Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

This email made me anxious


  • Please log in to reply

#1
Dohnovan

Dohnovan

    Member

  • Member
  • PipPip
  • 99 posts

I opened an email to read it and it turned out it was a phishing email, I'm not sure if I got any sort of malware but I can tell you I didn't click any links from the email.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Dohnovan (administrator) on DESKTOP-LBHF8BQ (Micro-Star International Co., Ltd MS-7A38) (03-01-2021 11:46:37)
Running from C:\Users\Dohnovan\Desktop
Loaded Profiles: Dohnovan
Platform: Windows 10 Home Version 2004 19041.685 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Users\Dohnovan\Desktop\Genshin Impact\launcher.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0361132.inf_amd64_1f7832db1fb1721f\B361196\atiesrxx.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\SSAudioSvc32.exe
(A-Volute -> ) C:\Program Files\SteelSeries\SS Audio\Foundation\x64\SSAudioSvc64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dohnovan\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Dohnovan\Desktop\Malwarebytes\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Dohnovan\Desktop\Malwarebytes\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dohnovan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe <2>
(The Qt Company Oy -> The Qt Company Ltd.) C:\Users\Dohnovan\Desktop\Genshin Impact\QtWebEngineProcess.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2020-12-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514608 2020-12-10] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\Dohnovan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514608 2020-12-10] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\87.1.18.77\Installer\chrmstp.exe [2020-12-30] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2020-12-22]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00F249CE-0D89-4695-93BC-4268061B9D8B} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {02EBE7D9-95D4-4CB7-8BF6-6D39FEFD3873} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {0637FEC9-06AC-449A-BF4E-E6BED95DCC3A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {08E5B611-4DA5-4724-BF5F-CEB73F9E0C7D} - System32\Tasks\SSAudioSvc64Run => C:\Program Files\Steelseries\SS Audio\Foundation\x64\SSAudioSvc64.exe [797088 2020-01-08] (A-Volute -> )
Task: {0928E190-F287-4F5C-B4C2-C91EBEF0A617} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {2AFE60A3-3C00-4AF5-BFF5-8D96C9C8F860} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3CDC5251-0B55-4A4A-9579-2488F886DFF1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {438A76DD-3A89-4AC5-ACE2-40B2548F3E67} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {568E4EEF-5E99-4C66-B8E9-DA74BFF2DCA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {61D35FA8-FCA3-4C1E-AE5C-3C510D75C0D5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {65F74DAE-70AE-43D5-9FD7-DDEDB0571C6C} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {72272DFC-049E-46D5-8C98-9563407B5D9D} - System32\Tasks\SSAudioSvc32Run => C:\Program Files\Steelseries\SS Audio\Foundation\SSAudioSvc32.exe [1299872 2020-01-08] (A-Volute -> )
Task: {795E7E80-0603-41AA-B972-DD27CD4E78F8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D175ED4-61FE-450C-9073-38242E442B00} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {7D484749-46DF-40A9-AF50-007BE595726C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-14] (Google Inc -> Google Inc.)
Task: {8509A40D-10D6-45D9-895E-94C7A3F3F0D4} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15012440 2020-11-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {8D9E4B5D-B55E-4A9C-9A5F-61CDAC51320E} - System32\Tasks\Agent Activation Runtime\S-1-5-21-2108490749-413910539-1021375685-1003 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-09] (Microsoft Windows -> )
Task: {B6928123-FBFA-4D0E-91EA-C81EB0C167C8} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BC2173B5-C39F-40B2-99E4-F41B28F26961} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CA2648CC-46F6-4596-A94D-30A0110515FA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Dohnovan\Downloads\esetonlinescanner_enu.exe [15012440 2020-11-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E90C32A5-7EE5-42DC-97BD-B7CEDA264326} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1a8f5a04-83c8-490b-b4bc-64e8c2c6fd6d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1cd6b0cf-5059-4ef2-9609-a8d02c0c81b4}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{3c01823b-a919-4197-a2ce-b7ef6cd5d03a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{57a5de9c-d2e2-48be-96b9-44b1389dcc84}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8f09853e-c450-47d3-b7bc-5aedbe848278}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{dad6bf82-733a-495c-84a7-154afa6ad446}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e0510115-42dc-46d8-842a-cc54eeda8aa9}: [DhcpNameServer] 10.0.1.1
 
Edge: 
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12]
Edge Extension: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-03]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2020-12-24]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Dohnovan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2020-12-24]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default [2021-01-03]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR Extension: (Slides) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14]
CHR Extension: (Docs) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14]
CHR Extension: (Google Drive) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
CHR Extension: (Sheets) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11]
CHR Extension: (MetaMask) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2020-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dohnovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [125488 2020-05-26] (Perfect World Entertainment -> Perfect World Entertainment Inc)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [61832 2020-11-13] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-04-17] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [155848 2020-09-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [5136328 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:\Users\Dohnovan\Desktop\Malwarebytes\MBAMService.exe [7456464 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-28] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294128 2020-12-10] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-12-08] (Razer USA Ltd. -> Razer Inc.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32648 2020-12-21] (SteelSeries ApS -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-02] (Malwarebytes Corporation -> Malwarebytes)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [429800 2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S4 mhyprot2; no ImagePath
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [53656 2020-11-15] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2019-12-07] (Microsoft Corporation) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-23] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-19] (Zemana Ltd. -> Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (All) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-01-03 11:46 - 2021-01-03 11:48 - 000023849 _____ C:\Users\Dohnovan\Desktop\FRST.txt
2021-01-02 16:28 - 2021-01-02 16:28 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-02 16:28 - 2021-01-02 16:28 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-02 16:28 - 2021-01-02 16:28 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-02 16:28 - 2021-01-02 16:28 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-02 15:34 - 2021-01-02 15:34 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-02 15:34 - 2021-01-02 15:34 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-02 15:34 - 2021-01-02 15:34 - 000002080 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-02 15:34 - 2021-01-02 15:34 - 000002080 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-02 15:34 - 2021-01-02 15:33 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-02 15:34 - 2021-01-02 15:33 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-02 15:32 - 2021-01-03 11:37 - 000000000 ____D C:\Users\Dohnovan\Desktop\Malwarebytes
2021-01-02 15:32 - 2021-01-02 15:32 - 002086424 _____ (Malwarebytes) C:\Users\Dohnovan\Downloads\MBSetup (1).exe
2021-01-02 15:13 - 2021-01-02 15:13 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\mbam
2021-01-02 15:12 - 2021-01-02 15:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-02 15:12 - 2021-01-02 15:11 - 002086424 _____ (Malwarebytes) C:\Users\Dohnovan\Desktop\mbuns.exe
2021-01-02 15:11 - 2021-01-02 15:11 - 002086424 _____ (Malwarebytes) C:\Users\Dohnovan\Downloads\MBSetup.exe
2021-01-01 14:06 - 2021-01-01 14:06 - 000070784 _____ C:\ProgramData\agent.uninstall.1609535171.bdinstall.v2.bin
2020-12-31 17:26 - 2020-12-31 17:26 - 000003116 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2020-12-31 16:30 - 2020-12-31 16:30 - 000179028 _____ C:\ProgramData\cl.1609453643.bdinstall.v2.bin
2020-12-31 16:30 - 2020-12-31 16:30 - 000102216 _____ C:\ProgramData\cl.kit.1609453628.bdinstall.v2.bin
2020-12-31 15:27 - 2020-12-31 15:27 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2020-12-31 15:22 - 2020-12-31 15:22 - 000086488 _____ C:\ProgramData\agent.update.1609453329.bdinstall.v2.bin
2020-12-30 16:11 - 2020-12-30 16:11 - 000001199 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2020-12-30 16:05 - 2020-12-30 16:05 - 000000000 ____D C:\ProgramData\Bitdefender
2020-12-30 16:01 - 2021-01-01 14:06 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-12-30 16:01 - 2020-12-30 16:01 - 000104868 _____ C:\ProgramData\agent.1609369277.bdinstall.v2.bin
2020-12-30 16:01 - 2020-12-30 16:01 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-12-29 16:07 - 2020-12-29 16:07 - 000100393 _____ C:\ProgramData\uninstalltool.1609283135.bdinstall.bin
2020-12-29 16:05 - 2020-12-29 16:05 - 000779984 _____ C:\ProgramData\cl.1609282802.bdinstall.v2.bin
2020-12-29 16:05 - 2020-12-29 16:05 - 000102216 _____ C:\ProgramData\cl.kit.1609282788.bdinstall.v2.bin
2020-12-29 15:58 - 2020-12-29 15:58 - 013543456 _____ C:\Users\Dohnovan\Downloads\bitdefender_antivirus (1).exe
2020-12-26 13:41 - 2020-12-26 13:42 - 002670815 _____ C:\Users\Dohnovan\Downloads\Autoruns.zip
2020-12-26 13:41 - 2020-12-26 13:42 - 000000000 ____D C:\Users\Dohnovan\Desktop\Autorun
2020-12-24 16:30 - 2020-12-24 16:30 - 019587152 _____ C:\Users\Dohnovan\Downloads\Bitdefender_2020_Uninstall_Tool (1).exe
2020-12-24 12:30 - 2020-12-24 12:30 - 000197232 _____ C:\ProgramData\vpn.1608838113.bdinstall.v2.bin
2020-12-24 12:30 - 2020-12-24 12:30 - 000000000 ____D C:\ProgramData\AnchorFree_Inc
2020-12-24 12:28 - 2020-02-20 13:02 - 000047920 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2020-12-24 11:57 - 2020-12-24 11:57 - 000000000 ____D C:\ProgramData\Gemma
2020-12-24 11:44 - 2020-12-24 11:49 - 000000000 ____D C:\ProgramData\BDLogging
2020-12-24 11:44 - 2020-12-24 11:44 - 000000000 ____D C:\WINDOWS\system32\elambkup
2020-12-24 11:33 - 2020-12-24 11:33 - 013543456 _____ C:\Users\Dohnovan\Downloads\bitdefender_antivirus.exe
2020-12-23 13:06 - 2020-12-23 13:06 - 011278368 _____ C:\Users\Dohnovan\Downloads\Bitdefender_2019_Uninstall_Tool.exe
2020-12-23 12:27 - 2020-12-23 12:27 - 011289960 _____ C:\Users\Dohnovan\Downloads\mb-support-1.8.0.848.exe
2020-12-23 12:27 - 2020-12-23 12:27 - 002286592 _____ (Farbar) C:\Users\Dohnovan\Downloads\FRSTEnglish.exe
2020-12-23 12:24 - 2020-12-23 12:24 - 019587152 _____ C:\Users\Dohnovan\Downloads\Bitdefender_2020_Uninstall_Tool.exe
2020-12-23 10:34 - 2020-12-23 10:34 - 008234296 _____ (Piriform Software Ltd) C:\Users\Dohnovan\Downloads\spsetup132.exe
2020-12-23 10:34 - 2020-12-23 10:34 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2020-12-23 10:34 - 2020-12-23 10:34 - 000000844 _____ C:\ProgramData\Desktop\Speccy.lnk
2020-12-23 10:34 - 2020-12-23 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-12-23 10:34 - 2020-12-23 10:34 - 000000000 ____D C:\Program Files\Speccy
2020-12-22 11:15 - 2020-12-22 11:15 - 002286592 _____ (Farbar) C:\Users\Dohnovan\Downloads\FRST64.exe
2020-12-22 10:26 - 2020-12-22 10:26 - 000000017 _____ C:\Users\Dohnovan\Desktop\twitch.txt
2020-12-21 10:31 - 2020-12-21 10:31 - 000003304 _____ C:\WINDOWS\system32\Tasks\StartCNBM
2020-12-21 10:19 - 2020-12-21 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-12-21 10:15 - 2020-12-21 10:16 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-12-21 10:04 - 2020-11-17 14:52 - 001753912 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-12-21 10:04 - 2020-11-17 14:52 - 001753912 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-12-21 10:04 - 2020-11-17 14:52 - 001359680 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-12-21 10:04 - 2020-11-17 14:52 - 001359680 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-12-21 10:04 - 2020-11-17 14:52 - 001047992 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-12-21 10:04 - 2020-11-17 14:52 - 001047992 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-12-21 10:04 - 2020-11-17 14:52 - 000910456 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-12-21 10:04 - 2020-11-17 14:52 - 000910456 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-12-21 10:04 - 2020-11-17 14:51 - 001593664 _____ (AMD) C:\WINDOWS\system32\coinst_20.45.dll
2020-12-21 10:04 - 2020-11-17 14:51 - 000019984 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2020-12-21 10:04 - 2020-11-17 14:50 - 001490752 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll
2020-12-21 10:04 - 2020-11-17 14:50 - 001356096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2020-12-21 10:04 - 2020-11-17 14:50 - 000150336 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-12-21 10:04 - 2020-11-17 14:50 - 000130880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-12-21 10:04 - 2020-11-17 13:15 - 000076237 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2020-12-21 10:04 - 2020-11-17 13:15 - 000012344 _____ C:\WINDOWS\system32\brandingWS_RSX.bmp
2020-12-21 10:04 - 2020-11-17 13:15 - 000012344 _____ C:\WINDOWS\system32\brandingRSX.bmp
2020-12-21 10:04 - 2020-11-17 13:15 - 000011014 _____ C:\WINDOWS\system32\atiacmLocalisation.ini
2020-12-21 10:04 - 2020-11-17 13:15 - 000000822 _____ C:\WINDOWS\system32\branding.bmp
2020-12-21 06:44 - 2020-12-21 06:44 - 001006032 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2020-12-21 06:44 - 2020-12-21 06:44 - 001004496 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2020-12-21 06:44 - 2020-12-21 06:44 - 000179144 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpshell.dll
2020-12-20 09:43 - 2020-12-31 17:26 - 000003132 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2020-12-11 12:00 - 2020-12-11 12:00 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\552BB782.sys
2020-12-11 08:32 - 2020-12-11 08:32 - 000253976 _____ (Cisco Webex LLC) C:\Users\Dohnovan\Downloads\webex (1).exe
2020-12-09 19:08 - 2020-12-09 19:08 - 030469496 _____ (Piriform Software Ltd) C:\Users\Dohnovan\Downloads\ccsetup574.exe
2020-12-09 19:01 - 2021-01-03 11:44 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\discord
2020-12-09 19:00 - 2020-12-09 19:01 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\Discord
2020-12-09 19:00 - 2020-12-09 19:00 - 068822328 _____ (Discord Inc.) C:\Users\Dohnovan\Downloads\DiscordSetup (2).exe
2020-12-09 15:51 - 2020-12-09 15:51 - 024265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 019870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 018767360 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 018083840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 007625728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 007545048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 006425088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 005346808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 004794248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 004467200 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 004363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 004307456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 004282368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 003658752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 003556064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 003376848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 003364864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-09 15:51 - 2020-12-09 15:51 - 002523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2020-12-09 15:51 - 2020-12-09 15:51 - 002520056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 002453368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2020-12-09 15:51 - 2020-12-09 15:51 - 002339248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 002254560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2020-12-09 15:51 - 2020-12-09 15:51 - 002136736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2020-12-09 15:51 - 2020-12-09 15:51 - 001982280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001956032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001792800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001720648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001352760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001350144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001315144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001301600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001250304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001250304 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001128960 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001127144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001075712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001014888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000994816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000951368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000751616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000685896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000607864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000574296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\IESettingSync.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000530456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000435712 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000423240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServerClient.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000266992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AnalogShell.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionDevice.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000193640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2020-12-09 15:51 - 2020-12-09 15:51 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PerceptionDevice.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2020-12-09 15:51 - 2020-12-09 15:51 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptuiwizard.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000129104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptuiwizard.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000101296 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000097096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wecutil.exe
2020-12-09 15:51 - 2020-12-09 15:51 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wecapi.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2020-12-09 15:51 - 2020-12-09 15:51 - 000031560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-12-09 15:51 - 2020-12-09 15:51 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 026274304 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 023452160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 014758400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 010841928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 008890544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 007783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 007639040 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 006368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 006002752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 004629320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 004125256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 003815936 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 002990408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 002922392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 002850632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 002844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-09 15:50 - 2020-12-09 15:50 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 002634120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 002542080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 002433024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 002181672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 002025272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001892440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001875400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001831424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001751952 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001696760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001663648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001660928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001623312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001591112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001570632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001454960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001449984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001436032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvbvm60.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001373184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001328456 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001276928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001272320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 001268048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 001265000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001240576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001240064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_IME.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001223080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001130104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001115136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001068648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001055696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001039176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000967384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputHost.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000964792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000920904 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000907456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000898176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000887856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000861488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000843384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000805176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000786600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000763856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000758224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000756656 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000713832 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000710688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000688968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000678216 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntimewindows.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.ConversationalAgent.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000632552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntime.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000628112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000603464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000550088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000543328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000534552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000523200 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000507904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000502600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-12-09 15:50 - 2020-12-09 15:50 - 000501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000477784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000461128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000417376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000385360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000380744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000375000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AarSvc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000293704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000288680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngctasks.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000253040 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000230904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000228688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000225096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000218960 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NetAdapterCx.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecsvc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000203512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000201552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000195152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000189256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000171576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000149832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000147272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000147200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000139960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000136352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvEmulation.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000124968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DSCache.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MuiUnattend.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000118088 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\btpanui.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecutil.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000104784 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-09 15:50 - 2020-12-09 15:50 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-09 15:50 - 2020-12-09 15:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000097104 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000095048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-12-09 15:50 - 2020-12-09 15:50 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MuiUnattend.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000092960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MitigationConfiguration.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecapi.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000077136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000072824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MitigationConfiguration.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000061776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInput.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000059464 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskSchdPS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagnosticdataquery.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TaskSchdPS.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000021320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragproxy.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsregtask.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDJPN.DLL
2020-12-09 15:50 - 2020-12-09 15:50 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2020-12-09 15:50 - 2020-12-09 15:50 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-09 15:50 - 2020-12-09 15:50 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchTM.exe
2020-12-09 15:50 - 2020-12-09 15:50 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd106n.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd106.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbd101.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106n.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd101.DLL
2020-12-09 15:50 - 2020-12-09 15:50 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragres.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-12-09 15:50 - 2020-12-09 15:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 017543168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 010338488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 009035264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 007990760 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 006245888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 005785368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 004733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 004710976 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 003898368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 003815936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 003778888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 003750400 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 003586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 003508056 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 003068416 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 002631168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 002592584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 002454016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 002250752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 002119736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001984368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001969664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001909248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001828168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-09 15:49 - 2020-12-09 15:49 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001702416 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001648128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001575408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001555152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 001554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 001523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MoUsoCoreWorker.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001414656 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 001400224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-09 15:49 - 2020-12-09 15:49 - 001380112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputHost.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001289168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001212712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 001210136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 001198296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 001189528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 001182536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001132544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001089864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001036800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001027864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001026256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000988064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000914288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000906576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000845000 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000798536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000764976 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000751616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000733984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000602440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-12-09 15:49 - 2020-12-09 15:49 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000488776 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000469320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000454992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000450888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000432928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000419432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000418800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000408392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000382728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000380232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000352800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000260936 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000233800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000226632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ManageCI.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000185672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000168264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000161680 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000160072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000158096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DSCache.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000155976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000153384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000149320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000146240 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000132744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\btpanui.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000118600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-12-09 15:49 - 2020-12-09 15:49 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindfltapi.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000098120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000090408 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000070984 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInput.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mskeyprotect.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-12-09 15:49 - 2020-12-09 15:49 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-12-09 15:49 - 2020-12-09 15:49 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000029456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregtask.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000021288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmsgapi.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2020-12-09 15:49 - 2020-12-09 15:49 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2020-12-09 15:49 - 2020-12-09 15:49 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-09 15:22 - 2020-11-10 01:48 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-12-09 15:22 - 2020-11-09 20:51 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-12-04 00:23 - 2020-12-04 00:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2747D718.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-01-03 11:50 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-03 11:49 - 2019-06-19 14:48 - 012552227 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-01-03 11:47 - 2019-06-19 19:30 - 000000000 ____D C:\FRST
2021-01-03 11:44 - 2020-11-29 17:56 - 000000000 ____D C:\Users\Dohnovan\Desktop\Genshin Impact
2021-01-03 11:42 - 2020-06-18 15:04 - 000004172 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{4C0E0C52-0BCF-4545-B5E0-AA2D9A8EA0A4}
2021-01-03 10:42 - 2020-06-18 14:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-03 07:59 - 2018-05-21 15:36 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\D3DSCache
2021-01-03 05:58 - 2020-09-21 17:28 - 000000680 _____ C:\Users\Dohnovan\Desktop\ESET Online Scanner.lnk
2021-01-03 05:57 - 2019-06-20 09:43 - 000000808 _____ C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-02 15:34 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-02 15:29 - 2020-06-03 10:41 - 000000000 ____D C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)
2021-01-01 12:14 - 2020-11-29 20:51 - 000000318 _____ C:\Users\Dohnovan\Desktop\genshin impact.txt
2020-12-31 17:28 - 2017-12-08 21:06 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-31 17:26 - 2017-12-09 10:39 - 000000000 ___RD C:\Users\Dohnovan\OneDrive
2020-12-31 17:24 - 2020-06-18 15:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-31 17:24 - 2020-06-18 14:39 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-31 17:24 - 2019-06-19 14:54 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2020-12-31 17:23 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-31 17:23 - 2017-04-11 09:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-12-31 15:37 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-31 15:37 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-30 20:05 - 2020-09-19 14:59 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-12-30 20:05 - 2020-09-19 14:59 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2020-12-30 20:05 - 2020-09-19 14:59 - 000002330 _____ C:\ProgramData\Desktop\Brave.lnk
2020-12-29 16:27 - 2020-06-18 13:32 - 000000000 ____D C:\Users\Dohnovan
2020-12-29 16:06 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-25 09:31 - 2020-04-04 11:09 - 000000110 _____ C:\Users\Dohnovan\Desktop\pwi password.txt
2020-12-24 11:57 - 2019-12-07 02:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2020-12-24 10:32 - 2017-04-07 14:15 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-23 12:50 - 2017-12-13 04:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-23 12:38 - 2017-12-09 10:57 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-12-22 13:17 - 2020-06-18 14:39 - 000436016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-22 11:16 - 2019-06-19 19:29 - 002286592 _____ (Farbar) C:\Users\Dohnovan\Desktop\FRST64.exe
2020-12-21 10:31 - 2017-04-11 09:20 - 000000000 ____D C:\Program Files\AMD
2020-12-21 10:22 - 2019-06-19 14:54 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2020-12-21 10:19 - 2020-06-18 15:04 - 000003488 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2020-12-21 10:16 - 2018-04-14 09:45 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\CrashDumps
2020-12-21 10:04 - 2017-04-11 09:20 - 000000000 ____D C:\AMD
2020-12-21 06:44 - 2019-06-19 14:54 - 000429800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2020-12-20 17:50 - 2020-06-18 15:04 - 000003824 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-12-20 17:50 - 2020-06-18 15:04 - 000003382 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-12-20 09:13 - 2018-03-13 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2020-12-19 10:40 - 2020-06-13 09:56 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 10:40 - 2020-06-13 09:56 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-19 10:40 - 2020-06-13 09:56 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-12 21:48 - 2020-11-28 15:39 - 000000091 _____ C:\Users\Dohnovan\Desktop\d&d info.txt
2020-12-11 12:45 - 2019-04-05 08:21 - 000000000 ____D C:\Users\Dohnovan\Desktop\mbar
2020-12-11 12:45 - 2019-04-05 08:21 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-12-09 19:20 - 2020-06-18 10:03 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-09 19:20 - 2018-01-25 14:56 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\BitTorrent
2020-12-09 19:15 - 2020-07-04 13:49 - 000000000 ____D C:\Users\Dohnovan\Desktop\Tauri Launcher
2020-12-09 19:15 - 2017-12-09 12:16 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-12-09 19:01 - 2020-09-08 07:36 - 000002249 _____ C:\Users\Dohnovan\Desktop\Discord.lnk
2020-12-09 19:01 - 2017-12-08 21:16 - 000000000 ____D C:\Users\Dohnovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-12-09 19:01 - 2017-12-08 21:15 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\SquirrelTemp
2020-12-09 17:19 - 2020-06-18 14:49 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-09 17:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-09 17:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-09 17:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-09 17:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-09 17:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-09 17:10 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-09 17:10 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-09 15:57 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-08 10:59 - 2018-01-14 10:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-08 10:59 - 2018-01-14 10:42 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-08 10:59 - 2018-01-14 10:42 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-04 01:02 - 2019-06-30 10:48 - 000000000 ____D C:\Users\Dohnovan\AppData\Local\NPE
 
==================== Files in the root of some directories ========
 
2017-12-18 13:43 - 2017-12-18 13:43 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2019-12-02 19:28 - 2019-12-02 19:28 - 000000000 _____ () C:\Users\Dohnovan\AppData\Local\{2E790E1A-D8C4-4654-B4E8-3C78CC7E0B81}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Dohnovan (03-01-2021 11:50:45)
Running from C:\Users\Dohnovan\Desktop
Windows 10 Home Version 2004 19041.685 (X64) (2020-06-18 22:05:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2108490749-413910539-1021375685-1002 - Limited - Disabled)
Dohnovan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\Dohnovan
Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{5C4734F8-9AF3-4324-A36E-DC147853B2F5}) (Version: 1.2.1101 - Steelseries) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{C9BA81B6-4A0F-454A-B331-81A45A57573E}) (Version: 1.2.1101 - Steelseries) Hidden
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.77 - Brave Software Inc)
Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 0.0.309 - Discord Inc.)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.5.3.0 - miHoYo Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.8.8.889 - SurfRight B.V.)
Intel® Wireless Bluetooth® (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{263d87d0-9772-40be-ab36-eabbdbff49f7}) (Version: 21.20.1 - Intel Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13426.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.1.0 - Nexon)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Path of Building version 1.4.137 (HKLM-x32\...\{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.137 - Openarl)
ProductDaemonSetup (HKLM\...\{C31282E4-C1A3-433C-A803-D9ED4A99DC8F}) (Version: 1.2.1101 - Steelseries) Hidden
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.21.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.5.1215.121019 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSAudio (HKLM-x32\...\{1c112a1f-1120-415d-85ab-7a3de5b0a9c2}) (Version: 1.2.1101 - Steelseries)
SSAudioDaemonMSISetup (HKLM\...\{CDEA766D-38C5-448B-8316-02D01C842E1E}) (Version: 1.2.1101 - Steelseries) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.18.15 (HKLM\...\SteelSeries Engine 3) (Version: 3.18.15 - SteelSeries ApS)
TeamSpeak 3 Client (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
The Witcher 3 Mod Manager (HKLM\...\{B8F09437-C8B5-4DFD-B655-C93E8C05A8DE}) (Version: 0.6.4 - stefan3372)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
 
Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.3.75.0_x64__hvr7qkvwfhvx6 [2020-07-19] (Magik Hub) [MS Ad]
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] (eyeo GmbH)
AdGuard AdBlocker -> C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_3.3.8.0_neutral__m055xr0c82818 [2020-01-11] (Performix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-17] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.183.600.0_x86__kgqvnymyfvs32 [2020-12-11] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.6.10.0_x86__h6adky7gbf63m [2020-12-17] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.38.3802.0_x86__ytsefhwckbdv6 [2020-12-15] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.3.0.5_x86__h6adky7gbf63m [2020-12-15] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-29] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-17] (Microsoft Studios)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-05] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-12-09] (Plex)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-12-27] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [HitmanPro.Alert Shell Extension] -> {6FAC02B7-77D6-418B-AC11-962C65CDE8DD} => C:\WINDOWS\system32\hmpshell.dll [2020-12-21] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Dohnovan\Desktop\Malwarebytes\mbshlext.dll [2021-01-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Dohnovan\Desktop\Malwarebytes\mbshlext.dll [2021-01-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-12-20 22:30 - 2020-12-11 16:37 - 000445952 _____ () [File not signed] C:\Users\Dohnovan\Desktop\Genshin Impact\MHYQtCommon.dll
2020-11-13 14:48 - 2020-11-13 14:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2019-12-23 09:49 - 2019-12-23 09:49 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2019-12-23 09:49 - 2019-12-23 09:49 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2020-12-20 22:30 - 2020-12-11 16:29 - 003404288 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\Dohnovan\Desktop\Genshin Impact\libcrypto-1_1-x64.dll
2020-12-20 22:30 - 2020-12-11 16:29 - 000682496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\Dohnovan\Desktop\Genshin Impact\libssl-1_1-x64.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 15:00 - 2020-11-13 15:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2020-11-29 17:56 - 2020-12-11 16:29 - 006159480 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Users\Dohnovan\Desktop\Genshin Impact\Qt5Core.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 14:03 - 2020-12-29 16:04 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Dohnovan\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\StartupApproved\Run: => "OPENVPN-GUI"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F0412D97-2B69-47C9-BBFB-2ED8469D7CE2}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{54B9FF3F-545D-4E04-86D8-EA8F5621F500}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{A0E149A6-970C-44C4-AFFC-02FC91A4CB96}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{C8177E75-DFAB-46C2-B950-CE420F73D664}C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandsgotyenhanced\binaries\win64\borderlandsgoty.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{1A19CF1E-D116-42F0-B9A7-384643F19007}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{EB032B57-B507-45D3-A36B-2EB7427FE64F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsGOTYEnhanced\Binaries\Win64\Launcher.exe (Gearbox Software) [File not signed]
FirewallRules: [{8B20679D-6B13-4526-A9F9-DA769BDB75F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{6194837C-5728-41B2-9102-A3C8FA70A4DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{E246DB11-0299-4E9E-BAF1-F9600C9E1E87}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F01FBF58-567C-4C2D-9E09-69501E7126D0}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{0C6F481E-F930-4C76-AE5C-202166C80AE3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3A8F03ED-1DF4-4EFC-AB24-470F3D8E2A04}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A73A6A68-3D6E-4ACB-BB1C-69891D2BC2E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D98FA1A5-1463-4F80-B944-62DCFE82B0DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{21FC1428-1EFB-47FF-BF78-DB5B1945382E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A8E5B1A0-6D7D-4D9C-96E1-B72039726CC2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3D351B8C-C55C-4E63-8639-18CAD54C17A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{F51AAC48-DBDB-4C61-8F51-A45DA1FA8EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{778DC5E1-C574-45F8-B392-C78E46DEBF4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{9D6CABF9-DFDA-4F3C-9AC8-6092BAA007E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe () [File not signed]
FirewallRules: [{8D6BD339-6DB0-4B01-B064-950E1CB534FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{D37551E3-AE21-495A-90C1-0CE6907D3259}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe (Arkane Studios) [File not signed]
FirewallRules: [{47CDB22F-7783-4CED-BF1C-D9ACDD81E0D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{7F676C03-41AA-4617-AA13-BC0B88A05086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{F2E459D0-8C52-44F9-B805-AFDA263B500D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AE0EC883-ECC1-4257-9241-1C9586835901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{2C813A9F-F998-4D44-8B34-6963CF481A47}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{355EBCE9-2330-4B92-8E46-C7C76C402DA4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{4F7CACBF-BBB5-428E-B6EE-D1163044D084}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{31B319D4-01B2-48FE-81A7-51110CE771B7}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{732F52FA-463B-4228-8163-A5EC1E0B8C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{50E286A9-EC43-4A42-82B3-B541B6893C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{1F8ED8C6-7BC4-4A9D-A0C4-CB325EFD5D6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{E1E9BDFC-BB39-4D5E-B9CC-F37AA903F734}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C00B9E7C-48C9-403C-A6C7-EF0F869BEEC6}] => (Allow) C:\Users\Dohnovan\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [TCP Query User{A233F08F-5982-4711-85E2-A5AB6B2413D6}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{67787C8A-6E03-4C10-A39A-B801F1DA8CC1}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [{10E915F4-B060-41ED-9099-5EF5FEDC51B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{A1107BB9-D07D-4538-921E-DD81D2AEECB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [TCP Query User{1CCF9CB6-5616-4D68-9F54-857142823256}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [UDP Query User{1E7F3146-2404-4722-94C4-BF984C21F99B}C:\users\dohnovan\desktop\tauri launcher\launcher.exe] => (Allow) C:\users\dohnovan\desktop\tauri launcher\launcher.exe => No File
FirewallRules: [{0450D4F0-E982-4FBF-A817-393889D462C4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2CF2C3AA-B258-40B9-A70E-603E0BA64661}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1811899A-EEA9-42D8-8D9B-8FE5F1770405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{5A4ABCD0-9C26-4B7B-A71B-7A462C5FAEE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{FEB9DDFA-92C3-4EEE-9121-9C02EC448216}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{58CA58B9-2ACB-4585-833F-9B3968EAFB02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B4AF423E-61ED-4C71-943E-3823D1F120A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8361E73E-DEF0-4833-A785-275B9379D584}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0BC59E0C-16F5-4F08-9FAA-402BC954C5D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
18-12-2020 21:19:31 Scheduled Checkpoint
21-12-2020 10:10:44 Radeon Installer
30-12-2020 20:19:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (01/03/2021 07:57:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 4238
 
Start Time: 01d6e1dba621afb7
 
Termination Time: 13
 
Application Path: C:\Users\Dohnovan\Desktop\World of Warcraft 3.3.5a (no install)\Wow.exe
 
Report Id: 50186f68-a1bf-4ebd-97c6-5841f75e31e4
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (01/03/2021 06:31:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.546 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 42ac
 
Start Time: 01d6e1d49b4c9669
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: fd706ea8-5a29-414f-9251-b025fa92b8e3
 
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Hang type: Activation
 
Error: (01/01/2021 09:38:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (01/01/2021 05:31:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GenshinImpact.exe version 2017.4.30.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d60
 
Start Time: 01d6e07086d45fb7
 
Termination Time: 116
 
Application Path: C:\Users\Dohnovan\Desktop\Genshin Impact\Genshin Impact Game\GenshinImpact.exe
 
Report Id: d610abe4-ea07-4898-9a80-d350ba20af06
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (12/31/2020 04:31:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (12/31/2020 04:31:50 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (12/31/2020 03:26:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GenshinImpact.exe version 2017.4.30.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 379c
 
Start Time: 01d6df9166eeb5d1
 
Termination Time: 99
 
Application Path: C:\Users\Dohnovan\Desktop\Genshin Impact\Genshin Impact Game\GenshinImpact.exe
 
Report Id: 006bb836-319c-4ba8-9001-ef552ec87315
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (12/30/2020 04:10:11 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_SNOOZED.
 
 
System errors:
=============
Error: (01/03/2021 06:04:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (01/03/2021 06:04:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
Error: (01/03/2021 06:04:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (01/03/2021 06:04:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
Error: (01/03/2021 06:04:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (01/03/2021 06:04:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
Error: (01/03/2021 06:04:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (01/03/2021 06:04:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dohnovan\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
===================================
Date: 2020-12-26 18:52:41.9510000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B00F86D0-CBB4-4DEF-9BAE-D6D0301AAEFF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-12-25 22:23:05.5110000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7C382BED-9DC2-4122-82A1-771366708F19}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-12-24 01:11:19.3450000Z
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Presenoker
ID: 242420
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\Dohnovan\Downloads\Perfect World Void v109.rar; file:_C:\Users\Dohnovan\Downloads\Perfect World Void v109.rar->Perfect World Void v109\Perfect World Void v73\Perfect World Void\element\Skillsender\Enhance.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.329.930.0, AS: 1.329.930.0, NIS: 1.329.930.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
 
Date: 2020-12-24 01:11:19.3410000Z
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/PiriformBundler
ID: 277517
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\Dohnovan\Downloads\cctrialsetup (1).exe; file:_C:\Users\Dohnovan\Downloads\cctrialsetup (1).exe; file:_C:\Users\Dohnovan\Downloads\cctrialsetup (1).exe->(nsis-instdata); file:_C:\Users\Dohnovan\Downloads\cctrialsetup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.329.930.0, AS: 1.329.930.0, NIS: 1.329.930.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
 
Date: 2020-12-23 15:01:58.9500000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {3753344F-3ABF-4D03-A551-0927528ADFDB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2020-12-31 15:28:25.4800000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 15:28:25.4740000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 15:28:25.4660000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 15:28:25.4560000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 15:28:25.4490000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 15:28:25.3810000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-31 04:40:22.8180000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
Date: 2020-12-31 04:40:22.8150000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\264983736925672704\antimalware_provider64.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.51 05/02/2017
Motherboard: Micro-Star International Co., Ltd B350M BAZOOKA (MS-7A38)
Processor: AMD Ryzen 5 1400 Quad-Core Processor 
Percentage of memory in use: 68%
Total physical RAM: 8144.69 MB
Available physical RAM: 2527.42 MB
Total Virtual: 18906.73 MB
Available Virtual: 7076.23 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:173.77 GB) NTFS
 
\\?\Volume{34b487b2-1f24-455b-888b-88fe24145180}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{7c6e70a3-6b38-47db-a32a-880393128539}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

Don't see anything but run MBAR to make sure:

 

https://www.malwareb...om/antirootkit/


  • 0

#3
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I ran an mbar scan and nothing came up.


  • 0

#4
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I just got a warning from windows defender about a PUA:Win32/PiriformBundler, it says it's in C:\Users\Dohnovan\Downloads, I tried to remove it using windows defender and it loaded for a bit then it stopped loading and said "status:removed", I actually just clicked a "read more" link and found out that it's probably not a big deal, I am still curious as to what you think though. C:\Users\Dohnovan\Downloads\cctrialsetup (1).exe 

C:\Users\Dohnovan\Downloads\cctrialsetup (1).exe

C:\Users\Dohnovan\Downloads\cctrialsetup (1).exe->(nsis-instdata)

C:\Users\Dohnovan\Downloads\cctrialsetup.exe


Edited by Dohnovan, 04 January 2021 - 02:23 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP

It looks like it's the installer for CCleaner.  They are in your downloads folder so you should be able to just delete them of I can build a fixlist to remove them if you like.


  • 0

#6
Dohnovan

Dohnovan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

It's fine, thank you for your help and have a wonderful day. I followed your instructions and everything seems to be fine.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP