hi
In this picture chrome.exe uses 30% of my cpu (i7 4770k) all the time even i am not running Google chrome and when i end task it appears Again in the next start up windows
Here when i open Google chrome i get two chrome.exe running
I did use adwcleaner , full scan using windows defender and cclear but still chrome.exe uses 30% of my cpu
I did uninstall Google chrome , remove all the extensions and i removed all Google chrome files in appdata
thanks
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
Ran by 1ah1 (administrator) on 1AH1-PC (04-09-2018 02:34:35)
Running from C:\Users\1ah1\Desktop
Loaded Profiles: 1ah1 (Available Profiles: 1ah1)
Platform: Windows 10 Pro Version 1803 17134.228 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
() D:\steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Valve Corporation) D:\steam\Steam.exe
(BitTorrent Inc.) C:\Users\1ah1\AppData\Roaming\uTorrent\uTorrent.exe
(Wargaming.net) E:\Games\World_of_Tanks_SB\WargamingGameUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
(BitTorrent Inc.) C:\Users\1ah1\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(BitTorrent Inc.) C:\Users\1ah1\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mega Limited) C:\Users\1ah1\AppData\Local\MEGAsync\MEGAsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-06] (Razer Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3961968 2018-07-09] (Tonec Inc.)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [Steam] => D:\steam\steam.exe [3207968 2018-08-30] (Valve Corporation)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3112744 2018-08-07] (Electronic Arts)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [uTorrent] => C:\Users\1ah1\AppData\Roaming\uTorrent\uTorrent.exe [2403520 2017-04-28] (BitTorrent Inc.)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [World of Tanks (1)] => E:\Games\World_of_Tanks_SB\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2526584 2018-09-03] (Wargaming.net)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49799184 2018-08-28] (Skype Technologies S.A.)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [MicrosoftRuntimeUpdate] => C:\Users\1ah1\AppData\Roaming\libraries\MicrosoftRuntimeUpdate.vbe [1007 2018-07-19] ()
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Run: [wtfast Tray] => C:\Program Files (x86)\wtfast\wtfast.exe [7273024 2018-08-14] (AAA Internet Publishing Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [622592 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\osk.exe [622592 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Windows\System32\osk.exe [622592 2018-04-12] (Microsoft Corporation)
Startup: C:\Users\1ah1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-05-13]
ShortcutTarget: MEGAsync.lnk -> C:\Users\1ah1\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2018-07-30]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-337285318-3777838802-3734651036-1001] => socks=127.0.0.1:9050
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{74e1b422-f652-49bb-bcad-4f58724f2d13}: [DhcpNameServer] 10.59.0.1
Tcpip\..\Interfaces\{a86876ea-706d-42c0-9f67-77599f99d97a}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ca854a35-062d-4a03-89ae-70cc7455553f}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ea2c0e00-1e1a-496b-89a1-afae6943fcb3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fabcda43-88fe-425e-85d9-cfa1252e8036}: [DhcpNameServer] 84.235.57.230 84.235.6.55 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.sa/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-06-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.11.0_neutral__d55gg7py3s0m0 [2018-06-08]
FireFox:
========
FF DefaultProfile: as2e38he.default-1530042435995
FF ProfilePath: C:\Users\1ah1\AppData\Roaming\Mozilla\Firefox\Profiles\as2e38he.default-1530042435995 [2018-09-04]
FF Extension: (آدبلوك بلس) - C:\Users\1ah1\AppData\Roaming\Mozilla\Firefox\Profiles\as2e38he.default-1530042435995\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-31]
FF HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-06-25]
FF HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\1ah1\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\1ah1\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\1ah1\AppData\Roaming\IDM\idmmzcc5 [2016-11-22] [Legacy] [not signed]
FF HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-337285318-3777838802-3734651036-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1ah1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-23] (Unity Technologies ApS)
Chrome:
=======
CHR Profile: C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default [2018-09-04]
CHR Extension: (Slides) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-31]
CHR Extension: (Docs) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-31]
CHR Extension: (Google Drive) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-31]
CHR Extension: (YouTube) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-31]
CHR Extension: (Adobe Acrobat) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-31]
CHR Extension: (Sheets) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-31]
CHR Extension: (Google Docs Offline) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (IDM Integration Module) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-31]
CHR Extension: (Gmail) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\1ah1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-07-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [2065096 2018-07-30] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6875688 2018-07-12] ()
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Creative Technology Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-28] (EasyAntiCheat Ltd)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-07-03] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-30] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2212672 2018-08-07] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3083080 2018-08-07] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-05-11] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2018-03-14] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [57856 2016-01-11] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189776 2018-03-14] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
R2 Wallpaper Engine Service; D:\steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [25600 2017-03-06] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-01] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [42792 2017-01-18] (Creative Technology Ltd)
S3 CtxHdb; C:\WINDOWS\system32\DRIVERS\Ctxhdb.sys [48400 2017-06-22] (Creative Technology Ltd)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-05-11] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-05-11] (Disc Soft Ltd)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2018-04-09] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Qualcomm Atheros, Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5be1f8d25335236\nvlddmkm.sys [17212744 2018-08-22] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-07-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-07-30] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-08-21] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51912 2015-09-03] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [41720 2018-03-09] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137592 2018-03-19] (Razer, Inc.)
R3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [42704 2015-09-03] (Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2018-04-09] (The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-01] (Microsoft Corporation)
R2 WtfEngineDrv; C:\WINDOWS\system32\Drivers\WtfEngineDrv.sys [40352 2016-12-16] (AAA Internet Publishing, Inc.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-06-23] (Wellbia.com Co., Ltd.)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-04 02:34 - 2018-09-04 02:34 - 000026977 _____ C:\Users\1ah1\Desktop\FRST.txt
2018-09-04 02:33 - 2018-09-04 02:34 - 000000000 ____D C:\FRST
2018-09-04 02:33 - 2018-09-04 02:33 - 002413056 _____ (Farbar) C:\Users\1ah1\Desktop\FRST64.exe
2018-09-04 02:21 - 2018-09-04 02:21 - 007571152 _____ (Malwarebytes) C:\Users\1ah1\Desktop\adwcleaner_7.2.3.1.exe
2018-09-04 02:21 - 2018-09-04 02:21 - 000000000 ____D C:\AdwCleaner
2018-09-04 02:16 - 2018-09-04 02:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-09-04 02:16 - 2018-08-22 19:14 - 000552400 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-09-04 02:16 - 2018-08-22 19:14 - 000456552 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-09-04 02:16 - 2018-08-21 13:24 - 000132408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-09-04 02:16 - 2018-08-21 13:15 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-09-04 02:16 - 2018-08-21 13:14 - 005947600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-09-04 02:16 - 2018-08-21 13:14 - 002612264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-09-04 02:16 - 2018-08-21 13:14 - 001767632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-09-04 02:16 - 2018-08-21 13:14 - 000634352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-09-04 02:16 - 2018-08-21 13:14 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-09-04 02:16 - 2018-08-21 13:14 - 000124216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-09-04 02:16 - 2018-08-21 13:14 - 000083440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-09-04 02:16 - 2018-08-03 01:32 - 008273432 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-09-04 02:14 - 2018-08-22 19:14 - 001420648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-09-04 02:14 - 2018-08-22 19:14 - 001093640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-09-04 02:14 - 2018-08-22 19:14 - 000628560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-09-04 02:14 - 2018-08-22 19:14 - 000518832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 040348400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 035251600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 004354208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 003770072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 002016600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439907.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 001564496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 001469144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439907.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 001218056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 000751264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-09-04 02:14 - 2018-08-22 19:13 - 000609496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 031252104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 025967968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 017756392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 015170608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 013733544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 011277848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 004858000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 004128112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 001360312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 001350792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 001160520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 001072976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 001067288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 000908032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 000817800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 000656352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-09-04 02:14 - 2018-08-22 19:12 - 000637376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-09-04 02:14 - 2018-08-21 15:16 - 001688848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-09-04 02:14 - 2018-08-21 15:16 - 000227928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-09-04 02:14 - 2018-08-21 15:16 - 000065792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-09-04 02:14 - 2018-08-21 15:16 - 000047648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-09-04 02:14 - 2018-08-21 15:16 - 000044335 _____ C:\WINDOWS\system32\nvinfo.pb
2018-09-03 20:30 - 2018-09-03 20:38 - 007865059 _____ C:\Users\1ah1\Desktop\12.mp4
2018-09-03 02:11 - 2018-09-03 02:11 - 000341345 _____ C:\Users\1ah1\Downloads\SNK-FONTS.rar
2018-09-02 23:16 - 2018-09-02 23:16 - 000219490 _____ C:\Users\1ah1\Desktop\2.pdf
2018-09-02 01:39 - 2018-09-02 01:39 - 000000000 _____ C:\Users\1ah1\Desktop\New Bitmap Image.bmp
2018-08-31 09:36 - 2018-08-31 09:36 - 000003362 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-31 09:36 - 2018-08-31 09:36 - 000003238 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-31 09:36 - 2018-08-31 09:36 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-31 09:36 - 2018-08-31 09:36 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-31 09:28 - 2018-08-31 09:28 - 001037080 _____ C:\Users\1ah1\Desktop\cc_20180831_092759.reg
2018-08-31 05:03 - 2018-08-31 05:03 - 000000000 ____D C:\Users\1ah1\Desktop\3zo
2018-08-27 02:46 - 2018-08-27 02:58 - 000000000 ____D C:\Users\1ah1\Documents\TrinusVR
2018-08-27 02:33 - 2018-08-27 02:33 - 000000000 ____D C:\Users\1ah1\Documents\steamvr
2018-08-27 02:12 - 2018-08-27 02:17 - 000000677 _____ C:\Users\1ah1\Desktop\LFS.lnk
2018-08-27 02:12 - 2018-08-27 02:12 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
2018-08-27 01:25 - 2018-08-27 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-08-27 01:25 - 2018-08-27 01:25 - 000000000 ____D C:\Program Files\iTunes
2018-08-27 01:25 - 2018-08-27 01:25 - 000000000 ____D C:\Program Files\iPod
2018-08-27 00:43 - 2018-07-11 07:52 - 001471384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-08-25 21:51 - 2018-08-25 21:52 - 000001048 _____ C:\Users\Public\Desktop\wtfast.lnk
2018-08-25 21:51 - 2018-08-25 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wtfast
2018-08-25 21:51 - 2016-12-16 16:41 - 000040352 _____ (AAA Internet Publishing, Inc.) C:\WINDOWS\system32\Drivers\WtfEngineDrv.sys
2018-08-25 21:50 - 2018-08-25 21:52 - 000000000 ____D C:\Program Files (x86)\wtfast
2018-08-23 17:39 - 2018-08-23 17:59 - 000000000 ____D C:\Users\1ah1\Desktop\New folder
2018-08-20 23:09 - 2018-08-20 23:09 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WtfEngineDrv_01009.Wdf
2018-08-15 22:13 - 2018-08-15 22:13 - 000106818 _____ C:\Users\1ah1\Desktop\confirmation.pdf
2018-08-15 19:27 - 2018-08-03 11:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-15 19:27 - 2018-08-03 11:20 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-08-15 19:27 - 2018-08-03 10:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-15 19:27 - 2018-08-03 06:40 - 001221048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-08-15 19:27 - 2018-08-03 06:39 - 009091480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-15 19:27 - 2018-08-03 06:39 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-08-15 19:27 - 2018-08-03 06:39 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-08-15 19:27 - 2018-08-03 06:26 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-08-15 19:27 - 2018-08-03 06:25 - 006568784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-08-15 19:27 - 2018-08-03 06:23 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-08-15 19:27 - 2018-08-03 06:18 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-15 19:27 - 2018-08-03 06:18 - 022007808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-08-15 19:27 - 2018-08-03 06:17 - 004380160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-08-15 19:27 - 2018-08-03 06:15 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-08-15 19:27 - 2018-08-03 06:14 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-15 19:27 - 2018-08-03 06:13 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-15 19:27 - 2018-08-03 06:13 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-08-15 19:27 - 2018-08-03 06:12 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-08-15 19:27 - 2018-08-03 06:12 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-08-15 19:27 - 2018-08-03 06:11 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-08-15 19:27 - 2018-08-03 06:09 - 005776896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-08-15 19:27 - 2018-08-03 06:09 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-15 19:27 - 2018-08-03 06:06 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-15 19:27 - 2018-07-15 03:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-08-15 19:27 - 2018-07-15 03:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-08-15 19:27 - 2018-07-15 03:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-08-15 19:27 - 2018-07-15 02:31 - 001538968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-08-15 19:27 - 2018-07-15 02:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-08-15 19:27 - 2018-07-15 02:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-08-15 19:27 - 2018-07-14 09:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-08-15 19:27 - 2018-07-14 09:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-08-15 19:27 - 2018-07-14 07:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-08-15 19:27 - 2018-07-14 07:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-08-15 19:27 - 2018-07-14 07:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-08-15 19:27 - 2018-07-14 07:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-08-15 19:27 - 2018-07-14 07:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-08-15 19:27 - 2018-07-14 07:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-08-15 19:27 - 2018-07-14 06:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-08-15 19:27 - 2018-07-14 06:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-08-15 19:27 - 2018-07-14 06:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-08-15 19:27 - 2018-07-14 06:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-08-15 19:27 - 2018-07-14 06:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-08-15 19:27 - 2018-07-14 06:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-08-15 19:26 - 2018-08-03 11:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-08-15 19:26 - 2018-08-03 11:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-08-15 19:26 - 2018-08-03 11:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-15 19:26 - 2018-08-03 11:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-15 19:26 - 2018-08-03 11:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-15 19:26 - 2018-08-03 11:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-08-15 19:26 - 2018-08-03 11:22 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-08-15 19:26 - 2018-08-03 11:21 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-08-15 19:26 - 2018-08-03 11:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-08-15 19:26 - 2018-08-03 11:21 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-08-15 19:26 - 2018-08-03 11:21 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2018-08-15 19:26 - 2018-08-03 11:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-08-15 19:26 - 2018-08-03 11:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-15 19:26 - 2018-08-03 11:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2018-08-15 19:26 - 2018-08-03 11:19 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-08-15 19:26 - 2018-08-03 10:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-08-15 19:26 - 2018-08-03 10:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-08-15 19:26 - 2018-08-03 10:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-15 19:26 - 2018-08-03 10:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-15 19:26 - 2018-08-03 10:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-15 19:26 - 2018-08-03 10:29 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-08-15 19:26 - 2018-08-03 10:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-15 19:26 - 2018-08-03 10:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-08-15 19:26 - 2018-08-03 10:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-15 19:26 - 2018-08-03 10:27 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-08-15 19:26 - 2018-08-03 08:41 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-08-15 19:26 - 2018-08-03 07:49 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-08-15 19:26 - 2018-08-03 06:47 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-08-15 19:26 - 2018-08-03 06:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-08-15 19:26 - 2018-08-03 06:46 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-08-15 19:26 - 2018-08-03 06:46 - 000269248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-08-15 19:26 - 2018-08-03 06:41 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-08-15 19:26 - 2018-08-03 06:41 - 000077608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-08-15 19:26 - 2018-08-03 06:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-08-15 19:26 - 2018-08-03 06:40 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-08-15 19:26 - 2018-08-03 06:40 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-08-15 19:26 - 2018-08-03 06:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-08-15 19:26 - 2018-08-03 06:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-08-15 19:26 - 2018-08-03 06:40 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-08-15 19:26 - 2018-08-03 06:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-08-15 19:26 - 2018-08-03 06:39 - 002829216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-08-15 19:26 - 2018-08-03 06:39 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-08-15 19:26 - 2018-08-03 06:39 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-08-15 19:26 - 2018-08-03 06:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-15 19:26 - 2018-08-03 06:39 - 000170936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-08-15 19:26 - 2018-08-03 06:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-08-15 19:26 - 2018-08-03 06:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-08-15 19:26 - 2018-08-03 06:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-08-15 19:26 - 2018-08-03 06:38 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-15 19:26 - 2018-08-03 06:38 - 001945792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-15 19:26 - 2018-08-03 06:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-15 19:26 - 2018-08-03 06:38 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-08-15 19:26 - 2018-08-03 06:38 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-08-15 19:26 - 2018-08-03 06:38 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-08-15 19:26 - 2018-08-03 06:38 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-08-15 19:26 - 2018-08-03 06:38 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-08-15 19:26 - 2018-08-03 06:38 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-08-15 19:26 - 2018-08-03 06:38 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-08-15 19:26 - 2018-08-03 06:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-08-15 19:26 - 2018-08-03 06:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-08-15 19:26 - 2018-08-03 06:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-08-15 19:26 - 2018-08-03 06:25 - 002255008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-15 19:26 - 2018-08-03 06:25 - 001622296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-08-15 19:26 - 2018-08-03 06:25 - 001131064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-08-15 19:26 - 2018-08-03 06:25 - 000583120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-08-15 19:26 - 2018-08-03 06:25 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-08-15 19:26 - 2018-08-03 06:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-15 19:26 - 2018-08-03 06:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-08-15 19:26 - 2018-08-03 06:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-08-15 19:26 - 2018-08-03 06:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2018-08-15 19:26 - 2018-08-03 06:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-08-15 19:26 - 2018-08-03 06:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-08-15 19:26 - 2018-08-03 06:14 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-08-15 19:26 - 2018-08-03 06:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2018-08-15 19:26 - 2018-08-03 06:13 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-08-15 19:26 - 2018-08-03 06:13 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-08-15 19:26 - 2018-08-03 06:13 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-08-15 19:26 - 2018-08-03 06:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-08-15 19:26 - 2018-08-03 06:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-08-15 19:26 - 2018-08-03 06:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-08-15 19:26 - 2018-08-03 06:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-08-15 19:26 - 2018-08-03 06:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-15 19:26 - 2018-08-03 06:11 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-08-15 19:26 - 2018-08-03 06:11 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-08-15 19:26 - 2018-08-03 06:11 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-08-15 19:26 - 2018-08-03 06:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-08-15 19:26 - 2018-08-03 06:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-08-15 19:26 - 2018-08-03 06:11 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-08-15 19:26 - 2018-08-03 06:10 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-08-15 19:26 - 2018-08-03 06:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-08-15 19:26 - 2018-08-03 06:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-15 19:26 - 2018-08-03 06:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-08-15 19:26 - 2018-08-03 06:09 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-08-15 19:26 - 2018-08-03 06:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-15 19:26 - 2018-08-03 06:09 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-08-15 19:26 - 2018-08-03 06:09 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-08-15 19:26 - 2018-08-03 06:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-08-15 19:26 - 2018-08-03 06:08 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-08-15 19:26 - 2018-08-03 06:08 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-08-15 19:26 - 2018-08-03 06:08 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-08-15 19:26 - 2018-08-03 06:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-08-15 19:26 - 2018-08-03 06:07 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-08-15 19:26 - 2018-08-03 06:07 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-08-15 19:26 - 2018-08-03 06:07 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-08-15 19:26 - 2018-08-03 06:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-15 19:26 - 2018-08-03 06:06 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-08-15 19:26 - 2018-08-03 06:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-08-15 19:26 - 2018-08-03 06:06 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-08-15 19:26 - 2018-08-03 06:06 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-08-15 19:26 - 2018-08-03 06:05 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-08-15 19:26 - 2018-08-03 06:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-15 19:26 - 2018-08-03 06:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-15 19:26 - 2018-08-03 06:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-08-15 19:26 - 2018-08-03 04:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-08-15 19:26 - 2018-07-15 04:01 - 002266528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-08-15 19:26 - 2018-07-15 04:00 - 000183736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2018-08-15 19:26 - 2018-07-15 03:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-08-15 19:26 - 2018-07-15 03:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-08-15 19:26 - 2018-07-15 03:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-08-15 19:26 - 2018-07-15 03:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-08-15 19:26 - 2018-07-15 03:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-08-15 19:26 - 2018-07-15 03:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-08-15 19:26 - 2018-07-15 03:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-08-15 19:26 - 2018-07-15 03:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-08-15 19:26 - 2018-07-15 03:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-08-15 19:26 - 2018-07-15 03:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-08-15 19:26 - 2018-07-15 03:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-08-15 19:26 - 2018-07-15 03:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-08-15 19:26 - 2018-07-15 03:38 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-08-15 19:26 - 2018-07-15 03:37 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-08-15 19:26 - 2018-07-15 03:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-08-15 19:26 - 2018-07-15 02:31 - 000148888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2018-08-15 19:26 - 2018-07-15 02:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-08-15 19:26 - 2018-07-15 02:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-08-15 19:26 - 2018-07-15 02:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-08-15 19:26 - 2018-07-15 02:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-08-15 19:26 - 2018-07-15 02:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-08-15 19:26 - 2018-07-15 02:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-08-15 19:26 - 2018-07-15 02:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-08-15 19:26 - 2018-07-15 02:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-08-15 19:26 - 2018-07-14 07:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-08-15 19:26 - 2018-07-14 07:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-08-15 19:26 - 2018-07-14 07:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-08-15 19:26 - 2018-07-14 07:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-08-15 19:26 - 2018-07-14 07:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-08-15 19:26 - 2018-07-14 07:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-08-15 19:26 - 2018-07-14 07:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-08-15 19:26 - 2018-07-14 07:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-08-15 19:26 - 2018-07-14 07:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-08-15 19:26 - 2018-07-14 07:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-08-15 19:26 - 2018-07-14 07:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-08-15 19:26 - 2018-07-14 07:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-08-15 19:26 - 2018-07-14 07:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-08-15 19:26 - 2018-07-14 07:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-08-15 19:26 - 2018-07-14 07:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-08-15 19:26 - 2018-07-14 07:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-08-15 19:26 - 2018-07-14 07:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-08-15 19:26 - 2018-07-14 07:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-08-15 19:26 - 2018-07-14 07:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-08-15 19:26 - 2018-07-14 07:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-08-15 19:26 - 2018-07-14 07:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-08-15 19:26 - 2018-07-14 07:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-08-15 19:26 - 2018-07-14 07:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-08-15 19:26 - 2018-07-14 07:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-08-15 19:26 - 2018-07-14 07:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-08-15 19:26 - 2018-07-14 07:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-08-15 19:26 - 2018-07-14 06:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-08-15 19:26 - 2018-07-14 06:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-08-15 19:26 - 2018-07-14 06:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-08-15 19:26 - 2018-07-14 06:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-08-15 19:26 - 2018-07-14 06:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-08-15 19:26 - 2018-07-14 06:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-08-15 19:26 - 2018-07-14 06:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-08-15 19:26 - 2018-07-14 06:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-08-15 19:26 - 2018-07-14 06:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-08-15 19:26 - 2018-07-14 06:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-08-15 19:26 - 2018-07-14 06:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-08-15 19:26 - 2018-07-14 06:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-08-15 19:26 - 2018-07-14 06:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-08-15 19:26 - 2018-07-14 06:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-08-15 19:26 - 2018-07-14 06:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-08-15 19:26 - 2018-07-14 06:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-08-15 19:26 - 2018-07-14 06:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-08-15 19:26 - 2018-07-14 06:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-08-15 19:26 - 2018-07-14 06:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-08-15 19:26 - 2018-07-14 06:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-08-15 19:26 - 2018-07-14 06:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-08-15 19:26 - 2018-07-14 06:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-08-15 19:26 - 2018-07-14 06:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-08-15 19:26 - 2018-07-14 06:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-08-15 19:26 - 2018-07-14 06:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-08-15 19:26 - 2018-07-14 06:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-08-15 19:26 - 2018-07-14 06:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-08-15 19:26 - 2018-07-14 06:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-08-15 19:26 - 2018-07-14 06:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-08-15 19:26 - 2018-07-13 07:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-08-15 08:50 - 2018-08-15 08:50 - 000729919 _____ C:\Users\1ah1\Desktop\J1mpbPkbPOvcKd_L.mp4
2018-08-13 01:03 - 2018-08-13 01:03 - 000000000 ____D C:\Users\1ah1\Desktop\flac-music No Name
2018-08-12 05:25 - 2018-09-04 02:24 - 106692608 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-08-12 05:20 - 2018-08-12 05:25 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-08-11 18:16 - 2018-08-11 18:16 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-08-11 18:14 - 2018-09-04 02:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-08-11 18:14 - 2018-08-11 18:14 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-08-11 18:14 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-08-11 18:14 - 2018-07-30 22:14 - 002340392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 001936424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 001311784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 000206760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 000185256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-08-11 18:11 - 2018-07-30 22:14 - 000069544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-08-11 13:54 - 2018-08-11 14:05 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\Opera Software
2018-08-11 13:54 - 2018-08-11 13:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2018-08-11 13:54 - 2018-08-11 13:54 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-08-11 13:52 - 2018-08-11 17:59 - 000000000 ____D C:\ProgramData\AVG
2018-08-11 13:52 - 2018-08-11 13:52 - 198041206 _____ C:\Users\1ah1\Downloads\World Soccer Jikkyou Winning Eleven 3 - Final Ver. (Japan).7z
2018-08-11 13:49 - 2018-08-11 17:59 - 000000000 ____D C:\ProgramData\McAfee
2018-08-09 21:22 - 2018-08-09 21:24 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\Battle.net
2018-08-09 21:21 - 2018-08-09 21:21 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2018-08-09 21:21 - 2018-08-09 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-08-09 21:19 - 2018-08-13 21:42 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-08-05 20:59 - 2018-08-05 20:59 - 000001711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2018-08-05 20:59 - 2018-08-05 20:59 - 000000000 ____D C:\Program Files\Shotcut
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-09-04 02:34 - 2015-08-26 05:17 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\uTorrent
2018-09-04 02:32 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-04 02:30 - 2018-05-19 02:36 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-04 02:30 - 2018-04-12 02:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-04 02:27 - 2017-07-04 18:33 - 000000000 ____D C:\Users\1ah1\AppData\LocalLow\Mozilla
2018-09-04 02:26 - 2017-11-23 01:34 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-04 02:24 - 2018-08-04 20:18 - 000000000 ____D C:\Users\1ah1\AppData\LocalLow\uTorrent
2018-09-04 02:24 - 2018-05-19 02:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-04 02:24 - 2018-04-12 00:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-04 02:24 - 2015-03-20 04:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-09-04 02:17 - 2017-11-23 01:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-09-04 02:17 - 2015-03-24 01:38 - 000000000 ____D C:\Temp
2018-09-04 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\Help
2018-09-04 02:16 - 2018-03-01 15:45 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-09-04 02:16 - 2017-11-23 01:34 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-09-04 02:16 - 2017-11-23 01:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-09-04 01:39 - 2018-05-19 02:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-03 23:53 - 2016-10-16 18:43 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2018-09-03 23:53 - 2015-03-20 04:03 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\Origin
2018-09-03 20:25 - 2018-05-19 02:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-09-03 20:25 - 2017-12-05 22:41 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\NCH Software
2018-09-03 20:19 - 2017-09-14 05:44 - 000000000 ____D C:\Games
2018-09-03 19:41 - 2015-03-20 04:00 - 000000000 ____D C:\ProgramData\Origin
2018-09-03 15:12 - 2015-05-31 13:44 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-09-03 09:25 - 2018-05-19 02:30 - 000000000 ____D C:\Users\1ah1
2018-09-03 09:25 - 2015-03-20 03:26 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\DMCache
2018-09-03 07:54 - 2018-04-12 02:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-03 05:54 - 2018-05-19 02:28 - 001039960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-03 01:32 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-09-02 22:59 - 2018-04-24 22:08 - 000000224 _____ C:\Users\1ah1\Desktop\New Text Document (6).txt
2018-09-02 20:08 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-01 18:14 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-01 09:18 - 2018-07-15 01:20 - 000001379 _____ C:\Users\Public\Desktop\Skype.lnk
2018-09-01 09:18 - 2018-07-15 01:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-08-31 17:10 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-31 09:36 - 2015-03-20 05:19 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-31 09:30 - 2018-01-17 16:50 - 000000000 ____D C:\Program Files (x86)\Classroom Spy Pro
2018-08-31 09:22 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Windows Security
2018-08-31 05:18 - 2017-12-24 02:23 - 000000000 ____D C:\Users\1ah1\AppData\Roaming\rsilauncher
2018-08-31 04:52 - 2016-02-15 00:35 - 000000000 ____D C:\Users\1ah1\Documents\American Truck Simulator
2018-08-27 02:13 - 2017-09-20 00:07 - 000000000 ____D C:\ProgramData\TruckersMP
2018-08-26 01:32 - 2016-10-21 13:31 - 000000000 ____D C:\Users\1ah1\Documents\BeamNG.drive
2018-08-25 21:52 - 2015-03-20 04:51 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-25 06:20 - 2015-03-20 04:36 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-23 04:54 - 2015-03-20 04:00 - 000000000 ____D C:\Program Files (x86)\Origin
2018-08-20 23:01 - 2015-04-03 13:01 - 000000000 ____D C:\Users\1ah1\Documents\Euro Truck Simulator 2
2018-08-20 01:11 - 2018-03-20 22:42 - 000000000 ____D C:\Program Files\Intel
2018-08-18 03:08 - 2016-05-11 10:26 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2018-08-18 03:08 - 2015-05-03 01:29 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2018-08-18 01:28 - 2015-03-21 16:45 - 000281768 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2018-08-16 04:05 - 2018-08-04 19:47 - 000000000 ____D C:\Users\1ah1\Desktop\رخصه
2018-08-15 22:27 - 2015-10-31 17:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-15 20:06 - 2016-03-11 19:00 - 000000000 ___RD C:\Users\1ah1\3D Objects
2018-08-15 20:06 - 2015-07-29 18:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-15 20:05 - 2018-04-12 12:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-15 20:05 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-15 20:05 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-08-15 19:29 - 2015-03-20 04:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-14 19:32 - 2018-07-30 20:19 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-08-14 19:32 - 2018-07-30 20:19 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-08-11 17:59 - 2017-09-07 00:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-11 17:59 - 2017-09-07 00:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-11 13:54 - 2018-04-12 02:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-09 22:37 - 2017-09-07 00:28 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-06 18:19 - 2018-04-12 02:41 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-06 18:19 - 2018-04-12 02:41 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-06 07:33 - 2018-06-19 03:20 - 000001789 _____ C:\Users\1ah1\Desktop\MPC-HC x64.lnk
2018-08-06 07:33 - 2018-05-13 23:51 - 000001159 _____ C:\Users\1ah1\Desktop\MEGAsync.lnk
2018-08-06 07:33 - 2017-06-21 00:24 - 000002053 _____ C:\Users\1ah1\Desktop\FiveM.lnk
2018-08-06 07:33 - 2016-10-21 19:13 - 000002265 _____ C:\Users\1ah1\Desktop\Discord.lnk
2018-08-06 07:33 - 2016-06-01 19:20 - 000001032 _____ C:\Users\1ah1\Desktop\TechPowerUp GPU-Z.lnk
2018-08-06 07:33 - 2015-12-13 14:39 - 000001299 _____ C:\Users\1ah1\Desktop\OpenIV.lnk
2018-08-06 07:33 - 2015-09-23 06:02 - 000001274 _____ C:\Users\1ah1\Desktop\Uplay.lnk
2018-08-06 07:33 - 2015-04-16 15:09 - 000001237 _____ C:\Users\1ah1\Desktop\CrystalDiskInfo Shizuku Edition.lnk
==================== Files in the root of some directories =======
2017-09-05 12:43 - 2017-09-05 12:43 - 000000048 _____ () C:\Program Files (x86)\egrb458wtu.dat
2018-07-30 06:28 - 2018-07-30 06:28 - 000000048 ____H () C:\Program Files (x86)\wmgje0gdxg.dat
2015-07-07 18:28 - 2015-07-07 18:28 - 000000081 _____ () C:\Users\1ah1\AppData\Roaming\22.cmd
2015-07-21 05:10 - 2015-07-21 05:10 - 000001369 _____ () C:\Users\1ah1\AppData\Roaming\droid4xinstaller.log
2015-08-15 20:02 - 2015-09-12 17:09 - 000000462 _____ () C:\Users\1ah1\AppData\Roaming\Rim.Desktop.Exception.log
2015-08-15 20:02 - 2016-02-16 10:15 - 000001937 _____ () C:\Users\1ah1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-08-15 20:02 - 2015-09-12 17:09 - 000000462 _____ () C:\Users\1ah1\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-03-22 20:19 - 2017-01-25 21:23 - 002612224 _____ () C:\Users\1ah1\AppData\Local\file__0.localstorage
2016-01-05 00:03 - 2016-01-05 00:03 - 000000000 _____ () C:\Users\1ah1\AppData\Local\{1A24BEF0-7800-47D3-B867-ED570AA94277}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-19 02:28
==================== End of FRST.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by 1ah1 (04-09-2018 02:35:15)
Running from C:\Users\1ah1\Desktop
Windows 10 Pro Version 1803 17134.228 (X64) (2018-05-18 23:36:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
1ah1 (S-1-5-21-337285318-3777838802-3734651036-1001 - Administrator - Enabled) => C:\Users\1ah1
Administrator (S-1-5-21-337285318-3777838802-3734651036-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-337285318-3777838802-3734651036-503 - Limited - Disabled)
Guest (S-1-5-21-337285318-3777838802-3734651036-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-337285318-3777838802-3734651036-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 4.2.2 - philandro Software GmbH)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS PCE-AC68 WLAN Card Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.1.4.3 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield V™ Open Beta (HKLM-x32\...\{2B3B5324-E6E1-4E32-9938-898AD1CA8D8A}) (Version: 1.0.57.30348 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
CPUID HWMonitor 1.35 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.35 - CPUID, Inc.)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
CrystalDiskInfo 6.3.2 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.07 - NVIDIA Corporation) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ExpressVPN (HKLM-x32\...\{5DC0F67F-922B-482F-A141-5AA248915DF7}) (Version: 6.7.0.4772 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{a9ea11c1-b4be-4fa4-aa3c-61e8b0d12ae7}) (Version: 6.7.0.4772 - ExpressVPN)
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft)
Futuremark SystemInfo (HKLM-x32\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{617F8AE5-C5D5-412B-8EA8-6FA72CD3A3C8}) (Version: 12.8.0.150 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.2 (x64 ar) (HKLM\...\Mozilla Firefox 61.0.2 (x64 ar)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 399.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.07 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 399.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.07 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Monitor Driver (HKLM\...\{E932D5B4-547A-4959-B642-3816836283E3}) (Version: 1.0.1.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenIV (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\OpenIV) (Version: 2.6.4.646 - .black/OpenIV Team)
Origin (HKLM-x32\...\Origin) (Version: 10.5.25.7131 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PingPlotter 5 (HKLM-x32\...\{CC1AC7EC-D7BC-453C-80DE-BEEA366A9283}) (Version: 5.5.13.4714 - Pingman Tools, LLC) Hidden
PingPlotter 5 (HKLM-x32\...\PingPlotter 5 5.5.13.4714) (Version: 5.5.13.4714 - Pingman Tools, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.3.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.20.606 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
RSI Launcher 1.0.1 (HKLM\...\81bfc699-f883-50c7-b674-2483b6baae23) (Version: 1.0.1 - Cloud Imperium Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Skype version 8.29 (HKLM-x32\...\Skype_is1) (Version: 8.29 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.)
Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 7, 1, 0 - Canon Inc.)
Update for Skype for Business 2015 (KB3191873) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0E943AAB-F229-4B5D-B0FA-F46A66B4EE95}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3191876) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{63B92B9B-BAA1-4708-BB4B-216BB5FD6322}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
Vegas Pro 11.0 (64-bit) (HKLM\...\{43EBA222-8DF7-11E1-862B-F04DA23A5C58}) (Version: 11.0.683 - Sony)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\Wargaming.net Game Center) (Version: 18.5.1.1309 - Wargaming.net)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks - Common Test (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ct}_is1) (Version: - Wargaming.net)
World of Tanks - Sandbox (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812sb}_is1) (Version: - Wargaming.net)
World of Tanks EU (2) (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\WOT.EU.PRODUCTION(2)) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)
wtfast 4.8 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.8.1.1578 - Initex & AAA Internet Publishing)
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.0.7.0707 - Xilisoft)
دعم تطبيقات Apple (32 بت) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
دعم تطبيقات Apple (64 بت) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06EEFB2E-80B8-4835-AA10-7660BD6F37E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-31] (Google Inc.)
Task: {1083F8E3-601C-415D-AAD9-84C3497B5469} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-08-17] (AVG Technologies CZ, s.r.o.)
Task: {1E7E7E93-2D62-46D7-AE99-8821E881F829} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {22D31ECD-D73D-444D-9C2D-BA95456E51FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {24A3EF8F-3182-483E-B6F4-B299F09A0B33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {32ABD74C-DB0B-4B66-8868-4AF24B1D7DE2} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {423ECF96-7EB6-48EE-BDB0-7FC3E51FC0AC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {463993DD-29E2-4538-A677-612EF6E473C3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-30] (NVIDIA Corporation)
Task: {4AA783FA-8804-4E0D-8AA1-B906D30E1AFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {53FEFCE7-002E-451E-A5AD-6DC8CC933B4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {5603815A-821C-4DE1-BC60-8F9015158587} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {636360E8-86A4-4C5E-B1DC-B7024134DF34} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {63C36CFF-AA80-4F41-BB46-0B69168F47CE} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6C586557-A601-4684-AC39-543D83068343} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-30] (NVIDIA Corporation)
Task: {7E22EC3C-8D5A-43C2-A734-05794C870016} - \WPD\SqmUpload_S-1-5-21-337285318-3777838802-3734651036-1001 -> No File <==== ATTENTION
Task: {7F7AB1B9-6D1B-4FE3-B8A0-F1154C56E43B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-07-30] (NVIDIA Corporation)
Task: {83693B2F-ECCD-431C-A150-368ACDC0C926} - System32\Tasks\nhAsusStrixUILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixUILauncher.exe
Task: {877B1A31-C65F-4750-97D4-68EB9C948544} - System32\Tasks\nhAsusStrixSvc32Run => C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixSvc32.exe
Task: {8A9EF235-55CC-43C8-ADA2-CAC6D496D9CC} - System32\Tasks\nhAsusStrixSvc64Run => C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\x64\nhAsusStrixSvc64.exe
Task: {8B95A6DE-B2AC-4BF6-88F2-C4B566161133} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
Task: {9241A0E7-06FE-4B77-962B-7EDC84A078F3} - System32\Tasks\S-1-5-21-337285318-3777838802-3734651036-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {925B3DC4-6DF5-4A7B-BABA-9E79727C582F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-25] (Microsoft Corporation)
Task: {A7DB3AB6-E450-4C14-8E2F-590ADC1BB223} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-30] (NVIDIA Corporation)
Task: {A80DF7A2-34D5-4FC8-A6D3-A8B41ADAD0A8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-30] (NVIDIA Corporation)
Task: {ABEFE6D6-CF30-47F6-9670-12E39CDF34A0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-30] (NVIDIA Corporation)
Task: {BF2996D7-4A71-43FA-AA7E-727D5DB9CF33} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C07AFB68-76F1-4646-8930-338C99893629} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C98176EE-E773-46C6-9F8F-5F24B3BB18B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C9F1FBBA-C1A8-4258-B58A-A0C002904934} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
Task: {D06A6AD7-071D-4523-B7CB-3C74581C9EC2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
Task: {D10BF193-E208-4D96-BF22-CFD07F110C15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-31] (Google Inc.)
Task: {D21DB46E-8776-40ED-852E-F73166767FBB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D4F69664-5F63-4E2B-9A35-D9B31DD3C615} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D8A02B8F-5158-473E-AAB5-B03B042366C5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D982228C-E3A8-416F-94D4-F633E1717806} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DAB30D9B-7FC7-480E-8B52-C0649D7ECB9F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {DDB21521-3B1A-4666-A218-BA55CA124000} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-07-30] (NVIDIA Corporation)
Task: {DF5BE667-10A3-4FA0-B3A8-7D7310C3A6B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
Task: {E188FED8-72FC-462B-84D1-485F20D74104} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E616B56D-2E0C-4478-9605-D8956E3A24C2} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
Task: {E985354C-BA38-4E25-B2E7-007325117A8D} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-337285318-3777838802-3734651036-1001 => C:\Users\1ah1\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-15] (Mega Limited)
Task: {F4FB7468-204B-4BD1-B6F9-AC93855B03DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F564C25F-B882-42A1-A100-57D49F0A5E9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-07-30 02:43 - 2018-07-30 02:43 - 002065096 _____ () C:\Program Files (x86)\AnyDesk\AnyDesk.exe
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-07-03 12:11 - 2018-07-03 12:11 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2018-08-11 18:14 - 2018-07-30 22:14 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-05-11 10:26 - 2018-03-14 03:16 - 000076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-03-14 23:13 - 2018-03-14 23:13 - 000189776 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-06 07:41 - 2017-03-06 07:34 - 000025600 _____ () D:\steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
2018-07-03 12:12 - 2018-07-03 12:12 - 008749184 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2017-10-19 00:51 - 2017-10-19 00:51 - 000598528 _____ () C:\Users\1ah1\AppData\Local\MEGAsync\ShellExtX64.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-15 19:26 - 2018-08-03 06:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 095437352 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 003029032 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 000149544 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-08-31 09:36 - 2018-08-08 03:41 - 002682200 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\swiftshader\libglesv2.dll
2018-08-31 09:36 - 2018-08-08 03:41 - 000148824 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\swiftshader\libegl.dll
2018-08-29 18:24 - 2018-08-27 22:41 - 001054496 _____ () D:\steam\bin\cef\cef.win7x64\SDL2.dll
2018-08-29 18:24 - 2018-08-27 23:52 - 098006816 _____ () D:\steam\bin\cef\cef.win7x64\libcef.dll
2018-08-29 18:24 - 2018-08-27 23:52 - 004443424 _____ () D:\steam\bin\cef\cef.win7x64\libglesv2.dll
2018-08-29 18:24 - 2018-08-27 23:52 - 000100128 _____ () D:\steam\bin\cef\cef.win7x64\libegl.dll
2018-07-03 12:12 - 2018-07-03 12:12 - 007483072 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
2018-07-03 12:12 - 2018-07-03 12:12 - 000014976 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll
2018-07-03 12:11 - 2018-07-03 12:11 - 000303104 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.SplitTunnel.dll
2018-07-03 12:12 - 2018-07-03 12:12 - 000444032 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2018-08-11 18:14 - 2018-07-30 22:14 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-08-29 18:24 - 2018-08-27 22:41 - 000874784 _____ () D:\steam\SDL2.dll
2018-08-30 06:03 - 2018-08-30 00:17 - 002646304 _____ () D:\steam\video.dll
2018-07-25 00:26 - 2017-12-20 04:43 - 000695584 _____ () D:\steam\libavformat-57.dll
2018-07-25 00:26 - 2016-09-01 04:02 - 004969248 _____ () D:\steam\v8.dll
2018-07-25 00:26 - 2017-12-20 04:43 - 000351520 _____ () D:\steam\libavresample-3.dll
2018-07-25 00:26 - 2017-12-20 04:43 - 000847136 _____ () D:\steam\libavutil-55.dll
2018-07-25 00:26 - 2017-12-20 04:43 - 000783648 _____ () D:\steam\libswscale-4.dll
2018-07-25 00:26 - 2017-12-20 04:43 - 005137696 _____ () D:\steam\libavcodec-57.dll
2018-07-25 00:26 - 2016-09-01 04:02 - 001563936 _____ () D:\steam\icui18n.dll
2018-07-25 00:26 - 2016-09-01 04:02 - 001195296 _____ () D:\steam\icuuc.dll
2018-08-30 06:03 - 2018-08-30 00:17 - 001015584 _____ () D:\steam\bin\chromehtml.DLL
2018-07-25 00:26 - 2016-07-05 01:17 - 000266560 _____ () D:\steam\openvr_api.dll
2018-03-13 18:39 - 2018-03-27 21:16 - 001663736 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libGLESv2.dll
2018-03-13 18:39 - 2018-03-27 21:16 - 000091896 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libEGL.dll
2018-03-13 18:38 - 2018-03-27 21:16 - 049001720 _____ () \\?\C:\ProgramData\Wargaming.net\GameCenter\dlls\libcef.dll
2018-07-15 01:19 - 2018-08-28 19:44 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-09-01 09:18 - 2018-08-28 19:44 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-09-01 09:18 - 2018-08-28 19:44 - 000094152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\skype-coexistence\build\Release\coexistence.node
2018-09-01 09:18 - 2018-08-28 19:44 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-07-15 01:19 - 2018-08-28 19:44 - 002725400 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-07-15 01:19 - 2018-08-28 19:44 - 000033304 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-09-01 09:18 - 2018-08-28 19:44 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-09-01 09:18 - 2018-08-28 19:44 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-09-01 09:18 - 2018-08-28 19:44 - 002384840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-05-08 14:28 - 2018-05-08 14:28 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-09-10 23:51 - 2017-09-10 23:51 - 000798208 _____ () C:\Users\1ah1\AppData\Local\MEGAsync\libsodium.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [209]
AlternateDataStreams: C:\Users\Public\AppData:CSM [468]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-19 00:03 - 2018-09-04 02:23 - 000000852 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\1ah1\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "3DG4me"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "Smart Port Forwarding"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-337285318-3777838802-3734651036-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{18D60B78-A7F0-416F-889F-31EE5DB696F4}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{C8ABF315-CC2A-4BE8-A2E2-BBC9B5F90FDB}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{11E605D9-8EC4-429F-A5CF-5E0D7CC04F5B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{EB8A2A69-274E-475C-96F9-282C8E567FE0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{8252D674-545D-4156-AC81-09E3F915FF7D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{472609FE-A524-471B-8B8D-B7FAF3B4AAD7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [TCP Query User{A90D1B36-5B02-42A9-9F17-50A534A5C3FB}C:\users\1ah1\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\1ah1\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7DEFBFCD-02CF-4200-B53C-1EB98C1D1465}C:\users\1ah1\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\1ah1\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E27AB544-012D-4E4B-B7D0-C2F666F53CDB}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{A75664CC-4B56-48EA-A19F-C41624F94C08}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{C7CBFBA1-08B8-4D5E-B5A7-95E141E139A6}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{63134081-1F9F-4BCE-8C5C-63801A222F4C}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{C75A5C81-F0B8-4FEF-922C-C69298E3A469}] => (Allow) D:\steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{FF7EA554-8406-42B8-8B2D-A44886C2E226}] => (Allow) D:\steam\steamapps\common\Total War Rome II\launcher\launcher.exe
==================== Restore Points =========================
31-08-2018 01:28:58 Windows Modules Installer
01-09-2018 03:29:01 Windows Modules Installer
02-09-2018 05:28:41 Windows Modules Installer
03-09-2018 07:54:30 Windows Modules Installer
==================== Faulty Device Manager Devices =============
Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/04/2018 02:32:21 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/04/2018 02:25:15 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\steam\bin\cef\cef.win7\steamwebhelper.exe
Error: (09/04/2018 02:24:22 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
Error: (09/03/2018 01:12:40 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\steam\bin\cef\cef.win7\steamwebhelper.exe
Error: (09/03/2018 01:12:28 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: 1ah1-pc)
Description: المسالةالمسالة-2147467263
Error: (09/03/2018 06:31:47 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: 1ah1-pc)
Description: المسالةالمسالة-2147467263
Error: (09/03/2018 05:57:29 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/03/2018 05:55:29 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\steam\bin\cef\cef.win7\steamwebhelper.exe
System errors:
=============
Error: (09/04/2018 02:27:31 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (09/04/2018 02:26:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/04/2018 02:26:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/04/2018 02:25:16 AM) (Source: DCOM) (EventID: 10016) (User: 1ah1-pc)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 1ah1-pc\1ah1 SID (S-1-5-21-337285318-3777838802-3734651036-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/04/2018 02:24:58 AM) (Source: DCOM) (EventID: 10016) (User: 1ah1-pc)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user 1ah1-pc\1ah1 SID (S-1-5-21-337285318-3777838802-3734651036-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/04/2018 02:24:49 AM) (Source: DCOM) (EventID: 10016) (User: 1ah1-pc)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
and APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
to the user 1ah1-pc\1ah1 SID (S-1-5-21-337285318-3777838802-3734651036-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/04/2018 02:23:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error: (09/04/2018 02:23:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Windows Defender:
===================================
Date: 2018-08-21 00:35:52.013
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DB982EE5-566D-42C4-B3EA-6F5846620452}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-16 00:13:36.145
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {392E7C6F-42BC-4A8D-9815-9CB8D57DA148}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-14 20:29:39.480
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D69D80F8-E297-4614-9829-47AA05EE85E5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-02 00:05:37.774
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...14&enterprise=0
Name: Trojan:Win32/Fuery.B!cl
ID: 2147718514
Severity: Severe
Category: Trojan
Path: file:_E:\All2Chat-310.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.273.654.0, AS: 1.273.654.0, NIS: 1.273.654.0
Engine Version: AM: 1.1.15100.1, NIS: 1.1.15100.1
Date: 2018-08-05 07:54:18.806
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.810.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-08-16 00:20:36.344
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\PingPlotter 5\System.ValueTuple.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-16 00:20:36.282
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\PingPlotter 5\System.ValueTuple.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-31 09:34:26.972
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\PingPlotter 5\System.ValueTuple.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-31 09:34:26.915
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\PingPlotter 5\System.ValueTuple.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 27%
Total physical RAM: 16326.57 MB
Available physical RAM: 11841.78 MB
Total Virtual: 18758.57 MB
Available Virtual: 12340.94 MB
==================== Drives ================================
Drive a: (Anime) (Fixed) (Total:3726.01 GB) (Free:2237.78 GB) NTFS
Drive c: () (Fixed) (Total:237.59 GB) (Free:15.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:231.27 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:1863.01 GB) (Free:373.3 GB) NTFS
Drive i: (Local Disk) (Fixed) (Total:3725.9 GB) (Free:48.28 GB) NTFS
\\?\Volume{55722ab9-0000-0000-0000-b0653b000000}\ () (Fixed) (Total:0 GB) (Free:0 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B1FD2E4B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B1FD2E44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 55722AB9)
Partition 1: (Active) - (Size=237.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 MB) - (Type=27)
========================================================
Disk: 4 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================