04:33 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-09-19 22:00 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-09-19 22:00 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-09-19 22:00 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-09-19 21:59 - 2018-09-15 06:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-09-19 21:59 - 2018-09-15 03:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-09-19 20:06 - 2019-01-26 04:05 - 000000000 ____D C:\WINDOWS\Minidump
2019-09-19 19:57 - 2018-09-15 04:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-09-19 19:55 - 2018-11-14 16:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-09-19 19:52 - 2018-11-03 00:42 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-09-19 19:21 - 2018-12-10 03:04 - 000004602 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-09-19 19:21 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-09-19 19:21 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-09-18 20:49 - 2018-12-10 03:04 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2019-09-18 20:48 - 2018-11-04 06:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-09-18 20:39 - 2019-07-01 07:03 - 000004548 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-09-18 20:18 - 2019-05-29 18:19 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-09-18 20:18 - 2019-05-29 18:19 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk

==================== Files in the root of some directories ================

2019-04-01 00:42 - 2019-04-01 00:42 - 000000037 _____ () C:\Users\Duplat\AppData\Roaming\prio.ini
2018-12-27 01:10 - 2018-12-29 02:10 - 000001456 _____ () C:\Users\Duplat\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-12-27 10:03 - 2018-12-27 10:03 - 000000000 _____ () C:\Users\Duplat\AppData\Local\oobelibMkey.log
2018-12-26 23:16 - 2018-12-26 23:16 - 000002201 _____ () C:\Users\Duplat\AppData\Local\recently-used.xbel
2018-11-10 19:11 - 2019-01-31 01:25 - 000007600 _____ () C:\Users\Duplat\AppData\Local\Resmon.ResmonCfg
2019-06-14 00:06 - 2019-06-23 18:13 - 000000070 _____ () C:\Users\Duplat\AppData\Local\update_progress.txt

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================







Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by Duplat (09-10-2019 01:47:27)
Running from C:\Users\Duplat\Desktop
Windows 10 Pro Version 1809 17763.737 (X64) (2018-12-10 06:05:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2979426330-1067282791-1430516834-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2979426330-1067282791-1430516834-503 - Limited - Disabled)
Duplat (S-1-5-21-2979426330-1067282791-1430516834-1001 - Administrator - Enabled) => C:\Users\Duplat
Guest (S-1-5-21-2979426330-1067282791-1430516834-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2979426330-1067282791-1430516834-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.0.0.1192 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.2.0 - Electronic Arts, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
AudioSwitch (HKLM-x32\...\AudioSwitch_is1) (Version: 2.2.2.0 - )
Backup and Sync from Google (HKLM\...\{6DBCF61B-9281-4F9F-9022-7177D22B28A4}) (Version: 3.46.7175.2662 - Google, Inc.)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.5.5 - Andrew Sampson)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 77.0.69.132 - Brave Software Inc)
Call of Cthulhu (HKLM-x32\...\Call of Cthulhu_is1) (Version:  - )
CORSAIR iCUE Software (HKLM-x32\...\{2CF39684-9A16-483E-897B-F92F4D64C2EF}) (Version: 3.20.80 - Corsair)
CPUID CPU-Z 1.89 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.89 - CPUID, Inc.)
Dauntless (HKLM\...\{03AFDFA7-7A23-41B1-AAC2-3898591127D3}) (Version: 1.00.0000 - Phoenix Labs)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.5.0.12 - GOG.com)
ENE_EHD_HAL (HKLM\...\{B8140D28-2CA7-4F6A-8818-BF093C3F3225}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_HAL (HKLM-x32\...\{06ebd5ee-cb8a-487e-a83c-832dab840571}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{A398FCC0-8E8B-409E-90E9-ACF4671633F2}) (Version: 1.1.183.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - )
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version:  - Ubisoft)
FileZilla Client 3.45.1 (HKLM-x32\...\FileZilla Client) (Version: 3.45.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
Gamers Club Anti-Cheat 3.0.68 (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\5336d6e5-cfd5-580d-976b-0c07db708c28) (Version: 3.0.68 - Gamers Club Engeneering)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HWiNFO64 Version 6.12 (HKLM\...\HWiNFO64_is1) (Version: 6.12 - Martin Malik - REALiX)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Little Misfortune (HKLM\...\SKIDROW - Little Misfortune) (Version:  - SKIDROW)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.4 - Electronic Arts)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11328.20420 - Microsoft Corporation)
Microsoft Office 365 ProPlus - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.11328.20420 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
MiPony 3.0.5 (HKLM-x32\...\MiPony) (Version: 3.0.5 - )
Mozilla Firefox 69.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.2 (x64 en-US)) (Version: 69.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
MSI Afterburner 4.6.0 (HKLM-x32\...\Afterburner) (Version: 4.6.0 - MSI Co., LTD)
MTG Arena (HKLM-x32\...\{72DCA778-E873-42AC-AE1F-B2C14DCBF54C}) (Version: 0.1.1015.0 - Wizards of the Coast) Hidden
MTG Arena (HKLM-x32\...\MTG Arena 0.1.1015.0) (Version: 0.1.1015.0 - Wizards of the Coast)
NetLimiter 4 (HKLM\...\{D8EB2152-FF07-4BA1-8361-0A64CBCFA58F}) (Version: 4.0.50.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.50.0) (Version: 4.0.50.0 - Locktime Software)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.2 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.3.0.0 - Duodian Technology Co. Ltd.)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Opera Stable 63.0.3368.107 (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Opera 63.0.3368.107) (Version: 63.0.3368.107 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.47.29954 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
PUBG Lite (HKLM-x32\...\PUBG Lite_is1) (Version: 1.0.0.6 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 4.1.8 (HKLM-x32\...\qBittorrent) (Version: 4.1.8 - The qBittorrent project)
Quick CPU (HKLM-x32\...\{41F4C8EE-903D-4EB5-B6EB-75413BF496DE}) (Version: 3.0.1.0 - CoderBag)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8356 - Realtek Semiconductor Corp.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.0528.1 - GIGABYTE)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.4.116 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.2.5 - Rockstar Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Twitch (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VMR Connect version 1.2.3.0 (HKLM-x32\...\{A3135D26-0857-4E51-A491-B4CEDF9B1A2C}_is1) (Version: 1.2.3.0 - VLC Mobile Remote)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-06-12] (Adobe Systems Incorporated)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.27.2643.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Microsoft People -> C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.89.355.0_x64__mcm4njqhnhss8 [2018-12-28] (Netflix, Inc.)
Night Eye -> C:\Program Files\WindowsApps\43069RAZORdeveloper.NightEye_1.9.4.0_neutral__c9kkezg6y739m [2018-12-10] (RAZORdeveloper)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-12-13] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.177.0_x64__dt26b99r8h8gj [2019-07-14] (Realtek Semiconductor Corp)
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_1.5.4.0_x64__t4vj0pshhgkwm [2019-01-10] (Telegram Messenger LLP)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-12-10] (Nik Rolls)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{5C4D8D49-A0EE-41E0-98D5-B8E1A2A63328} -> [MEGAsync] => C:\Users\Duplat\Documents\MEGAsync [2019-05-25 08:58]
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers: [   OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-12-31] (Notepad++ -> )
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-09-28] (Google LLC -> Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-09-28] (Google LLC -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-09 13:40 - 2019-04-09 13:40 - 000015872 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libEGL.DLL
2019-04-09 13:40 - 2019-04-09 13:40 - 002786816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libGLESv2.dll
2019-09-11 17:04 - 2019-09-11 17:04 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2019-09-11 17:02 - 2019-09-11 17:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-03-05 11:07 - 2019-03-05 11:07 - 000642048 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000364544 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-09-09 11:29 - 2019-09-09 11:29 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2019-09-09 11:30 - 2019-09-09 11:30 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2019-09-09 11:30 - 2019-09-09 11:30 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2018-11-03 00:00 - 2018-04-30 09:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-08-13 16:11 - 2019-08-13 16:11 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2019-08-19 08:04 - 2019-08-19 08:04 - 001298944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LIBEAY32.dll
2019-08-19 08:04 - 2019-08-19 08:04 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ssleay32.dll
2019-04-09 13:48 - 2019-04-09 13:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qgif.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qicns.dll
2019-04-09 13:48 - 2019-04-09 13:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qico.dll
2019-04-09 13:50 - 2019-04-09 13:50 - 000364032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qjpeg.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qsvg.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtga.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000331776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtiff.dll
2019-04-10 19:26 - 2019-04-10 19:26 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwbmp.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwebp.dll
2019-04-09 13:50 - 2019-04-09 13:50 - 001192960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\platforms\qwindows.dll
2019-04-09 13:42 - 2019-04-09 13:42 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Concurrent.dll
2019-09-11 17:47 - 2019-09-11 17:47 - 005087232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll
2019-04-09 13:44 - 2019-04-09 13:44 - 005353984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Gui.dll
2019-04-10 20:28 - 2019-04-10 20:28 - 000576512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Multimedia.dll
2019-04-09 13:44 - 2019-04-09 13:44 - 001042944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Network.dll
2019-04-10 20:14 - 2019-04-10 20:14 - 003359232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Qml.dll
2019-04-10 20:09 - 2019-04-10 20:09 - 003181056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Quick.dll
2019-04-10 20:56 - 2019-04-10 20:56 - 000142336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickControls2.dll
2019-04-10 20:55 - 2019-04-10 20:55 - 000849920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickTemplates2.dll
2019-04-10 20:27 - 2019-04-10 20:27 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Scxml.dll
2019-04-09 13:42 - 2019-04-09 13:42 - 000156672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Sql.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000265728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Svg.dll
2019-04-09 13:47 - 2019-04-09 13:47 - 004532224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Widgets.dll
2019-04-10 20:40 - 2019-04-10 20:40 - 000444416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5WinExtras.dll
2019-04-09 13:41 - 2019-04-09 13:41 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Xml.dll
2019-04-10 20:51 - 2019-04-10 20:51 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-04-10 20:51 - 2019-04-10 20:51 - 000056320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-04-10 20:12 - 2019-04-10 20:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick.2\qtquick2plugin.dll
2019-04-10 20:58 - 2019-04-10 20:58 - 000456192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-04-10 20:56 - 2019-04-10 20:56 - 000271360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-10 20:13 - 2019-04-10 20:13 - 000072192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-10 20:56 - 2019-04-10 20:56 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-04-10 20:12 - 2019-04-10 20:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Window.2\windowplugin.dll
2019-04-09 13:49 - 2019-04-09 13:49 - 000122880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\Users\Duplat\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Duplat\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Duplat\ntuser.ini:NTV [11626]
AlternateDataStreams: C:\Users\Duplat\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Duplat\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Duplat\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 20:38 - 2018-04-11 20:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Duplat\Desktop\crgo8dzcxh421.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: aim_LSService => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: brave => 2
MSCONFIG\Services: bravem => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: EasyTuneEngineService => 2
MSCONFIG\Services: gadjservice => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: OcButtonService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: prio_svc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: uncheater_bgl => 3
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Screen+"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "TranslucentTB"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Actual Window Manager"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "NoxDaemon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{48EE09A7-D948-4CC4-A816-BC62C71B1CB0}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{51D9CE87-8C30-4EB5-B670-AF73F7671247}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe No File
FirewallRules: [{ED9EF4D8-A6C7-457D-8CA4-225A0F50F68B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{BB24F7A6-0733-40F2-95D3-83102AD22D08}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{6EB5213B-461F-481A-9219-9B9D3CDCF9F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of Nations\patriots.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{3CBD165D-6F8F-4324-B7CB-781AB2A58224}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of Nations\patriots.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{389504B4-126F-4F3B-9C26-1E9E927E137B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{FFB30302-B73C-4E0E-BDE8-FEF7DCCF853A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{7E58A9E1-2D21-41D6-9FF7-1230FE36ABDD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{77F602BD-D4B5-44E3-AB76-8A00EB81E50A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [UDP Query User{024EC3B3-9BDD-4535-94EC-B87A452A0D4C}D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [TCP Query User{66094D79-27F9-4F67-AF33-F3F8638C6F24}D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [{6878B676-809A-4930-A51E-C665491AED6F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{2AD5F4FF-DDDA-45A1-A952-53966001937E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{126F5A86-0A1E-429C-8826-E09BAD2588C8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{1A7515D6-4701-451D-AA31-C2046CDE78A1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [UDP Query User{63BC745F-E429-47CF-BFA8-110AF37ACAA0}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{08045DFF-425A-4289-BAB0-6F2607A1ED16}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{4B5F68AA-7659-4B5D-8F80-A7FEAA7E22F0}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{AA257137-E7B6-4203-8A60-7428172516A6}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{EAD35183-9FD6-45B4-8151-FD3C59C822CD}D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{CB1511C7-0206-4F1C-B73F-16876542B214}D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{ABDF02FB-5E2F-4FC0-835D-80FDD3F89EAD}D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{9312C455-2B28-4C45-8872-9437B33B911F}D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe No File
FirewallRules: [{5A02FB9A-9E5D-499A-8A8D-1027BB5FEA60}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{775F7A21-A1DC-4559-8B12-7D896856A205}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{911B8861-5DA1-40B2-AD8A-966E8AB58A38}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{BCB00455-2925-4A0B-BD3D-6879ECD4117A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{5C6A6C9E-963A-4488-B58E-4A982169F96D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{657F2683-FB75-4EA8-A7C6-DE805655988C}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe No File
FirewallRules: [{A51A2661-6A97-44A6-9690-4AFC2B7D65BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{B0C7307A-1CBD-4A43-AEB8-354430098C36}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{C2759DED-F7F6-4BB7-9C50-28A561949776}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe (Marek Ziemak -> )
FirewallRules: [{9E60AB9B-FF41-4E72-B875-6B8A593AB53D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe (Marek Ziemak -> )
FirewallRules: [{1A386060-A9F3-4F34-A1CB-DE3C4F1EA2A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe () [File not signed]
FirewallRules: [{2845A132-29B6-4CEA-9C1D-71253199E11C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe () [File not signed]
FirewallRules: [{36B5B3AF-8CD1-4255-A810-3650B71FD0DC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{A88290E8-D045-4EFD-9CE2-92206451CA98}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{237579F2-F15A-4E57-9541-DA39A6D40AAD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Secret World Legends\ClientPatcher.exe (FUNCOM OSLO AS -> Funcom)
FirewallRules: [{66C6D667-344D-4161-88F1-CEAF157ECD4C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Secret World Legends\ClientPatcher.exe (FUNCOM OSLO AS -> Funcom)
FirewallRules: [{179CD858-E642-4FB8-92F9-F72273CC5D19}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{BD2C36D7-ECFA-4BF8-B258-13082B81D645}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{92A05A35-EFA2-49D9-B4D3-23E3DEC0E057}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{FA854709-E2AB-4F62-90E5-E3DE8A611F6F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{75A9F823-2B33-4D0E-8426-925236854284}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation) [File not signed]
FirewallRules: [{B40134A3-9E88-4A18-961E-24897D245BA9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation) [File not signed]
FirewallRules: [{8FF4A0D0-9BF1-4352-A33D-0663E2EC31E7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed]
FirewallRules: [{5D222723-DA1F-463E-9526-182CDD131D43}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed]
FirewallRules: [{3CEB0939-3848-4EE1-8CFA-58440D17C322}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{5C09F0BF-080E-4691-818D-E1B68FECEE02}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{A26CB269-4326-4FFF-A141-347BE18E55E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe (Zeboyd Games) [File not signed]
FirewallRules: [{3FC8FCCD-8BB6-44CF-970B-8EC11DE10474}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe (Zeboyd Games) [File not signed]
FirewallRules: [{69088BF2-7F38-479D-9C37-A578452455C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Magicite\Magicite.exe () [File not signed]
FirewallRules: [{B0B0F156-2A3C-4997-B2AE-4586F4C449A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Magicite\Magicite.exe () [File not signed]
FirewallRules: [{46A16DCA-CFCB-493A-AB2E-4E9D3C7DE769}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe () [File not signed]
FirewallRules: [{0118B36B-BAFD-4989-93DC-1EB9E9A3BF59}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe () [File not signed]
FirewallRules: [{FF192F8F-53E9-45D6-BC6F-DE1E6E12589B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games)
FirewallRules: [{046ED7E6-16EA-471F-B51C-E41602684FAF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games)
FirewallRules: [{8792C873-7BE8-4709-8020-BD0BA205F9D9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe () [File not signed]
FirewallRules: [{6B61F6D2-1A3C-44EE-A259-FAD9D6B729D7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe () [File not signed]
FirewallRules: [{7C5A8138-5CB2-4F29-977D-5D3000D3B4E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe () [File not signed]
FirewallRules: [{BB64C97B-CBB2-411E-92E5-5C10BABA341B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe () [File not signed]
FirewallRules: [{5CDE1D0C-D5C5-4383-B052-24B9A27A931D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe No File
FirewallRules: [{6A73D46A-5C09-46F1-A4E7-557DB658E61F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe No File
FirewallRules: [{731B77E5-130D-4EF2-B9AB-6EA9984BE555}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe (Remedy Entertainment Ltd. -> )
FirewallRules: [{3769F95D-4C01-4DE5-8253-60B3C5BC450F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe (Remedy Entertainment Ltd. -> )
FirewallRules: [UDP Query User{C9E3D405-5F7A-4463-B181-4AB9DF396258}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{C578BE65-E98E-4ED7-989B-9413FCA968F6}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [{2AC3BBF3-59AA-4EE6-BD73-3C7E7D084115}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{C937EFF5-55B9-4050-AC3C-9873C35A1144}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{A4A4BC54-B8DF-4F14-A481-DCEBCC417BC9}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{B461E570-F83B-4A39-8FBE-74362E7DA7F8}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{D57180B9-552D-4182-9A8E-EA21BC1B0FC4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{4AA28276-A5AA-4252-8DC5-239665A76FE0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{CA004B1D-9D82-4EA9-8D41-A39B2BE77B8C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{252AB6DF-D54F-4023-B67F-567E78C3B8EF}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{E2BCB1F4-AC2A-4D35-B134-8C024B8DDCD1}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BECB06BA-25D9-4D67-AB3E-3C27CC629CF8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{770FFEC1-8F86-4F1F-A721-85111E94B66F}D:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) D:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{9D28CFEC-4A05-4DD8-9A0B-FD0EA3286435}D:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) D:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{4FE36C4E-D6D5-4D7B-A7C5-1BD34F782D68}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{CFC93580-4F12-419E-A9A4-5D60655CC468}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{809DBAA9-44BB-4CEE-96C1-203A52033B3C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{5363911F-7A57-46F4-8BA5-AD22B38F3C3C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{8F9DFCDB-3A43-4DAE-85A7-D39C28E23C80}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{957D0F26-E4DA-441D-854D-5A885E98649A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1FBD4D2E-FBD1-4496-8F7E-A732FB275963}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8786D9B-00CE-4077-9B69-99F0414CDE90}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED519612-75BA-4296-A51B-984FC5556A09}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5B2738A-5D97-4992-9AED-96857596BB1F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{4F6B7CF3-F9E6-437A-9DEB-A87EEFD96813}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{68337F8D-33FA-441C-AA2A-6CEFC9F2BAA4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe No File
FirewallRules: [{1DA50655-D338-4D5C-8D69-57057BEF54B7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe No File
FirewallRules: [{CC0FD976-5CCD-4E86-B4CE-EA15DBDB1763}] => (Allow) LPort=9009
FirewallRules: [{E2B70FD8-11A0-482C-99F4-0574F20DF05A}] => (Allow) LPort=9009
FirewallRules: [{2E89958C-AC5C-4729-BD66-91B74331D3D3}] => (Allow) LPort=9009
FirewallRules: [{9D2E2E61-126D-42C5-AE02-173FEE95C2B0}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{EC6CA6D3-2ACE-4B6D-9A47-0D9D62D5D65F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{EDDF1ECE-5D94-4326-B6A1-82A186A006F3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{87687B6B-F8E3-443E-94BB-9CB751570C31}] => (Allow) LPort=9009
FirewallRules: [{4946F1EE-88E0-4786-AC2F-84B89696F55E}] => (Allow) LPort=9009
FirewallRules: [{04414CC0-E465-4FF8-AA48-C223F7B6773E}] => (Allow) LPort=9009
FirewallRules: [{8A5C1187-1155-4D48-B3B5-0ADFB121D367}] => (Allow) LPort=9009
FirewallRules: [{AAF48710-05BF-42D3-B53D-5028A7FA8772}] => (Allow) LPort=9009
FirewallRules: [{6F763511-82FC-4EDB-BB37-9D51E42EBC9F}] => (Allow) LPort=9009
FirewallRules: [{AFB78C3F-B0ED-42BB-9C4D-A1D6A34E00AF}] => (Allow) LPort=9009
FirewallRules: [{E39F510A-08EA-4887-BC11-4046C9044B90}] => (Allow) LPort=9009
FirewallRules: [{B1A42D65-4874-48B9-81BE-E497D9F51990}] => (Allow) LPort=9009
FirewallRules: [{7C1DDFD8-C7AC-4CCB-BB7B-F4AE4822EFB8}] => (Allow) LPort=9009
FirewallRules: [{22DFED0C-AC9B-4E88-829B-6FD1960B0CAA}] => (Allow) LPort=9009
FirewallRules: [{6A8400FA-4192-4DB4-BC2F-8D5B49E2221D}] => (Allow) LPort=9009
FirewallRules: [{0B1BED5C-A7F3-4D29-B5E3-2B9636969664}] => (Allow) LPort=9009
FirewallRules: [{99D9DB0A-53A8-4AA7-9F98-CF41F8B3C411}] => (Allow) LPort=9009
FirewallRules: [{0507CB8B-6C35-4F1A-ACA7-E98BE0E2806D}] => (Allow) LPort=9009
FirewallRules: [{9955FA05-55EF-4B07-B1AE-1E6859992B25}] => (Allow) LPort=9009
FirewallRules: [{00488E9E-3EBF-42DC-BD63-C8FA16BC241B}] => (Allow) LPort=9009
FirewallRules: [{9618C31C-0D73-4563-AAD8-91004E4DCD93}] => (Allow) LPort=9009
FirewallRules: [{16B823F0-65CD-41DA-B651-6E7B7AE2B959}] => (Allow) LPort=9009
FirewallRules: [{74443F33-8DC4-44E7-8395-8EDA40740504}] => (Allow) LPort=9009
FirewallRules: [{F8312CB7-3F18-4B4C-85F6-61E6754B584C}] => (Allow) LPort=9009
FirewallRules: [{1BAF156F-65FC-4A6D-BD5E-826B3119C00A}] => (Allow) LPort=9009
FirewallRules: [{416D088D-2CAB-4E41-A79D-8108988A2EA2}] => (Allow) LPort=9009
FirewallRules: [{B8EAD117-7C88-490D-B76C-941BF578F2EC}] => (Allow) LPort=9009
FirewallRules: [{44B89C3B-9721-4090-B6CC-2214CD716BF7}] => (Allow) LPort=9009
FirewallRules: [{4B78F361-AF8D-4C36-A574-81578BDADB1C}] => (Allow) LPort=9009
FirewallRules: [{45AE23A9-A05A-490D-A003-6D81807B98C3}] => (Allow) LPort=9009
FirewallRules: [{5D0361D5-A309-45EB-9F95-7C5DF28A5F59}] => (Allow) LPort=9009
FirewallRules: [{DD1F0D3E-09DC-42C8-B207-E7DB208F41C5}] => (Allow) LPort=9009
FirewallRules: [{1CA6B0E2-28BB-4334-8055-16F7C254869F}] => (Allow) LPort=9009
FirewallRules: [{2B918E9B-A3B2-445F-B173-97DDF3BDE95C}] => (Allow) LPort=9009
FirewallRules: [{CA4A7291-70CC-4354-9B01-4D88007D3D02}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{C5862EBE-2648-48D0-87D2-03EFE3725B70}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed]
FirewallRules: [UDP Query User{6119E4A7-C9F1-4974-A807-6A1C309CAFD8}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed]
FirewallRules: [{02735B30-75E6-440B-B692-65C99DC03478}] => (Allow) LPort=9009
FirewallRules: [{7F7E2EBD-2CF1-4A4F-A378-00FB50051AFB}] => (Allow) LPort=9009
FirewallRules: [{AD100F57-1AF8-4881-B115-4B991AB2177D}] => (Allow) LPort=9009
FirewallRules: [{E6852746-E88E-405A-A40E-C4DF74DCE009}] => (Allow) LPort=9009
FirewallRules: [{D7690D02-DBC1-4B96-B9C1-0CC9C8297B1A}] => (Allow) LPort=9009
FirewallRules: [{87774665-37E3-4892-A10F-CFCA4F58D44D}] => (Allow) LPort=9009
FirewallRules: [{28D6206D-737C-4110-AF2F-33E761E2BBA4}] => (Allow) LPort=9009
FirewallRules: [{009ECC04-6D3A-4144-A8A0-1DBA4520A5BE}] => (Allow) LPort=9009
FirewallRules: [{84AD50DF-59AA-433D-A7B8-5FAAA17A0339}] => (Allow) LPort=9009
FirewallRules: [{2267C91F-BD87-46F2-B26D-A04783E61F4D}] => (Allow) LPort=9009
FirewallRules: [{EE100B6D-AE18-4246-B77C-7FF4F9861746}] => (Allow) LPort=9009
FirewallRules: [{409585FD-641F-406D-83E4-C5B5FC110B59}] => (Allow) LPort=9009
FirewallRules: [{A7C56AE0-27FE-43A4-AC76-6F5AAF8756F5}] => (Allow) LPort=9009
FirewallRules: [{490F7E01-C273-4BA2-926E-F90BEBC7B2A9}] => (Allow) LPort=9009
FirewallRules: [{5A13C48C-A378-41D0-8475-1631DB5EAFB0}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{EFC991C9-F605-4020-B4E9-8DC9E96A51EA}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{FA5CA709-1A55-4489-9910-E6FCBB4428D4}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{EB329487-2172-4BE9-ABB5-4ED072C74C7E}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{DB70C80D-65D8-4B47-B7A9-ECDBBCA3B183}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{3E1FFB83-F922-4991-9928-3EAD9FC32C67}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{6F560A4F-A34E-4130-A0AB-1C7E3E547640}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [TCP Query User{C1128FA0-59A4-487F-9BA1-877A609B159A}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{37923856-069E-4282-8469-71FD2001BB17}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{3185A879-556A-464C-8D48-21C12A9840F5}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F9EAC156-57B7-4CC7-B0C0-2F8618EAD81E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{802DBCEC-68B3-49FD-98A4-9C8597CB570A}D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe] => (Allow) D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{E66C4917-B0E6-4EF8-9F71-8DBE0C684BD7}D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe] => (Allow) D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{6B908A39-D9A8-4FB9-A611-3C9A238510CF}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{1393D183-A4A6-4867-80E5-0BDE81ABB8D2}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{7D55F9DF-292A-477E-A65B-A2738693DA32}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A55F06B1-90DF-4451-8558-C181529C567B}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{2141CA7F-17B0-4328-9CAE-A1FEF2B271A8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{A35F7A67-BCC4-497D-8F89-7D7F0095F4AD}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F211D123-5F20-422D-BB65-75578E045647}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{882688C5-1FA6-4338-8C5E-3B630CDC353C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{CF252B37-4F48-47E0-9CC2-6649165F74E6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{48113EAA-67C9-4772-AB9C-100E93FD3E9C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [TCP Query User{6863AF9B-F452-4D3D-A6F1-165102F2123E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{D1DF1264-0A8C-4312-A614-290675E3904D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{92656738-4617-4BA7-9822-C44CDC20CD8D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pandemic Express\Bin\win_x64\PandemicExpress.exe No File
FirewallRules: [{F2F0060D-ECBE-436A-A902-8A189D8E6430}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pandemic Express\Bin\win_x64\PandemicExpress.exe No File
FirewallRules: [{2B59489B-C086-40FA-B119-AAA58B3A93D2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe No File
FirewallRules: [{D89F5046-9381-46E2-95AE-E22BA22F8A9D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe No File
FirewallRules: [TCP Query User{3A73C1F1-ADD1-42F3-8073-DB16654F52AC}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [UDP Query User{5E65FFCA-51A1-4B3E-BC6A-F0E5A34E4636}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [{F3748818-C038-4476-8EED-594BC64A7072}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe (Frontier Developments Ltd) [File not signed]
FirewallRules: [{815EB672-817E-4D67-83CA-7CF837ACF337}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe (Frontier Developments Ltd) [File not signed]
FirewallRules: [TCP Query User{FB81BAFF-9926-4B5E-8C71-C2274E40D471}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{ED5BF280-82A6-4689-871A-BAA671D02C5D}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{BA6D6B51-B868-4C73-982E-7C94BB3AF6F8}D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe No File
FirewallRules: [UDP Query User{A9BFB6C8-B746-4830-9E54-B2BA512BC117}D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe No File
FirewallRules: [TCP Query User{D9BCD5EB-CBDE-4046-A179-E8062A51CB22}D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed]
FirewallRules: [UDP Query User{5BFF66A7-9C1B-4633-80C3-5C6C6EF3E2F2}D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed]
FirewallRules: [{774338CE-78DF-4E92-A4FE-BA94C1DAABD4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A92BAD2-E852-4516-B096-9C87093882FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3BF3106C-6B56-4611-9AAF-75669E491FF7}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{8910EA05-16E6-478D-912D-B1E67C834E23}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [{F0AE905B-5BE9-4D0E-9EC9-9F8A227EF4D0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{B7467F85-6D38-4C45-BD54-6DBC9709A495}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{6EBAEB3B-9327-4440-9014-11217CC0A0CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{C41FC74F-76D3-496E-9593-B9687C8C6157}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{A2171132-43E4-4859-9C3C-22238241170C}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{6F5B7542-9E52-46D1-A76F-F2E592C6BFE6}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{D654BAA4-DD25-4514-8BDD-4EBDD3C71C24}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{2D0D1DFA-5347-4BD2-8175-71C8783EB500}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [{95A67440-F63F-432F-9E0E-98624F3231AE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.)
FirewallRules: [{94F18F66-5FDB-4C8B-AC31-CFCC244FC00C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.)
FirewallRules: [TCP Query User{7D7C17E4-8F68-43CE-8385-9ED59F72ECF7}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [UDP Query User{264EFBD2-CC58-4332-AC0F-0AE9184DB11F}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [TCP Query User{242DFB03-7FA7-409A-9B7E-32F8C3018961}D:\program files (x86)\heroes of newerth\hon.exe] => (Allow) D:\program files (x86)\heroes of newerth\hon.exe No File
FirewallRules: [UDP Query User{A808E717-6840-4DAA-97F1-DA48FB531937}D:\program files (x86)\heroes of newerth\hon.exe] => (Allow) D:\program files (x86)\heroes of newerth\hon.exe No File
FirewallRules: [{C3A204AD-B983-4975-8CC4-3B98D7CC6328}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [{36C19CFF-DB02-4B2A-A8D0-6561DDF6E1A5}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [{05A7B4FA-153F-47A1-B8C9-B4D52C76AE58}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [{5FD0D9C0-63B9-49F0-8F52-AA7978BFE503}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [TCP Query User{94EBBAFA-CE2F-482C-BEF2-1338CEB0687F}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe (www.mipony.net -> ) [File not signed]
FirewallRules: [UDP Query User{3ADEFA27-50FE-4BEA-8572-C8952728EAF9}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe (www.mipony.net -> ) [File not signed]
FirewallRules: [{42F34E8E-831C-45AB-A21F-58EEA284694F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{97EB6E38-75F3-4AC2-B37A-C6566FA0552C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{22421E47-F02D-4A04-A9F7-140F5D54819B}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{ABBE715B-9E7F-4FE7-BD0D-A0767862F77D}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [TCP Query User{19D68C8E-D3F2-41ED-8529-DCFA96C1BD6C}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
FirewallRules: [UDP Query User{2A6FEE49-59CC-4ECA-A718-7534A277BF7D}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
FirewallRules: [{1FEA261F-E5BA-43CE-B3EF-334016D81252}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6925456E-79C9-412E-B7B4-857BD4656993}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5A3A50C7-E0CD-4298-A540-38FF40BE42BD}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{C5E483FD-8CDC-4A6A-9B7C-E757606759AA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{4928633F-6240-480A-A2A3-D8CD33FE693B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{3FB82226-05E3-4E12-B36E-41BA6A274E63}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{2391B1D4-4692-4744-8DB9-BC3F6F2215B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [TCP Query User{6A444315-DB10-4979-994F-6772B5F76059}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [UDP Query User{D68FA08D-D7BC-4706-8312-C6A43039C84C}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [TCP Query User{56694041-2190-4525-8E31-0AE35878F4D3}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [UDP Query User{12195111-69A8-4BDE-80C5-E5ED9C91BCDE}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{3815C04C-0E05-4357-A9DD-1D5B9281164D}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{E15207E5-D614-402F-9EB1-CB1B5CB916F9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{63E35652-AA1F-49DA-8075-4B3ADBA87BF1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{A8DC18A8-14B3-4F22-8390-EF61C6FA1A99}D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{FED66F0E-4FBB-4EEA-AE05-518FA6995FF4}D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{B436417E-8817-4F6B-929E-14F2A32E0B0F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{E044FC5D-9A63-424E-8308-BEA4562B411C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Restore Points =========================

02-10-2019 07:06:13 Installed CORSAIR iCUE Software

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2019 01:34:03 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/07/2019 11:21:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkypeApp.exe version 8.34.0.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: cc

Start Time: 01d57d5f4de82754

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe

Report Id: 8a13237e-d934-4751-bd8d-fd150d45494a

Faulting package full name: Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (10/07/2019 07:17:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkypeApp.exe version 8.34.0.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 225c

Start Time: 01d57d58d8e49435

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe

Report Id: bbdd3fdb-232d-45b2-a269-da462a905a17

Faulting package full name: Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (10/07/2019 06:56:32 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/06/2019 08:09:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Europa_Client.exe version 0.2.537.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 7bc

Start Time: 01d57c9a9d95beae

Termination Time: 8

Application Path: D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\Xversion\Europa_Client.exe

Report Id: 59c12abc-c30a-4d21-85e8-b2dfec261dea

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (10/06/2019 05:29:07 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/05/2019 05:29:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/05/2019 01:22:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (10/09/2019 01:32:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/09/2019 01:32:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/09/2019 01:29:28 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS)
Description: Unable to start a DCOM Server: ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppX0kb1wv51yacfv58jnrprgtyj3c0t775x.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppX9n879r3et3x3b24eqasexpgc3412rn2m.mca

Error: (10/09/2019 01:29:19 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS)
Description: Unable to start a DCOM Server: AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppXgrtg5zk0qzd58y4kdyd4g0wpzdp7rhmf.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppXj7d2pwbjt1by8j1s5wak729xa46cf4br.mca

Error: (10/09/2019 01:28:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/09/2019 01:28:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/08/2019 04:33:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.303.1174.0).

Error: (10/08/2019 01:54:57 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS)
Description: Unable to start a DCOM Server: AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppXgrtg5zk0qzd58y4kdyd4g0wpzdp7rhmf.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppXj7d2pwbjt1by8j1s5wak729xa46cf4br.mca


Windows Defender:
===================================
Date: 2019-10-07 00:32:43.553
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...26&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\WINDOWS\system32\StartupCheckLibrary.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-05 19:30:58.658
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3C9A005D-01D5-4901-9DB3-79F121EC0EBA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-05 17:05:07.285
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {569D6F41-A00F-48EB-9BC5-68150799A7A6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-05 06:14:00.373
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {90806FF2-5A45-4879-83BB-BD40F3DD15B8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-02 06:25:42.325
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6C6FAB3B-152A-47B9-BF5F-CB060DAFAABD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-08 04:33:41.839
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.303.1174.0
Previous Signature Version: 1.303.1146.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.16400.2
Previous Engine Version: 1.1.16400.2
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-10-08 04:33:41.839
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.303.1174.0
Previous Signature Version: 1.303.1146.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.16400.2
Previous Engine Version: 1.1.16400.2
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2019-09-18 20:37:16.753
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1519.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80246007
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-18 20:00:28.270
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1519.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-09-18 20:00:28.269
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1519.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-08-01 14:58:18.127
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-01 14:42:59.895
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-01 03:11:50.215
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-31 19:19:14.518
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-31 13:31:21.299
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-31 02:48:24.224
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-09 21:16:32.345
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume1\Program Files\Prio\prio.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-09 17:52:47.092
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume1\Program Files\Prio\prio.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F42a 07/31/2019
Motherboard: Gigabyte Technology Co., Ltd. AB350-Gaming 3-CF
Processor: AMD Ryzen 5 1600X Six-Core Processor
Percentage of memory in use: 61%
Total physical RAM: 8143.37 MB
Available physical RAM: 3100.68 MB
Total Virtual: 16143.37 MB
Available Virtual: 9223.9 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:930.7 GB) (Free:103.55 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:1862.42 GB) (Free:402.44 GB) NTFS
Drive e: () (Fixed) (Total:232.88 GB) (Free:104.49 GB) NTFS

\\?\Volume{26c4f6e3-ae76-402e-924e-64c06f594455}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS
\\?\Volume{3b8a238f-2f3a-4784-8545-56c16e5e4cfe}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{c8899f10-cbea-4cf6-a976-76024a3ea4ac}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 60B170B4)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: A0329484)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by XmutanoX, 08 October 2019 - 11:04 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,877 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   6.16KB   5 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#3
XmutanoX

XmutanoX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-10-2019 01
Ran by Duplat (09-10-2019 22:40:03) Run:1
Running from C:\Users\Duplat\Desktop
Loaded Profiles: Duplat (Available Profiles: Duplat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
Task: {C1AB7A03-F336-43B7-ABC9-26A8A563170F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {CC33F01E-1AC6-4906-ACA2-EE861428504C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
S3 leizhveytvn; \??\C:\WINDOWS\system32\leizhveytvn.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [   OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [   OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\Users\Duplat\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Duplat\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Duplat\ntuser.ini:NTV [11626]
AlternateDataStreams: C:\Users\Duplat\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Duplat\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Duplat\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
CMD: mkdir  C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir  C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:







*****************

"prio.dll" => Value data removed successfully
"prio32.dll" => Value data removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1AB7A03-F336-43B7-ABC9-26A8A563170F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1AB7A03-F336-43B7-ABC9-26A8A563170F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC33F01E-1AC6-4906-ACA2-EE861428504C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC33F01E-1AC6-4906-ACA2-EE861428504C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
HKLM\System\CurrentControlSet\Services\leizhveytvn => removed successfully
leizhveytvn => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => removed successfully
nvvad_WaveExtensible => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvhci => removed successfully
nvvhci => service removed successfully
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
C:\WINDOWS\tracing => ":?" ADS removed successfully
C:\Users\Duplat\Application Data => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
C:\Users\Duplat\Application Data => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS removed successfully
C:\Users\Duplat\ntuser.ini => ":NTV" ADS removed successfully
"C:\Users\Duplat\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\Duplat\AppData\Roaming" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS not found.
C:\Users\Duplat\AppData\Local\Temp => ":$DATA​" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

========= mkdir  C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer =========


========= End of CMD: =========


========= mkdir  C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database =========


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 22:41:47 ====


  • 0

#4
XmutanoX

XmutanoX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RtkAudUService] => "C:\WINDOWS\System32\RtkAudUService64.exe" -background
HKLM\...\Run: [Screen+] => C:\Program Files\Screen+\ScreenLM64.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9267656 2018-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-11-03] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5007408 2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-09-11] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [6113328 2019-08-21] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Run: [NoxDaemon] => C:\Users\Duplat\AppData\Roaming\NoxSrv\NoxSrv.exe [115712 2019-06-23] () [File not signed]
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\MountPoints2: {2f41768c-fc40-11e8-9567-1c1b0de53af9} - "F:\Setup.exe"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\MountPoints2: {a2a55c41-df1a-11e8-bf1e-806e6f6e6963} - "F:\Setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\77.0.69.132\Installer\chrmstp.exe [2019-10-03] (Brave Software, Inc.) [File not signed]
Startup: C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2018-11-03]
ShortcutTarget: AudioSwitch.lnk -> C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe () [File not signed]
Startup: C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-05-25]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Duplat\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-04-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EE4A41C-DA51-487F-81EB-BCAD3C67FC6A} - System32\Tasks\GIGABYTE OC GURU => C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
Task: {217E3C54-166E-4C4D-AA94-B18EB4EB5151} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-18] (Adobe Inc. -> Adobe)
Task: {2B162AC9-E078-4FA0-884C-B39696ADBBD1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-19] (Adobe Inc. -> Adobe)
Task: {2E4F4314-9FC6-4638-A8B7-A86011B8A99B} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {3333BBBF-FBF2-488E-AABB-F2BCA0161B51} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {38A0C235-691E-4473-A72D-5D42A68E4E4B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [103472 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {406E1DEE-87CF-4516-81D6-D701D4F58A9D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {42EB9377-B525-4264-8F46-9394627B5C37} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE [4447264 2019-09-25] (Martin Malik - REALiX -> REALiX)
Task: {479F5831-1144-423D-A697-DED82BFF7421} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26045560 2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E5570A4-52F0-4F0C-B0CE-B5C19CC4B48D} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [770344 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {547B60F9-A75A-4C03-AAA9-963F0594C065} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5814EA04-05E4-45FE-B3A6-909BE63AA842} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-02] (Google Inc -> Google Inc.)
Task: {6843A9C7-3360-4A12-B36B-FA8E0C000BF4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26045560 2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {88C01602-4775-4E66-A1E1-B140CC394B85} - System32\Tasks\Opera scheduled Autoupdate 1547765085 => C:\Users\Duplat\AppData\Local\Programs\Opera\launcher.exe [1520152 2019-10-04] (Opera Software AS -> Opera Software)
Task: {9A82BA2C-86C3-4B19-9745-EC3A150EB840} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-02] (Google Inc -> Google Inc.)
Task: {A4F5CC86-E2A8-4520-9F9A-0AC3C17325AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1403552 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA0670E2-13C6-4D84-BB16-0D685DFBF209} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [665848 2019-06-27] (Advanced Micro Devices INC. -> )
Task: {AAD7BB24-2C05-4929-822F-67AD9BB3A865} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C06E690B-EFA8-491B-95D5-8D287FAF1428} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D0372E85-E6FC-4BE6-9C21-BCB8387E9D76} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-19] (Adobe Inc. -> Adobe)
Task: {D83EEC76-F27C-44E4-AFBD-981047C3E72B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4404384 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC355283-9CCB-4FF9-BDEA-0AC895427C64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E0047307-FC44-44C7-BC3D-5D73AC6485B2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1403552 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8290738-A348-41C7-ABED-2BEEC483702B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [103472 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9ED7EA2-A92A-4CEC-8C3F-CBCC5F118F22} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [758872 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4DC44FB-39F3-4E6D-AFC2-30193EFE8943} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4404384 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE38D026-95A0-4757-8D13-9A613A762F1A} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5984fe02-fac2-4287-93e1-d0498fe68b4b}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{5984fe02-fac2-4287-93e1-d0498fe68b4b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8a6cc755-5246-47af-8b80-4c257bc5341e}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Duplat\Desktop
Edge Session Restore: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001 -> is enabled.
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-12-10]
Edge Extension: (Night Eye - Dark mode on any website) -> EdgeExtension_43069RAZORdeveloperNightEye_c9kkezg6y739m => C:\Program Files\WindowsApps\43069RAZORdeveloper.NightEye_1.9.4.0_neutral__c9kkezg6y739m [2018-12-10]

FireFox:
========
FF DefaultProfile: dfwia8uo.default
FF ProfilePath: C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\dfwia8uo.default [2019-06-22]
FF ProfilePath: C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671 [2019-10-09]
FF Session Restore: Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671 -> is enabled.
FF Extension: (Dark Reader) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-09-18]
FF Extension: (Better TweetDeck) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-09-22]
FF Extension: (Checker Plus for Gmail) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-07-19]
FF Extension: (BetterTTV) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-10-04]
FF Extension: (Panel View for Google™ Translate) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\jid0-f[email protected] [2019-07-21]
FF Extension: (Méliuz) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-07-26]
FF Extension: (uBlock Origin) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\[email protected] [2019-09-27]
FF Extension: (A Light in Space by MaDonna) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\{6e68ac2f-4352-427d-ae23-bf7a2b854aed}.xpi [2019-07-19]
FF Extension: (Stylus) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2019-09-18]
FF Extension: (Dark Fox) - C:\Users\Duplat\AppData\Roaming\Mozilla\Firefox\Profiles\wy9m7bbq.default-release-1563560216671\Extensions\{e7fe4ffe-f256-4f85-906d-072fdd698585}.xpi [2019-07-19]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-18] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-18] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.301\npGoogleUpdate3.dll [2019-10-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.301\npGoogleUpdate3.dll [2019-10-09] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com.br/
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default [2019-09-30]
CHR Extension: (Slides) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-02]
CHR Extension: (BetterTTV) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-09-30]
CHR Extension: (Docs) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-02]
CHR Extension: (Google Drive) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-02]
CHR Extension: (MEGA) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-09-30]
CHR Extension: (YouTube) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-02]
CHR Extension: (uBlock Origin) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-09-30]
CHR Extension: (Stylus) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2019-09-30]
CHR Extension: (Dark Vibe) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2018-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-05]
CHR Extension: (Dark Reader) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-09-30]
CHR Extension: (Silver Bird) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2018-11-02]
CHR Extension: (Sheets) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-02]
CHR Extension: (The Great Suspender) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2019-09-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-02]
CHR Extension: (Gmail) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-05]
CHR Extension: (Chrome Media Router) - C:\Users\Duplat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-30]
CHR HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR DownloadDir: C:\Users\Duplat\Desktop
OPR Extension: (BetterTTV) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-10-09]
OPR Extension: (Dark Reader) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-10-09]
OPR Extension: (Stylus) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2019-10-09]
OPR Extension: (Install Chrome Extensions) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-10-09]
OPR Extension: (BetterTweetDeck) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\micblkellenpbfapmcpcfhcoeohhnpob [2019-10-09]
OPR Extension: (Checker Plus for Gmail™) - C:\Users\Duplat\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2019-10-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 ArcService; D:\Program Files (x86)\Arc\ArcService.exe [123000 2019-03-05] (Perfect World Entertainment Inc. -> Perfect World Entertainment Inc)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-06-09] (BattlEye Innovations e.K. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-27] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11153512 2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [52776 2019-09-11] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-06-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-13] (GOG Sp. z o.o. -> GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-13] (GOG Sp. z o.o. -> GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [309664 2019-07-16] (Locktime Software s.r.o. -> Locktime Software)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2348336 2019-09-25] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3228464 2019-09-25] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2019-07-09] (Even Balance, Inc. -> )
S3 Rockstar Service; D:\Program Files\Rockstar Games\Launcher\RockstarService.exe [471696 2019-09-18] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-09-26] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-09-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24528 2019-04-18] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [32760 2019-05-29] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [138544 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriverV13; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [71152 2018-11-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [20472 2019-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45968 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21904 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz148; C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [44648 2019-10-09] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ei2c; C:\WINDOWS\system32\drivers\ei2c.sys [20784 2019-07-16] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
U5 GCSYS; C:\Users\Duplat\AppData\Local\Programs\gamers-club-anti-cheat\resources\GCSYS64.sys [2675624 2019-09-11] (Gamers Club (Gamers Club Ltda) -> )
S3 gdrv; C:\WINDOWS\gdrv.sys [26792 2019-02-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 gdrv2; C:\WINDOWS\gdrv2.sys [32600 2019-07-13] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 GLCKIO2; C:\Program Files (x86)\GIGABYTE\RGBFusion\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [67152 2019-09-25] (Martin Malik - REALiX -> REALiX™)
R2 mi2c; C:\WINDOWS\system32\drivers\mi2c.sys [20784 2019-07-16] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [178944 2019-07-15] (Locktime Software s.r.o. -> Locktime Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830a0263f2ee97ce\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 SSGDIO; C:\WINDOWS\SysWOW64\DRIVERS\ssgdio64.sys [14608 2019-09-30] (ATI Technologies, Inc -> ATI Technologies Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-09-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-09-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-09-26] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Gigabyte\RGBFusion\MODAPI.sys [14544 2019-10-05] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-09-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-06-23] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-09 22:40 - 2019-10-09 22:41 - 000008394 _____ C:\Users\Duplat\Desktop\Fixlog.txt
2019-10-09 14:34 - 2019-10-09 14:34 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 003614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 002429768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-10-09 14:34 - 2019-10-09 14:34 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-10-09 14:34 - 2019-10-09 14:34 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 001155584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shellstyle.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 001155584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shellstyle.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2019-10-09 14:34 - 2019-10-09 14:34 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 000241976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-10-09 14:34 - 2019-10-09 14:34 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-10-09 14:34 - 2019-10-09 14:34 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 023455744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 019284992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 015220224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 012960768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 012259840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 008903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 006444544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 006316792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 005767168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 005605560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 005309080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 004873728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 004344832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 003820976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 003428864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 002924344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-10-09 14:33 - 2019-10-09 14:33 - 002779784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 002349056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 002279304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 002096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-10-09 14:33 - 2019-10-09 14:33 - 002018304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-10-09 14:33 - 2019-10-09 14:33 - 001924976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplaySwitch.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001864704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001750528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001677816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001278808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 001272120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 001006392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000805296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000791864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000767800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000661096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000598328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000589824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000515448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-10-09 14:33 - 2019-10-09 14:33 - 000452992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000384272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2019-10-09 14:33 - 2019-10-09 14:33 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000290616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-10-09 14:33 - 2019-10-09 14:33 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-10-09 14:33 - 2019-10-09 14:33 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-10-09 14:33 - 2019-10-09 14:33 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-10-09 14:33 - 2019-10-09 14:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.OneCore.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000155968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmmc.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2019-10-09 14:33 - 2019-10-09 14:33 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxgraphics.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000065608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSTheme.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL
2019-10-09 14:33 - 2019-10-09 14:33 - 000038184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe
2019-10-09 14:33 - 2019-10-09 14:33 - 000030720 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2019-10-09 14:33 - 2019-10-09 14:33 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shunimpl.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 022135584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 017485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 009680400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 007698432 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 006928384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 006058032 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 005573016 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 005299712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 004737536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 004352472 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 004057088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 003978240 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 003634688 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 003198976 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 003000832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002848768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002839040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 002415928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002200376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002118656 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002110472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 002015400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001966392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001720120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-10-09 14:32 - 2019-10-09 14:32 - 001701176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001666232 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001522488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001484896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 001399608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001390888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-10-09 14:32 - 2019-10-09 14:32 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 001170432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-10-09 14:32 - 2019-10-09 14:32 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 001056056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000938296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000895560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000888120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-10-09 14:32 - 2019-10-09 14:32 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-10-09 14:32 - 2019-10-09 14:32 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000821048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000817464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000780408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000775216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000681720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000605368 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000588600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000508728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000505640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-10-09 14:32 - 2019-10-09 14:32 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000449368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000434952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000385336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000278416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.OneCore.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000224568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000201736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000193704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000163232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000156512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devobj.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000135816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devobj.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcl.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000104464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000086840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000079032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnppolicy.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSTheme.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000044912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe
2019-10-09 14:32 - 2019-10-09 14:32 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-10-09 14:32 - 2019-10-09 14:32 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-10-09 14:32 - 2019-10-09 14:32 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-10-09 14:31 - 2019-10-09 14:31 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-10-09 14:31 - 2019-10-09 14:31 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-10-09 14:31 - 2019-10-09 14:31 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2019-10-09 14:31 - 2019-10-09 14:31 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-10-09 14:31 - 2019-10-09 14:31 - 000608256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-10-09 14:31 - 2019-10-09 14:31 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000234808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000138552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000131384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000057656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000052536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2019-10-09 14:31 - 2019-10-09 14:31 - 000018744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2019-10-09 01:42 - 2019-10-09 23:01 - 000034352 _____ C:\Users\Duplat\Desktop\FRST.txt
2019-10-09 01:42 - 2019-10-09 23:00 - 000000000 ____D C:\FRST
2019-10-09 01:41 - 2019-10-09 22:39 - 001615872 _____ (Farbar) C:\Users\Duplat\Desktop\FRST64.exe
2019-10-08 03:38 - 2019-10-08 03:38 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Bungie
2019-10-07 21:01 - 2019-10-07 21:01 - 000000000 ____D C:\Users\Duplat\Documents\4A Games
2019-10-07 20:51 - 2019-10-07 20:51 - 000000000 ____D C:\Users\Duplat\AppData\Local\4A Games
2019-10-05 19:07 - 2019-10-05 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-10-05 19:07 - 2019-10-05 19:07 - 000000000 ____D C:\Program Files\qBittorrent
2019-10-05 06:29 - 2019-10-05 06:29 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Misfortune
2019-10-05 01:30 - 2019-07-17 04:37 - 000010148 _____ C:\Users\Duplat\Desktop\CalibratedDisplayProfile-6.icc
2019-10-03 18:42 - 2019-10-04 05:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-03 05:07 - 2019-10-03 05:07 - 002587896 _____ C:\Users\Duplat\Desktop\CSGO F2P FPS Pack by Panj.zip
2019-10-03 05:07 - 2019-10-03 05:07 - 000000000 ____D C:\Users\Duplat\Desktop\New folder
2019-10-03 02:25 - 2019-10-03 05:30 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\gamers-club-anti-cheat
2019-10-03 02:25 - 2019-10-03 02:25 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Gamers Club Anti-Cheat
2019-10-03 02:24 - 2019-10-03 02:24 - 000002570 _____ C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers Club Anti-Cheat.lnk
2019-10-03 02:24 - 2019-10-03 02:24 - 000000000 ____D C:\Users\Duplat\AppData\Local\gamers-club-anti-cheat-updater
2019-10-02 07:10 - 2019-10-02 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2019-10-02 07:09 - 2019-10-02 07:09 - 000000000 ____D C:\Program Files (x86)\Corsair
2019-09-30 22:34 - 2019-09-30 22:34 - 000000000 ____D C:\Users\Duplat\AppData\Local\1usmus
2019-09-30 22:27 - 2019-09-30 22:27 - 000014608 _____ (ATI Technologies Inc.) C:\WINDOWS\SysWOW64\Drivers\ssgdio64.sys
2019-09-30 18:33 - 2019-09-30 18:33 - 000418616 _____ C:\Users\Duplat\Desktop\Laudo_200266220_8feb9f87-2ec9-45ce-a1ef-0d1776a34b3e.pdf
2019-09-30 02:09 - 2019-09-30 08:20 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\FileZilla
2019-09-30 02:09 - 2019-09-30 02:37 - 000000000 ____D C:\Users\Duplat\AppData\Local\FileZilla
2019-09-30 02:09 - 2019-09-30 02:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-09-30 02:09 - 2019-09-30 02:09 - 007976792 _____ (Tim Kosse) C:\Users\Duplat\Downloads\FileZilla_3.45.1_win64-setup.exe
2019-09-29 19:56 - 2019-06-08 18:40 - 003441044 _____ C:\Users\Duplat\Desktop\improved-initiative.json
2019-09-29 19:56 - 2019-02-17 20:05 - 003563511 _____ C:\Users\Duplat\Desktop\improved-initiative (1).json
2019-09-29 19:55 - 2019-10-04 19:34 - 000000000 ____D C:\Users\Duplat\Desktop\BIOS updates
2019-09-27 02:52 - 2019-09-27 02:52 - 165617184 _____ (TunnelBear) C:\Users\Duplat\Desktop\TunnelBear-Installer.exe
2019-09-25 21:23 - 2019-09-25 21:23 - 000000773 _____ C:\Users\Duplat\Desktop\PUBG LITE.lnk
2019-09-25 21:23 - 2019-09-25 21:23 - 000000773 _____ C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PUBG LITE.lnk
2019-09-25 19:28 - 2019-09-25 19:28 - 000000000 ____D C:\Users\Duplat\AppData\Local\NVIDIA
2019-09-25 13:00 - 2019-08-01 10:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-09-24 22:06 - 2018-01-24 17:35 - 003509168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2019-09-24 22:06 - 2018-01-24 17:35 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2019-09-24 22:06 - 2018-01-24 17:35 - 000192944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000691648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000453240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000157304 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000139720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2019-09-24 22:06 - 2018-01-24 17:34 - 000090136 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 003677128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2019-09-24 22:06 - 2018-01-24 17:33 - 003205576 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 001780584 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 001591024 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000727400 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000708280 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000504272 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000445368 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:33 - 000253832 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 072520680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2019-09-24 22:06 - 2018-01-24 17:32 - 007178432 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 002922952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 001508896 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000743928 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000441232 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000253864 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2019-09-24 22:06 - 2018-01-24 17:32 - 000252840 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2019-09-24 22:06 - 2018-01-24 12:59 - 015726401 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-09-24 22:05 - 2018-01-24 17:32 - 001971336 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2019-09-24 22:05 - 2018-01-24 17:32 - 000332976 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2019-09-24 22:05 - 2018-01-24 17:32 - 000278240 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2019-09-24 22:05 - 2018-01-24 17:31 - 007101712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2019-09-24 22:05 - 2018-01-24 17:31 - 000118552 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2019-09-24 22:05 - 2018-01-24 17:31 - 000105272 _____ C:\WINDOWS\system32\audioLibVc.dll
2019-09-24 22:00 - 2019-09-24 22:00 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-09-23 02:19 - 2019-09-05 18:19 - 001683032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-09-23 02:19 - 2019-09-05 18:19 - 000228792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-09-23 02:19 - 2019-09-05 18:19 - 000047272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 001012432 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 001012432 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000876240 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000876240 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000447368 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000351944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-09-23 02:18 - 2019-09-06 15:29 - 000301264 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-09-23 02:18 - 2019-09-06 15:29 - 000301264 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-09-23 02:18 - 2019-09-06 15:29 - 000273104 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-09-23 02:18 - 2019-09-06 15:29 - 000273104 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-09-23 02:18 - 2019-09-06 15:28 - 011562376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-09-23 02:18 - 2019-09-06 15:28 - 009937104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 002051008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001550080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001477512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001247432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 001140616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000959424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000823552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000812800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000676096 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000658880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000632768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000544648 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-09-23 02:18 - 2019-09-06 15:27 - 000524168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 040444856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 035334536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 017300360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 014921096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 005358472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 004696968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 001726400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443630.dll
2019-09-23 02:18 - 2019-09-06 15:26 - 001491336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443630.dll
2019-09-22 22:05 - 2019-09-22 22:05 - 000000000 ____D C:\Users\Duplat\Documents\Call of Duty Modern Warfare
2019-09-21 13:54 - 2019-09-21 13:54 - 000000000 ____D C:\Users\Duplat\AppData\Local\Rockstar Games
2019-09-21 13:37 - 2019-09-21 13:37 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2019-09-21 13:36 - 2019-09-21 13:36 - 000000000 ____D C:\ProgramData\Rockstar Games
2019-09-20 23:02 - 2019-09-20 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-09-19 22:06 - 2019-09-19 19:57 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-09-19 22:06 - 2019-09-19 19:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-19 19:47 - 2019-09-19 19:47 - 011724288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 009941504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002177336 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002099752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001782272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001604760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001465472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001297120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001075832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-09-19 19:47 - 2019-09-19 19:47 - 000793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000763392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000660544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000409256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000349144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000195224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000173216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-09-19 19:47 - 2019-09-19 19:47 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000144080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imm32.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000140088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000106048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000098080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Display.BrightnessOverride.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000092832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-09-19 19:47 - 2019-09-19 19:47 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2019-09-19 19:47 - 2019-09-19 19:47 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2019-09-19 19:47 - 2019-09-19 19:47 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-09-19 19:47 - 2019-09-19 19:47 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-09-19 19:46 - 2019-09-19 19:47 - 003096576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 005569024 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 003082752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 002233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001733120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001721360 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001655976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001573240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001563880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001479184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001477432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001466880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001272560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdrecordcpu.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001267712 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001222160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001180248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001081656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000968192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000811024 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000807760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000782968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000774968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000740904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000736056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000678680 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000652832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000622392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000591160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000554000 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000540240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000535056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000515440 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000435712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000398928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingDiagSpp.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingDiagSpp.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000330672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000279416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000272648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdwriter.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000262336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000177176 _____ (Microsoft Corporation) C:\WINDOWS\system32\imm32.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000168248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000152080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000130872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000120344 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000114128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsiCx.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-09-19 19:46 - 2019-09-19 19:46 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2019-09-19 19:46 - 2019-09-19 19:46 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-09-19 19:46 - 2019-09-19 19:46 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-09-19 19:45 - 2019-09-19 19:46 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 003333984 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002767160 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002593032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002148864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001662264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001387512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001260560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 001191512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001183744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 001022824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000865576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000864568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000831288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000806568 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-09-19 19:45 - 2019-09-19 19:45 - 000806568 _____ C:\WINDOWS\system32\locale.nls
2019-09-19 19:45 - 2019-09-19 19:45 - 000799784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000793824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000751928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000732168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000675096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000652600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000649528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000603784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000520208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000405304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000402368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000396088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000347576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000330592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000310072 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000253256 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000248120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpprov.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureTimeAggregator.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000200504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000189712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000164504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000141736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000140600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000125016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000118480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmem.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-09-19 19:45 - 2019-09-19 19:45 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiskSnapshot.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000090632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000087056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-09-19 19:45 - 2019-09-19 19:45 - 000032784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000032568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsiAcpiClient.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2019-09-19 19:45 - 2019-09-19 19:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-09-19 19:45 - 2019-09-19 19:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-09-19 19:21 - 2019-09-19 19:21 - 021123128 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-09 22:53 - 2019-06-22 05:09 - 000000000 ____D C:\Users\Duplat\AppData\LocalLow\Mozilla
2019-10-09 22:53 - 2018-12-10 03:02 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-10-09 22:53 - 2018-09-15 04:31 - 000000000 ____D C:\WINDOWS\INF
2019-10-09 22:51 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-09 22:50 - 2018-11-02 17:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-09 22:50 - 2018-11-02 17:23 - 000000000 ___RD C:\Users\Duplat\3D Objects
2019-10-09 22:49 - 2018-11-02 22:01 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-09 22:49 - 2018-09-15 04:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-09 22:48 - 2018-12-10 02:46 - 000458736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-10-09 22:47 - 2018-12-10 03:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-09 22:44 - 2018-09-15 03:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-10-09 22:42 - 2019-04-24 22:29 - 000003144 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2019-10-09 22:42 - 2018-09-15 06:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-10-09 22:42 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-10-09 22:42 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-10-09 22:42 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-10-09 22:42 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-10-09 22:42 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-10-09 22:42 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-10-09 22:42 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-10-09 22:42 - 2018-09-15 03:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-10-09 20:59 - 2018-12-10 02:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-09 16:59 - 2018-11-03 00:01 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\discord
2019-10-09 14:45 - 2018-09-15 04:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-10-09 14:43 - 2018-11-14 16:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-10-09 14:38 - 2018-11-03 00:42 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-10-09 14:37 - 2018-09-15 06:11 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2019-10-09 14:37 - 2018-09-15 06:11 - 000018002 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-10-09 06:00 - 2019-07-10 00:09 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\Origin
2019-10-09 05:46 - 2018-11-03 06:33 - 000000000 ____D C:\ProgramData\Origin
2019-10-09 05:45 - 2018-11-03 06:36 - 000000000 ____D C:\Users\Duplat\AppData\Local\Ubisoft Game Launcher
2019-10-09 02:31 - 2018-11-02 23:35 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\vlc
2019-10-09 01:33 - 2018-12-10 03:04 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-09 01:33 - 2018-12-10 03:04 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-09 01:33 - 2018-11-02 17:30 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-07 18:58 - 2019-01-17 19:44 - 000004214 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1547765085
2019-10-07 18:58 - 2019-01-17 19:44 - 000001416 _____ C:\Users\Duplat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-10-07 01:58 - 2018-05-16 13:39 - 000000000 ____D C:\Nova
2019-10-07 01:08 - 2019-07-09 17:57 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2019-10-07 01:08 - 2019-07-09 17:57 - 000281688 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2019-10-06 21:30 - 2018-11-03 06:50 - 000000000 ____D C:\Users\Duplat\AppData\Local\Battle.net
2019-10-06 20:29 - 2018-11-03 06:50 - 000000000 ____D C:\Users\Duplat\AppData\Local\Blizzard Entertainment
2019-10-06 04:40 - 2018-11-04 05:56 - 000000000 ____D C:\Users\Duplat\AppData\Roaming\qBittorrent
2019-10-06 04:39 - 2019-05-25 08:51 - 000000000 ____D C:\TBBT
2019-10-05 23:38 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-05 20:20 - 2018-11-03 00:27 - 000000000 ____D C:\Users\Duplat\AppData\Local\D3DSCache
2019-10-05 19:39 - 2019-07-30 14:58 - 000000000 ____D C:\Users\Duplat\Desktop\IntelBurnTest
2019-10-05 19:37 - 2018-11-03 00:20 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-10-04 06:36 - 2018-11-03 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-10-04 05:52 - 2019-06-22 05:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-03 23:59 - 2018-11-03 00:20 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2019-10-03 23:55 - 2019-06-22 05:09 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-03 18:45 - 2019-03-19 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2019-10-03 18:30 - 2019-04-27 10:28 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-10-03 05:17 - 2018-11-02 23:40 - 000000000 ____D C:\Users\Duplat\AppData\Local\CrashDumps
2019-09-30 22:04 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-30 04:05 - 2018-05-16 19:26 - 000000000 ____D C:\Filmes
2019-09-27 00:12 - 2019-05-28 23:36 - 000074552 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2019-09-26 17:38 - 2018-11-02 21:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-25 19:40 - 2018-11-02 22:19 - 000000000 ____D C:\Users\Duplat\AppData\Local\NVIDIA Corporation
2019-09-25 14:30 - 2019-08-03 11:49 - 000067152 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2019-09-25 14:29 - 2019-07-19 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2019-09-25 14:29 - 2019-07-19 05:47 - 000000000 ____D C:\Program Files\HWiNFO64
2019-09-25 12:58 - 2018-11-02 22:01 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-09-25 12:58 - 2018-11-02 22:01 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-09-25 12:58 - 2018-11-02 17:36 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-09-24 22:32 - 2018-12-09 23:05 - 000000000 ____D C:\Users\Duplat\AppData\Local\ElevatedDiagnostics
2019-09-24 22:07 - 2019-07-14 12:17 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-09-24 22:07 - 2018-11-02 22:16 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-09-24 22:04 - 2018-11-03 10:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-09-23 18:37 - 2018-11-02 17:32 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-23 18:37 - 2018-11-02 17:32 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-23 18:37 - 2018-11-02 17:32 - 000002270 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-21 13:55 - 2018-12-14 20:25 - 000000000 ____D C:\Program Files\Rockstar Games
2019-09-21 13:55 - 2018-12-14 19:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-09-21 13:54 - 2018-11-03 00:27 - 000000000 ____D C:\Users\Duplat\Documents\Rockstar Games
2019-09-21 13:36 - 2018-11-02 22:12 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-20 23:02 - 2019-07-20 08:07 - 000002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-20 23:02 - 2019-07-20 08:07 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-20 23:01 - 2018-11-22 02:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-19 23:52 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\tracing
2019-09-19 22:00 - 2018-09-15 04:33 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-09-19 21:59 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-09-19 20:06 - 2019-01-26 04:05 - 000000000 ____D C:\WINDOWS\Minidump
2019-09-19 19:21 - 2018-12-10 03:04 - 000004602 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-09-19 19:21 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-09-19 19:21 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-09-18 20:49 - 2018-12-10 03:04 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2019-09-18 20:48 - 2018-11-04 06:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-09-18 20:39 - 2019-07-01 07:03 - 000004548 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-09-18 20:18 - 2019-05-29 18:19 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-09-18 20:18 - 2019-05-29 18:19 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk

==================== Files in the root of some directories ================

2019-04-01 00:42 - 2019-04-01 00:42 - 000000037 _____ () C:\Users\Duplat\AppData\Roaming\prio.ini
2018-12-27 01:10 - 2018-12-29 02:10 - 000001456 _____ () C:\Users\Duplat\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-12-27 10:03 - 2018-12-27 10:03 - 000000000 _____ () C:\Users\Duplat\AppData\Local\oobelibMkey.log
2018-12-26 23:16 - 2018-12-26 23:16 - 000002201 _____ () C:\Users\Duplat\AppData\Local\recently-used.xbel
2018-11-10 19:11 - 2019-01-31 01:25 - 000007600 _____ () C:\Users\Duplat\AppData\Local\Resmon.ResmonCfg
2019-06-14 00:06 - 2019-06-23 18:13 - 000000070 _____ () C:\Users\Duplat\AppData\Local\update_progress.txt

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-10-2019 01
Ran by Duplat (09-10-2019 23:02:49)
Running from C:\Users\Duplat\Desktop
Windows 10 Pro Version 1809 17763.805 (X64) (2018-12-10 06:05:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2979426330-1067282791-1430516834-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2979426330-1067282791-1430516834-503 - Limited - Disabled)
Duplat (S-1-5-21-2979426330-1067282791-1430516834-1001 - Administrator - Enabled) => C:\Users\Duplat
Guest (S-1-5-21-2979426330-1067282791-1430516834-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2979426330-1067282791-1430516834-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.0.0.1192 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.2.2 - Electronic Arts, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
AudioSwitch (HKLM-x32\...\AudioSwitch_is1) (Version: 2.2.2.0 - )
Backup and Sync from Google (HKLM\...\{6DBCF61B-9281-4F9F-9022-7177D22B28A4}) (Version: 3.46.7175.2662 - Google, Inc.)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.5.5 - Andrew Sampson)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 77.0.69.132 - Brave Software Inc)
Call of Cthulhu (HKLM-x32\...\Call of Cthulhu_is1) (Version:  - )
CORSAIR iCUE Software (HKLM-x32\...\{2CF39684-9A16-483E-897B-F92F4D64C2EF}) (Version: 3.20.80 - Corsair)
CPUID CPU-Z 1.89 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.89 - CPUID, Inc.)
Dauntless (HKLM\...\{03AFDFA7-7A23-41B1-AAC2-3898591127D3}) (Version: 1.00.0000 - Phoenix Labs)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.5.0.12 - GOG.com)
ENE_EHD_HAL (HKLM\...\{B8140D28-2CA7-4F6A-8818-BF093C3F3225}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_HAL (HKLM-x32\...\{06ebd5ee-cb8a-487e-a83c-832dab840571}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{A398FCC0-8E8B-409E-90E9-ACF4671633F2}) (Version: 1.1.183.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - )
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version:  - Ubisoft)
FileZilla Client 3.45.1 (HKLM-x32\...\FileZilla Client) (Version: 3.45.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
Gamers Club Anti-Cheat 3.0.68 (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\5336d6e5-cfd5-580d-976b-0c07db708c28) (Version: 3.0.68 - Gamers Club Engeneering)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HWiNFO64 Version 6.12 (HKLM\...\HWiNFO64_is1) (Version: 6.12 - Martin Malik - REALiX)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Little Misfortune (HKLM\...\SKIDROW - Little Misfortune) (Version:  - SKIDROW)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.4 - Electronic Arts)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11328.20420 - Microsoft Corporation)
Microsoft Office 365 ProPlus - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.11328.20420 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
MiPony 3.0.5 (HKLM-x32\...\MiPony) (Version: 3.0.5 - )
Mozilla Firefox 69.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.2 (x64 en-US)) (Version: 69.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
MSI Afterburner 4.6.0 (HKLM-x32\...\Afterburner) (Version: 4.6.0 - MSI Co., LTD)
MTG Arena (HKLM-x32\...\{72DCA778-E873-42AC-AE1F-B2C14DCBF54C}) (Version: 0.1.1015.0 - Wizards of the Coast) Hidden
MTG Arena (HKLM-x32\...\MTG Arena 0.1.1015.0) (Version: 0.1.1015.0 - Wizards of the Coast)
NetLimiter 4 (HKLM\...\{D8EB2152-FF07-4BA1-8361-0A64CBCFA58F}) (Version: 4.0.50.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.50.0) (Version: 4.0.50.0 - Locktime Software)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.2 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.3.0.0 - Duodian Technology Co. Ltd.)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden
Opera Stable 63.0.3368.107 (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Opera 63.0.3368.107) (Version: 63.0.3368.107 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.48.31055 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
PUBG Lite (HKLM-x32\...\PUBG Lite_is1) (Version: 1.0.0.6 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 4.1.8 (HKLM-x32\...\qBittorrent) (Version: 4.1.8 - The qBittorrent project)
Quick CPU (HKLM-x32\...\{41F4C8EE-903D-4EB5-B6EB-75413BF496DE}) (Version: 3.0.1.0 - CoderBag)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8356 - Realtek Semiconductor Corp.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.0528.1 - GIGABYTE)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.4.116 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.2.5 - Rockstar Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Twitch (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VMR Connect version 1.2.3.0 (HKLM-x32\...\{A3135D26-0857-4E51-A491-B4CEDF9B1A2C}_is1) (Version: 1.2.3.0 - VLC Mobile Remote)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-06-12] (Adobe Systems Incorporated)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.27.2643.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Microsoft People -> C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.89.355.0_x64__mcm4njqhnhss8 [2018-12-28] (Netflix, Inc.)
Night Eye -> C:\Program Files\WindowsApps\43069RAZORdeveloper.NightEye_1.9.4.0_neutral__c9kkezg6y739m [2018-12-10] (RAZORdeveloper)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-12-13] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.177.0_x64__dt26b99r8h8gj [2019-07-14] (Realtek Semiconductor Corp)
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_1.5.4.0_x64__t4vj0pshhgkwm [2019-01-10] (Telegram Messenger LLP)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-12-10] (Nik Rolls)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{5C4D8D49-A0EE-41E0-98D5-B8E1A2A63328} -> [MEGAsync] => C:\Users\Duplat\Documents\MEGAsync [2019-05-25 08:58]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-12-31] (Notepad++ -> )
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-09-28] (Google LLC -> Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-09-28] (Google LLC -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-09 13:40 - 2019-04-09 13:40 - 000015872 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libEGL.DLL
2019-04-09 13:40 - 2019-04-09 13:40 - 002786816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libGLESv2.dll
2019-09-11 17:04 - 2019-09-11 17:04 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2019-09-11 17:02 - 2019-09-11 17:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-03-05 11:07 - 2019-03-05 11:07 - 000642048 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-03-05 11:06 - 2019-03-05 11:06 - 000364544 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-09-09 11:29 - 2019-09-09 11:29 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2019-09-09 11:30 - 2019-09-09 11:30 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2019-09-09 11:30 - 2019-09-09 11:30 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2019-08-13 16:11 - 2019-08-13 16:11 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2019-08-19 08:04 - 2019-08-19 08:04 - 001298944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LIBEAY32.dll
2019-08-19 08:04 - 2019-08-19 08:04 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ssleay32.dll
2019-04-09 13:48 - 2019-04-09 13:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qgif.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qicns.dll
2019-04-09 13:48 - 2019-04-09 13:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qico.dll
2019-04-09 13:50 - 2019-04-09 13:50 - 000364032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qjpeg.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qsvg.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtga.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000331776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtiff.dll
2019-04-10 19:26 - 2019-04-10 19:26 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwbmp.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwebp.dll
2019-04-09 13:50 - 2019-04-09 13:50 - 001192960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\platforms\qwindows.dll
2019-04-09 13:42 - 2019-04-09 13:42 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Concurrent.dll
2019-09-11 17:47 - 2019-09-11 17:47 - 005087232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll
2019-04-09 13:44 - 2019-04-09 13:44 - 005353984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Gui.dll
2019-04-10 20:28 - 2019-04-10 20:28 - 000576512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Multimedia.dll
2019-04-09 13:44 - 2019-04-09 13:44 - 001042944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Network.dll
2019-04-10 20:14 - 2019-04-10 20:14 - 003359232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Qml.dll
2019-04-10 20:09 - 2019-04-10 20:09 - 003181056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Quick.dll
2019-04-10 20:56 - 2019-04-10 20:56 - 000142336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickControls2.dll
2019-04-10 20:55 - 2019-04-10 20:55 - 000849920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickTemplates2.dll
2019-04-10 20:27 - 2019-04-10 20:27 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Scxml.dll
2019-04-09 13:42 - 2019-04-09 13:42 - 000156672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Sql.dll
2019-04-10 19:27 - 2019-04-10 19:27 - 000265728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Svg.dll
2019-04-09 13:47 - 2019-04-09 13:47 - 004532224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Widgets.dll
2019-04-10 20:40 - 2019-04-10 20:40 - 000444416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5WinExtras.dll
2019-04-09 13:41 - 2019-04-09 13:41 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Xml.dll
2019-04-10 20:51 - 2019-04-10 20:51 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-04-10 20:51 - 2019-04-10 20:51 - 000056320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-04-10 20:12 - 2019-04-10 20:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick.2\qtquick2plugin.dll
2019-04-10 20:58 - 2019-04-10 20:58 - 000456192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-04-10 20:56 - 2019-04-10 20:56 - 000271360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-10 20:13 - 2019-04-10 20:13 - 000072192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-10 20:56 - 2019-04-10 20:56 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-04-10 20:12 - 2019-04-10 20:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Window.2\windowplugin.dll
2019-04-09 13:49 - 2019-04-09 13:49 - 000122880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 20:38 - 2018-04-11 20:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Duplat\Desktop\crgo8dzcxh421.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: aim_LSService => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: brave => 2
MSCONFIG\Services: bravem => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: EasyTuneEngineService => 2
MSCONFIG\Services: gadjservice => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: OcButtonService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: prio_svc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: uncheater_bgl => 3
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Screen+"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "TranslucentTB"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Actual Window Manager"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "NoxDaemon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{48EE09A7-D948-4CC4-A816-BC62C71B1CB0}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{51D9CE87-8C30-4EB5-B670-AF73F7671247}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe No File
FirewallRules: [{ED9EF4D8-A6C7-457D-8CA4-225A0F50F68B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{BB24F7A6-0733-40F2-95D3-83102AD22D08}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{6EB5213B-461F-481A-9219-9B9D3CDCF9F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of Nations\patriots.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{3CBD165D-6F8F-4324-B7CB-781AB2A58224}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of Nations\patriots.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{389504B4-126F-4F3B-9C26-1E9E927E137B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{FFB30302-B73C-4E0E-BDE8-FEF7DCCF853A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{7E58A9E1-2D21-41D6-9FF7-1230FE36ABDD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{77F602BD-D4B5-44E3-AB76-8A00EB81E50A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [UDP Query User{024EC3B3-9BDD-4535-94EC-B87A452A0D4C}D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [TCP Query User{66094D79-27F9-4F67-AF33-F3F8638C6F24}D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [{6878B676-809A-4930-A51E-C665491AED6F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{2AD5F4FF-DDDA-45A1-A952-53966001937E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{126F5A86-0A1E-429C-8826-E09BAD2588C8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{1A7515D6-4701-451D-AA31-C2046CDE78A1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [UDP Query User{63BC745F-E429-47CF-BFA8-110AF37ACAA0}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{08045DFF-425A-4289-BAB0-6F2607A1ED16}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{4B5F68AA-7659-4B5D-8F80-A7FEAA7E22F0}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [TCP Query User{AA257137-E7B6-4203-8A60-7428172516A6}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe No File
FirewallRules: [UDP Query User{EAD35183-9FD6-45B4-8151-FD3C59C822CD}D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{CB1511C7-0206-4F1C-B73F-16876542B214}D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{ABDF02FB-5E2F-4FC0-835D-80FDD3F89EAD}D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{9312C455-2B28-4C45-8872-9437B33B911F}D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe No File
FirewallRules: [{5A02FB9A-9E5D-499A-8A8D-1027BB5FEA60}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{775F7A21-A1DC-4559-8B12-7D896856A205}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{911B8861-5DA1-40B2-AD8A-966E8AB58A38}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{BCB00455-2925-4A0B-BD3D-6879ECD4117A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{5C6A6C9E-963A-4488-B58E-4A982169F96D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{657F2683-FB75-4EA8-A7C6-DE805655988C}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe No File
FirewallRules: [{A51A2661-6A97-44A6-9690-4AFC2B7D65BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{B0C7307A-1CBD-4A43-AEB8-354430098C36}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{C2759DED-F7F6-4BB7-9C50-28A561949776}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe (Marek Ziemak -> )
FirewallRules: [{9E60AB9B-FF41-4E72-B875-6B8A593AB53D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe (Marek Ziemak -> )
FirewallRules: [{1A386060-A9F3-4F34-A1CB-DE3C4F1EA2A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe () [File not signed]
FirewallRules: [{2845A132-29B6-4CEA-9C1D-71253199E11C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe () [File not signed]
FirewallRules: [{36B5B3AF-8CD1-4255-A810-3650B71FD0DC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{A88290E8-D045-4EFD-9CE2-92206451CA98}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed]
FirewallRules: [{237579F2-F15A-4E57-9541-DA39A6D40AAD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Secret World Legends\ClientPatcher.exe (FUNCOM OSLO AS -> Funcom)
FirewallRules: [{66C6D667-344D-4161-88F1-CEAF157ECD4C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Secret World Legends\ClientPatcher.exe (FUNCOM OSLO AS -> Funcom)
FirewallRules: [{179CD858-E642-4FB8-92F9-F72273CC5D19}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{BD2C36D7-ECFA-4BF8-B258-13082B81D645}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{92A05A35-EFA2-49D9-B4D3-23E3DEC0E057}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{FA854709-E2AB-4F62-90E5-E3DE8A611F6F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{75A9F823-2B33-4D0E-8426-925236854284}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation) [File not signed]
FirewallRules: [{B40134A3-9E88-4A18-961E-24897D245BA9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation) [File not signed]
FirewallRules: [{8FF4A0D0-9BF1-4352-A33D-0663E2EC31E7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed]
FirewallRules: [{5D222723-DA1F-463E-9526-182CDD131D43}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed]
FirewallRules: [{3CEB0939-3848-4EE1-8CFA-58440D17C322}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{5C09F0BF-080E-4691-818D-E1B68FECEE02}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{A26CB269-4326-4FFF-A141-347BE18E55E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe (Zeboyd Games) [File not signed]
FirewallRules: [{3FC8FCCD-8BB6-44CF-970B-8EC11DE10474}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe (Zeboyd Games) [File not signed]
FirewallRules: [{69088BF2-7F38-479D-9C37-A578452455C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Magicite\Magicite.exe () [File not signed]
FirewallRules: [{B0B0F156-2A3C-4997-B2AE-4586F4C449A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Magicite\Magicite.exe () [File not signed]
FirewallRules: [{46A16DCA-CFCB-493A-AB2E-4E9D3C7DE769}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe () [File not signed]
FirewallRules: [{0118B36B-BAFD-4989-93DC-1EB9E9A3BF59}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe () [File not signed]
FirewallRules: [{FF192F8F-53E9-45D6-BC6F-DE1E6E12589B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games)
FirewallRules: [{046ED7E6-16EA-471F-B51C-E41602684FAF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games)
FirewallRules: [{8792C873-7BE8-4709-8020-BD0BA205F9D9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe () [File not signed]
FirewallRules: [{6B61F6D2-1A3C-44EE-A259-FAD9D6B729D7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe () [File not signed]
FirewallRules: [{7C5A8138-5CB2-4F29-977D-5D3000D3B4E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe () [File not signed]
FirewallRules: [{BB64C97B-CBB2-411E-92E5-5C10BABA341B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe () [File not signed]
FirewallRules: [{5CDE1D0C-D5C5-4383-B052-24B9A27A931D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe No File
FirewallRules: [{6A73D46A-5C09-46F1-A4E7-557DB658E61F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe No File
FirewallRules: [{731B77E5-130D-4EF2-B9AB-6EA9984BE555}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe (Remedy Entertainment Ltd. -> )
FirewallRules: [{3769F95D-4C01-4DE5-8253-60B3C5BC450F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe (Remedy Entertainment Ltd. -> )
FirewallRules: [UDP Query User{C9E3D405-5F7A-4463-B181-4AB9DF396258}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{C578BE65-E98E-4ED7-989B-9413FCA968F6}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File
FirewallRules: [{2AC3BBF3-59AA-4EE6-BD73-3C7E7D084115}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{C937EFF5-55B9-4050-AC3C-9873C35A1144}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{A4A4BC54-B8DF-4F14-A481-DCEBCC417BC9}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{B461E570-F83B-4A39-8FBE-74362E7DA7F8}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed]
FirewallRules: [{D57180B9-552D-4182-9A8E-EA21BC1B0FC4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{4AA28276-A5AA-4252-8DC5-239665A76FE0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{CA004B1D-9D82-4EA9-8D41-A39B2BE77B8C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{252AB6DF-D54F-4023-B67F-567E78C3B8EF}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{E2BCB1F4-AC2A-4D35-B134-8C024B8DDCD1}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BECB06BA-25D9-4D67-AB3E-3C27CC629CF8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{770FFEC1-8F86-4F1F-A721-85111E94B66F}D:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) D:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{9D28CFEC-4A05-4DD8-9A0B-FD0EA3286435}D:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) D:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{4FE36C4E-D6D5-4D7B-A7C5-1BD34F782D68}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{CFC93580-4F12-419E-A9A4-5D60655CC468}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{809DBAA9-44BB-4CEE-96C1-203A52033B3C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{5363911F-7A57-46F4-8BA5-AD22B38F3C3C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{8F9DFCDB-3A43-4DAE-85A7-D39C28E23C80}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{957D0F26-E4DA-441D-854D-5A885E98649A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1FBD4D2E-FBD1-4496-8F7E-A732FB275963}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8786D9B-00CE-4077-9B69-99F0414CDE90}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED519612-75BA-4296-A51B-984FC5556A09}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5B2738A-5D97-4992-9AED-96857596BB1F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{4F6B7CF3-F9E6-437A-9DEB-A87EEFD96813}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{68337F8D-33FA-441C-AA2A-6CEFC9F2BAA4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe No File
FirewallRules: [{1DA50655-D338-4D5C-8D69-57057BEF54B7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe No File
FirewallRules: [{CC0FD976-5CCD-4E86-B4CE-EA15DBDB1763}] => (Allow) LPort=9009
FirewallRules: [{E2B70FD8-11A0-482C-99F4-0574F20DF05A}] => (Allow) LPort=9009
FirewallRules: [{2E89958C-AC5C-4729-BD66-91B74331D3D3}] => (Allow) LPort=9009
FirewallRules: [{9D2E2E61-126D-42C5-AE02-173FEE95C2B0}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{EC6CA6D3-2ACE-4B6D-9A47-0D9D62D5D65F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{EDDF1ECE-5D94-4326-B6A1-82A186A006F3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{87687B6B-F8E3-443E-94BB-9CB751570C31}] => (Allow) LPort=9009
FirewallRules: [{4946F1EE-88E0-4786-AC2F-84B89696F55E}] => (Allow) LPort=9009
FirewallRules: [{04414CC0-E465-4FF8-AA48-C223F7B6773E}] => (Allow) LPort=9009
FirewallRules: [{8A5C1187-1155-4D48-B3B5-0ADFB121D367}] => (Allow) LPort=9009
FirewallRules: [{AAF48710-05BF-42D3-B53D-5028A7FA8772}] => (Allow) LPort=9009
FirewallRules: [{6F763511-82FC-4EDB-BB37-9D51E42EBC9F}] => (Allow) LPort=9009
FirewallRules: [{AFB78C3F-B0ED-42BB-9C4D-A1D6A34E00AF}] => (Allow) LPort=9009
FirewallRules: [{E39F510A-08EA-4887-BC11-4046C9044B90}] => (Allow) LPort=9009
FirewallRules: [{B1A42D65-4874-48B9-81BE-E497D9F51990}] => (Allow) LPort=9009
FirewallRules: [{7C1DDFD8-C7AC-4CCB-BB7B-F4AE4822EFB8}] => (Allow) LPort=9009
FirewallRules: [{22DFED0C-AC9B-4E88-829B-6FD1960B0CAA}] => (Allow) LPort=9009
FirewallRules: [{6A8400FA-4192-4DB4-BC2F-8D5B49E2221D}] => (Allow) LPort=9009
FirewallRules: [{0B1BED5C-A7F3-4D29-B5E3-2B9636969664}] => (Allow) LPort=9009
FirewallRules: [{99D9DB0A-53A8-4AA7-9F98-CF41F8B3C411}] => (Allow) LPort=9009
FirewallRules: [{0507CB8B-6C35-4F1A-ACA7-E98BE0E2806D}] => (Allow) LPort=9009
FirewallRules: [{9955FA05-55EF-4B07-B1AE-1E6859992B25}] => (Allow) LPort=9009
FirewallRules: [{00488E9E-3EBF-42DC-BD63-C8FA16BC241B}] => (Allow) LPort=9009
FirewallRules: [{9618C31C-0D73-4563-AAD8-91004E4DCD93}] => (Allow) LPort=9009
FirewallRules: [{16B823F0-65CD-41DA-B651-6E7B7AE2B959}] => (Allow) LPort=9009
FirewallRules: [{74443F33-8DC4-44E7-8395-8EDA40740504}] => (Allow) LPort=9009
FirewallRules: [{F8312CB7-3F18-4B4C-85F6-61E6754B584C}] => (Allow) LPort=9009
FirewallRules: [{1BAF156F-65FC-4A6D-BD5E-826B3119C00A}] => (Allow) LPort=9009
FirewallRules: [{416D088D-2CAB-4E41-A79D-8108988A2EA2}] => (Allow) LPort=9009
FirewallRules: [{B8EAD117-7C88-490D-B76C-941BF578F2EC}] => (Allow) LPort=9009
FirewallRules: [{44B89C3B-9721-4090-B6CC-2214CD716BF7}] => (Allow) LPort=9009
FirewallRules: [{4B78F361-AF8D-4C36-A574-81578BDADB1C}] => (Allow) LPort=9009
FirewallRules: [{45AE23A9-A05A-490D-A003-6D81807B98C3}] => (Allow) LPort=9009
FirewallRules: [{5D0361D5-A309-45EB-9F95-7C5DF28A5F59}] => (Allow) LPort=9009
FirewallRules: [{DD1F0D3E-09DC-42C8-B207-E7DB208F41C5}] => (Allow) LPort=9009
FirewallRules: [{1CA6B0E2-28BB-4334-8055-16F7C254869F}] => (Allow) LPort=9009
FirewallRules: [{2B918E9B-A3B2-445F-B173-97DDF3BDE95C}] => (Allow) LPort=9009
FirewallRules: [{CA4A7291-70CC-4354-9B01-4D88007D3D02}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{C5862EBE-2648-48D0-87D2-03EFE3725B70}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{6119E4A7-C9F1-4974-A807-6A1C309CAFD8}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{02735B30-75E6-440B-B692-65C99DC03478}] => (Allow) LPort=9009
FirewallRules: [{7F7E2EBD-2CF1-4A4F-A378-00FB50051AFB}] => (Allow) LPort=9009
FirewallRules: [{AD100F57-1AF8-4881-B115-4B991AB2177D}] => (Allow) LPort=9009
FirewallRules: [{E6852746-E88E-405A-A40E-C4DF74DCE009}] => (Allow) LPort=9009
FirewallRules: [{D7690D02-DBC1-4B96-B9C1-0CC9C8297B1A}] => (Allow) LPort=9009
FirewallRules: [{87774665-37E3-4892-A10F-CFCA4F58D44D}] => (Allow) LPort=9009
FirewallRules: [{28D6206D-737C-4110-AF2F-33E761E2BBA4}] => (Allow) LPort=9009
FirewallRules: [{009ECC04-6D3A-4144-A8A0-1DBA4520A5BE}] => (Allow) LPort=9009
FirewallRules: [{84AD50DF-59AA-433D-A7B8-5FAAA17A0339}] => (Allow) LPort=9009
FirewallRules: [{2267C91F-BD87-46F2-B26D-A04783E61F4D}] => (Allow) LPort=9009
FirewallRules: [{EE100B6D-AE18-4246-B77C-7FF4F9861746}] => (Allow) LPort=9009
FirewallRules: [{409585FD-641F-406D-83E4-C5B5FC110B59}] => (Allow) LPort=9009
FirewallRules: [{A7C56AE0-27FE-43A4-AC76-6F5AAF8756F5}] => (Allow) LPort=9009
FirewallRules: [{490F7E01-C273-4BA2-926E-F90BEBC7B2A9}] => (Allow) LPort=9009
FirewallRules: [{5A13C48C-A378-41D0-8475-1631DB5EAFB0}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{EFC991C9-F605-4020-B4E9-8DC9E96A51EA}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{FA5CA709-1A55-4489-9910-E6FCBB4428D4}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{EB329487-2172-4BE9-ABB5-4ED072C74C7E}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{DB70C80D-65D8-4B47-B7A9-ECDBBCA3B183}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{3E1FFB83-F922-4991-9928-3EAD9FC32C67}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{6F560A4F-A34E-4130-A0AB-1C7E3E547640}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [TCP Query User{C1128FA0-59A4-487F-9BA1-877A609B159A}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{37923856-069E-4282-8469-71FD2001BB17}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{3185A879-556A-464C-8D48-21C12A9840F5}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{F9EAC156-57B7-4CC7-B0C0-2F8618EAD81E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{802DBCEC-68B3-49FD-98A4-9C8597CB570A}D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe] => (Allow) D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{E66C4917-B0E6-4EF8-9F71-8DBE0C684BD7}D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe] => (Allow) D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{6B908A39-D9A8-4FB9-A611-3C9A238510CF}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{1393D183-A4A6-4867-80E5-0BDE81ABB8D2}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{7D55F9DF-292A-477E-A65B-A2738693DA32}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A55F06B1-90DF-4451-8558-C181529C567B}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{2141CA7F-17B0-4328-9CAE-A1FEF2B271A8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{A35F7A67-BCC4-497D-8F89-7D7F0095F4AD}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F211D123-5F20-422D-BB65-75578E045647}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{882688C5-1FA6-4338-8C5E-3B630CDC353C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{CF252B37-4F48-47E0-9CC2-6649165F74E6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{48113EAA-67C9-4772-AB9C-100E93FD3E9C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [TCP Query User{6863AF9B-F452-4D3D-A6F1-165102F2123E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{D1DF1264-0A8C-4312-A614-290675E3904D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{92656738-4617-4BA7-9822-C44CDC20CD8D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pandemic Express\Bin\win_x64\PandemicExpress.exe No File
FirewallRules: [{F2F0060D-ECBE-436A-A902-8A189D8E6430}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pandemic Express\Bin\win_x64\PandemicExpress.exe No File
FirewallRules: [{2B59489B-C086-40FA-B119-AAA58B3A93D2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe No File
FirewallRules: [{D89F5046-9381-46E2-95AE-E22BA22F8A9D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe No File
FirewallRules: [TCP Query User{3A73C1F1-ADD1-42F3-8073-DB16654F52AC}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [UDP Query User{5E65FFCA-51A1-4B3E-BC6A-F0E5A34E4636}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works)
FirewallRules: [{F3748818-C038-4476-8EED-594BC64A7072}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe (Frontier Developments Ltd) [File not signed]
FirewallRules: [{815EB672-817E-4D67-83CA-7CF837ACF337}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe (Frontier Developments Ltd) [File not signed]
FirewallRules: [TCP Query User{FB81BAFF-9926-4B5E-8C71-C2274E40D471}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{ED5BF280-82A6-4689-871A-BAA671D02C5D}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{BA6D6B51-B868-4C73-982E-7C94BB3AF6F8}D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe No File
FirewallRules: [UDP Query User{A9BFB6C8-B746-4830-9E54-B2BA512BC117}D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe No File
FirewallRules: [TCP Query User{D9BCD5EB-CBDE-4046-A179-E8062A51CB22}D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed]
FirewallRules: [UDP Query User{5BFF66A7-9C1B-4633-80C3-5C6C6EF3E2F2}D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed]
FirewallRules: [{774338CE-78DF-4E92-A4FE-BA94C1DAABD4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A92BAD2-E852-4516-B096-9C87093882FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3BF3106C-6B56-4611-9AAF-75669E491FF7}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{8910EA05-16E6-478D-912D-B1E67C834E23}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [{F0AE905B-5BE9-4D0E-9EC9-9F8A227EF4D0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{B7467F85-6D38-4C45-BD54-6DBC9709A495}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{6EBAEB3B-9327-4440-9014-11217CC0A0CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{C41FC74F-76D3-496E-9593-B9687C8C6157}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{A2171132-43E4-4859-9C3C-22238241170C}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{6F5B7542-9E52-46D1-A76F-F2E592C6BFE6}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{D654BAA4-DD25-4514-8BDD-4EBDD3C71C24}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{2D0D1DFA-5347-4BD2-8175-71C8783EB500}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [{95A67440-F63F-432F-9E0E-98624F3231AE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.)
FirewallRules: [{94F18F66-5FDB-4C8B-AC31-CFCC244FC00C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.)
FirewallRules: [TCP Query User{7D7C17E4-8F68-43CE-8385-9ED59F72ECF7}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [UDP Query User{264EFBD2-CC58-4332-AC0F-0AE9184DB11F}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [TCP Query User{242DFB03-7FA7-409A-9B7E-32F8C3018961}D:\program files (x86)\heroes of newerth\hon.exe] => (Allow) D:\program files (x86)\heroes of newerth\hon.exe No File
FirewallRules: [UDP Query User{A808E717-6840-4DAA-97F1-DA48FB531937}D:\program files (x86)\heroes of newerth\hon.exe] => (Allow) D:\program files (x86)\heroes of newerth\hon.exe No File
FirewallRules: [{C3A204AD-B983-4975-8CC4-3B98D7CC6328}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [{36C19CFF-DB02-4B2A-A8D0-6561DDF6E1A5}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [{05A7B4FA-153F-47A1-B8C9-B4D52C76AE58}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [{5FD0D9C0-63B9-49F0-8F52-AA7978BFE503}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH)
FirewallRules: [TCP Query User{94EBBAFA-CE2F-482C-BEF2-1338CEB0687F}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe (www.mipony.net -> ) [File not signed]
FirewallRules: [UDP Query User{3ADEFA27-50FE-4BEA-8572-C8952728EAF9}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe (www.mipony.net -> ) [File not signed]
FirewallRules: [{42F34E8E-831C-45AB-A21F-58EEA284694F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{97EB6E38-75F3-4AC2-B37A-C6566FA0552C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{22421E47-F02D-4A04-A9F7-140F5D54819B}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{ABBE715B-9E7F-4FE7-BD0D-A0767862F77D}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [TCP Query User{19D68C8E-D3F2-41ED-8529-DCFA96C1BD6C}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
FirewallRules: [UDP Query User{2A6FEE49-59CC-4ECA-A718-7534A277BF7D}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
FirewallRules: [{1FEA261F-E5BA-43CE-B3EF-334016D81252}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C5E483FD-8CDC-4A6A-9B7C-E757606759AA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{4928633F-6240-480A-A2A3-D8CD33FE693B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{3FB82226-05E3-4E12-B36E-41BA6A274E63}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{2391B1D4-4692-4744-8DB9-BC3F6F2215B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [TCP Query User{6A444315-DB10-4979-994F-6772B5F76059}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [UDP Query User{D68FA08D-D7BC-4706-8312-C6A43039C84C}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [TCP Query User{56694041-2190-4525-8E31-0AE35878F4D3}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [UDP Query User{12195111-69A8-4BDE-80C5-E5ED9C91BCDE}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{3815C04C-0E05-4357-A9DD-1D5B9281164D}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{E15207E5-D614-402F-9EB1-CB1B5CB916F9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{63E35652-AA1F-49DA-8075-4B3ADBA87BF1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{A8DC18A8-14B3-4F22-8390-EF61C6FA1A99}D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{FED66F0E-4FBB-4EEA-AE05-518FA6995FF4}D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{B436417E-8817-4F6B-929E-14F2A32E0B0F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{E044FC5D-9A63-424E-8308-BEA4562B411C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{7DBBE20A-7462-4A32-AB3B-D52EA8704130}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{7162C09E-464F-44F7-B22B-38E38DBC5FD4}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

==================== Restore Points =========================

02-10-2019 07:06:13 Installed CORSAIR iCUE Software
09-10-2019 14:17:21 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2019 10:50:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 4216, ProfSvc PID: 2012.


System errors:
=============
Error: (10/09/2019 10:53:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (10/09/2019 10:51:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS)
Description: Unable to start a DCOM Server: ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppX0kb1wv51yacfv58jnrprgtyj3c0t775x.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppX9n879r3et3x3b24eqasexpgc3412rn2m.mca

Error: (10/09/2019 10:51:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS)
Description: Unable to start a DCOM Server: AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppXgrtg5zk0qzd58y4kdyd4g0wpzdp7rhmf.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppXj7d2pwbjt1by8j1s5wak729xa46cf4br.mca

Error: (10/09/2019 10:50:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/09/2019 10:48:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/09/2019 10:48:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F42a 07/31/2019
Motherboard: Gigabyte Technology Co., Ltd. AB350-Gaming 3-CF
Processor: AMD Ryzen 5 1600X Six-Core Processor
Percentage of memory in use: 57%
Total physical RAM: 8143.37 MB
Available physical RAM: 3474.84 MB
Total Virtual: 16143.37 MB
Available Virtual: 10075 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:930.7 GB) (Free:98.73 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:1862.42 GB) (Free:393.84 GB) NTFS
Drive e: () (Fixed) (Total:232.88 GB) (Free:104.49 GB) NTFS

\\?\Volume{26c4f6e3-ae76-402e-924e-64c06f594455}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS
\\?\Volume{3b8a238f-2f3a-4784-8545-56c16e5e4cfe}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{c8899f10-cbea-4cf6-a976-76024a3ea4ac}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 60B170B4)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: A0329484)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,877 posts
  • MVP

Assume that took care of your original problem.  You still haven't updated to Windows version 1903.

The usual way isn't working for a lot of people.  Try

 

https://www.microsof...nload/windows10

 

Under: Windows 10 May 2019 Update click on Update Now and follow instructions.

 

Also you have obsolete Java versions (probably because you have the updater turned off with MSCONFIG)

 

Java 8 Update 191 64bit
Java 8 Update 191

 

These should be removed via Control Panel, Programs & Features.  You can get the newest versions at Java.com but unless you are sure you really need it it's best not to reinstall it.

 

What exactly does the registry warning in FRST say?


  • 0

#6
XmutanoX

XmutanoX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Where do i check this registry warning on FRST?


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,877 posts
  • MVP

Don't know.  You mentioned something about a registry warning while running FRST in your original post.


  • 0

#8
XmutanoX

XmutanoX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Oh you mean the ones with ATTENTION tags, i meant these ones:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION

Task: {C1AB7A03-F336-43B7-ABC9-26A8A563170F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {CC33F01E-1AC6-4906-ACA2-EE861428504C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION

is it something to be worried? They didn't show up on the new txt files but a new one showed up on the fixlist:

Task: {CC33F01E-1AC6-4906-ACA2-EE861428504C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION


Edited by XmutanoX, 11 October 2019 - 02:15 AM.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,877 posts
  • MVP

Some attention tags are normal and are found on every PC.  These we ignore.  They are just policies set to protect the system.  Others like the ones associated with Tasks we look at more closely. 

These two:

Task: {C1AB7A03-F336-43B7-ABC9-26A8A563170F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {CC33F01E-1AC6-4906-ACA2-EE861428504C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION

 

were flagged because the dll files they referred to are not present.  The first one was causing your error.  The second doesn't seem to cause any problems but neither task is present on version 1809 or 1903 so I put them both on the fixlist to be removed.

 

 

If you have no other problems then we can clean up:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyouopen them.

Due to a recent rise in the number of Cryptolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...ted-1344185.phpfor why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want OpenShell:

https://github.com/O...Open-Shell-Menu

  This program will make Win 10 act like Win 7 with the same controls you are used to.
Download Link:
https://github.com/O...tup_4_4_131.exe


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Video Downloader Professional  To save online video.   This extension (available for Chrome or Firefox)  allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

 


  • 0

#10
XmutanoX

XmutanoX

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thanks for all the advice and solving the problem aswell :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP