Jump to content
AsianAngelo

Random programs keep multiplying

Recommended Posts

I'm not sure how it happened but random programs keep running the background. They kept on multiplying until I disabled them but it stops it for a little bit. I deleted them in program files but about a couple of hours later it came back. Please help!

Screenshot_6.png

Screenshot_7.png

Share this post


Link to post
Share on other sites
Hello AsianAngelo and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/6/19
Scan Time: 9:43 PM
Log File: 0e9a1b3c-d12a-11e9-8c2f-34e6d7251ee1.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12363
License: Trial

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: DESKTOP-S1JDPBI\Leebu

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 289004
Threats Detected: 52
Threats Quarantined: 0
Time Elapsed: 4 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\FORMULAIC\DOLL.EXE, No Action By User, [5868], [691750],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\UNWITTING\PRESSURES.EXE, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\UNWITTING\PRESSURES.EXE, No Action By User, [5868], [702079],1.0.12363

Module: 4
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [10463], [299817],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\FORMULAIC\DOLL.EXE, No Action By User, [5868], [691750],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\UNWITTING\PRESSURES.EXE, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\UNWITTING\PRESSURES.EXE, No Action By User, [5868], [702079],1.0.12363

Registry Key: 6
Adware.DotDo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\cranmer, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7109CAFA-DAEC-4D2F-B261-1948145C83D5}, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{7109CAFA-DAEC-4D2F-B261-1948145C83D5}, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\cranmercranmer, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BF0C88D-F3CB-4641-BE5B-26B223ED9C28}, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3BF0C88D-F3CB-4641-BE5B-26B223ED9C28}, No Action By User, [5868], [702079],1.0.12363

Registry Value: 1
Adware.DotDo.Generic, HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|doll, No Action By User, [5868], [691750],1.0.12363

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.BundleInstaller, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\155000687, No Action By User, [464], [463480],1.0.12363
PUP.Optional.MultyApp, C:\USERS\LEEBU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\WEB APPLICATIONS\_crx_ffoaikciikfpkalahpjefkdfmmeinkij, No Action By User, [4909], [660322],1.0.12363
Adware.PremierOpinion, C:\PROGRAM FILES (X86)\PREMIEROPINION, No Action By User, [2256], [729333],1.0.12363

File: 35
PUP.Optional.BundleInstaller, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\155000687\ic-0.05c765b5ea6414.exe, No Action By User, [464], [463480],1.0.12363
PUP.Optional.BundleInstaller, C:\Users\Leebu\AppData\Local\Temp\155000687\Szglnqcqf.exe, No Action By User, [464], [463480],1.0.12363
PUP.Optional.MultyApp, C:\USERS\LEEBU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\WEB APPLICATIONS\_crx_ffoaikciikfpkalahpjefkdfmmeinkij\Multy App.ico, No Action By User, [4909], [660322],1.0.12363
PUP.Optional.MultyApp, C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ffoaikciikfpkalahpjefkdfmmeinkij\Multy App.ico.md5, No Action By User, [4909], [660322],1.0.12363
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, No Action By User, [2256], [729333],1.0.12363
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, No Action By User, [10463], [299817],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\FORMULAIC\DOLL.EXE, No Action By User, [5868], [691750],1.0.12363
Adware.DotDo.Generic, C:\WINDOWS\SYSTEM32\TASKS\cranmer, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, C:\WINDOWS\SYSTEM32\TASKS\cranmercranmer, No Action By User, [5868], [702079],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\UNWITTING\PRESSURES.EXE, No Action By User, [5868], [702079],1.0.12363
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 6.8.3\STANDALONEPHASE1.DAT, No Action By User, [7941], [393793],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$R1EIFO5.EXE, No Action By User, [10067], [688667],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RARA48J\CIVILIAN.DLL, No Action By User, [10067], [694890],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RCSL98B.DLL, No Action By User, [10067], [688667],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RFICJMZ.EXE, No Action By User, [10067], [694890],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RSO1QDJ.EXE, No Action By User, [10067], [688667],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RGR73YQ.EXE, No Action By User, [10067], [688667],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RM7ZPLX.EXE, No Action By User, [10067], [688667],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RAOHD6H.EXE, No Action By User, [10067], [688667],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RDZYDG5.EXE, No Action By User, [10067], [694890],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RARA48J\CIVILIAN.EXE, No Action By User, [10067], [694890],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\$RECYCLE.BIN\S-1-5-21-2700948062-1647726445-2134823314-1001\$RARA48J\ADVENTITIOUS.EXE, No Action By User, [10067], [694890],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\NSD4690.TMP\ICVPVDPJ.EXE, No Action By User, [10067], [702078],1.0.12363
Adware.PremierOpinion, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\NSTAE52.TMP\POINSTALLER.EXE, No Action By User, [2256], [294391],1.0.12363
Adware.DotDo.Generic, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\NSO7C07.TMP\ASTARTE.EXE, No Action By User, [5868], [692109],1.0.12363
Trojan.IStartSurf, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\RAR$EXB8956.24998\SYNAPSE_X_CRACK.EXE, No Action By User, [7487], [730075],1.0.12363
Adware.DotDo.Generic, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\NSO7C07.TMP\PRESCRIBE.EXE, No Action By User, [5868], [702092],1.0.12363
Generic.Malware/Suspicious, C:\USERS\LEEBU\APPDATA\LOCAL\TEMP\NSO7C07.TMP\28623.EXE, No Action By User, [0], [392686],1.0.12363
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\AMBLING.EXE, No Action By User, [10067], [688667],1.0.12363
Adware.DotDo.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Google Chrome.lnk, No Action By User, [5868], [702092],1.0.12363
Adware.DotDo.Generic, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk, No Action By User, [5868], [702092],1.0.12363
Adware.DotDo.Generic, C:\USERS\LEEBU\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk, No Action By User, [5868], [702092],1.0.12363
Adware.DotDo.Generic, C:\USERS\LEEBU\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Google Chrome.lnk, No Action By User, [5868], [702092],1.0.12363
Adware.DotDo.Generic, C:\USERS\PUBLIC\Desktop\Google Chrome.lnk, No Action By User, [5868], [702092],1.0.12363
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE, No Action By User, [5868], [702092],1.0.12363

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-06.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-07-2019
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [8792 octets] - [07/09/2019 10:02:18]
AdwCleaner[S00].txt - [1388 octets] - [07/09/2019 10:03:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by Leebu (administrator) on DESKTOP-S1JDPBI (Alienware Alienware 17) (07-09-2019 10:27:36)
Running from C:\Users\Leebu\OneDrive\Desktop
Loaded Profiles: Leebu (Available Profiles: Leebu)
Platform: Windows 10 Home Version 1803 17134.950 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Dell Inc. -> Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Discord Inc. -> Discord Inc.) C:\Users\Leebu\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Leebu\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Leebu\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Leebu\AppData\Local\Discord\app-0.0.305\Discord.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Leebu\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Leebu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.18920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11909.1001.7.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Dell Inc. -> Alienware)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8504064 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Provincetown] => "C:\Program Files (x86)\Misperceive\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKLM\...\Run: [Murine] => "C:\Program Files (x86)\adventitious\Civilian.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKLM\...\Run: [Hogen] => "C:\Program Files (x86)\Chashma\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM-x32\...\Run: [Beeper] => "C:\Program Files (x86)\Misperceive\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKLM-x32\...\Run: [Decaf] => "C:\Program Files (x86)\adventitious\Civilian.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKLM-x32\...\Run: [Argentino] => "C:\Program Files (x86)\Chashma\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Discord] => C:\Users\Leebu\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35926416 2019-08-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [2420168 2019-08-28] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Amiability] => "C:\Program Files (x86)\Misperceive\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Daisy] => "C:\Program Files (x86)\adventitious\Civilian.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Knox] => "C:\Program Files (x86)\Chashma\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Rationalist] => "C:\Program Files (x86)\Misperceive\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Ewart] => "C:\Program Files (x86)\adventitious\Civilian.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [Tentative] => "C:\Program Files (x86)\Chashma\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [doll] => "C:\Program Files (x86)\formulaic\doll.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Run: [hairdressing] => "C:\Program Files (x86)\Misperceive\Pakistanis.exe" aflmwaflmwaflmwaflm.aflmzaflmpaflmsaflm.aflmpaflmwaflm/aflmpu2cz0cz1caflmz9cz0gf9gfaflm0pu6puczhtaflmml1oUu5r1iaflmlBdVrS7vHoaflmvp
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-09-06] (Google LLC -> Google LLC)
Startup: C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anglaise.lnk [2019-09-06]
ShortcutTarget: anglaise.lnk -> C:\Program Files (x86)\Misperceive\Pakistanis.exe (No File)
Startup: C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anglaiseanglaise.lnk [2019-09-06]
ShortcutTarget: anglaiseanglaise.lnk -> C:\Program Files (x86)\adventitious\Civilian.exe (No File)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FE2F22A-C471-497A-86B9-11869D6C3D6F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {269AF9C7-74DF-44C2-8D1E-12EE306B34E8} - System32\Tasks\tandon_equidistanttandon_equidistant => C:\Users\Leebu\AppData\Local\Civilian.exe
Task: {26B07801-11EB-438A-B5C2-28E214A1E2F3} - System32\Tasks\proselytism_unscheduled => C:\Program Files (x86)\Chashma\Pakistanis.exe
Task: {29FDC882-5AA8-4F09-A23B-A9101975B8A1} - System32\Tasks\proselytism_unscheduledproselytism_unscheduled => C:\Program Files (x86)\Chashma\Pakistanis.exe
Task: {2FB2A437-D1F2-407C-B8FA-802E5918FE5E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {33611959-0297-4FC7-985A-5DA1062FF479} - System32\Tasks\neutrinosneutrinos => C:\Program Files (x86)\Misperceive\Pakistanis.exe
Task: {33A67864-660B-46CB-A8DE-F20937F1694E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {3BF0C88D-F3CB-4641-BE5B-26B223ED9C28} - System32\Tasks\cranmercranmer => C:\Program Files (x86)\Unwitting\pressures.exe
Task: {4CA003C0-6DB7-48C2-A5B1-92CAEEFA1A74} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {5190DED0-BB78-4098-B3B5-C02E5EE7020E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5440D1C1-4383-42E8-B372-780378EC5866} - System32\Tasks\Opera scheduled Autoupdate 1567566378 => C:\Users\Leebu\AppData\Local\Programs\Opera\launcher.exe [1520152 2019-09-03] (Opera Software AS -> Opera Software)
Task: {61CB81E2-703A-41F0-9351-954064846345} - System32\Tasks\viscusi-floydviscusi-floyd => C:\Program Files (x86)\adventitious\Civilian.exe
Task: {6AF38B1E-2CF1-4C7F-A33A-5A991F6F1419} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E13175C-DDFA-4848-AE0F-FBD2014A1F32} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7109CAFA-DAEC-4D2F-B261-1948145C83D5} - System32\Tasks\cranmer => C:\Program Files (x86)\Unwitting\pressures.exe
Task: {77E2C404-EE00-4823-B9EF-2C82FBFDE33B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8027288E-C30A-460D-B5BE-6BBDBC5E20F9} - System32\Tasks\tandon_equidistant => C:\Users\Leebu\AppData\Local\Civilian.exe
Task: {87F89BDD-662C-4BA5-8BF1-CD21C3A1D8AA} - System32\Tasks\mediterranean boughton abd => C:\Users\Leebu\AppData\Local\Pakistanis.exe
Task: {8F8FD4B3-CB18-4EA4-9AE1-745319E26A0B} - System32\Tasks\neutrinos => C:\Program Files (x86)\Misperceive\Pakistanis.exe
Task: {8FA74209-9429-4461-8B52-01BF680C55A0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {929EC9B8-C4EA-48EF-9F12-F0C4D74B5763} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {94995EAC-C1ED-4987-8782-EE0BBCE144B4} - System32\Tasks\mediterranean boughton abdmediterranean boughton abd => C:\Users\Leebu\AppData\Local\Pakistanis.exe
Task: {9D2D810E-1BC2-47A5-9A16-1039B6DCA5A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-06] (Google Inc -> Google LLC)
Task: {A7B60DA2-0E09-4CF3-9D14-48E82E9C2C23} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A90FAFDE-6AEB-411A-84B9-536096B3E424} - System32\Tasks\moroney freshman => C:\Program Files (x86)\Chashma\Civilian.exe
Task: {B8B2B891-A776-48F6-9DF3-E8357E5E8356} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC5CD1D8-E993-4ABA-A930-B4BD2275BCC5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C10DB99F-8DD9-4A8A-BD77-607938D32796} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C59A1AA2-1D54-44EA-A971-2341FF0736B2} - System32\Tasks\GoogleUpdateTaskMachineUA1d56547c7b44579 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-06] (Google Inc -> Google LLC)
Task: {C8391497-DD8F-4371-A159-FED7BAB5DF45} - System32\Tasks\provisoproviso => C:\Program Files (x86)\bharatiya\bharatiya.exe
Task: {D41AC157-1AC7-4739-A4EC-8B14D6B8CA95} - System32\Tasks\proviso => C:\Program Files (x86)\bharatiya\bharatiya.exe
Task: {DA758D84-4DCD-483F-97C1-2BE02047A63A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E64E1D7A-63E5-42EE-8D94-94617807EEF8} - System32\Tasks\update-S-1-5-21-2700948062-1647726445-2134823314-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {E7DB2945-22BE-44F0-A5A4-A0DB6578A1BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9CC6B7F-FA06-4045-8ED3-6E688DB61BBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-06] (Google Inc -> Google LLC)
Task: {F318839A-263B-41B9-99D6-4BC79E501E44} - System32\Tasks\viscusi-floyd => C:\Program Files (x86)\adventitious\Civilian.exe
Task: {F4E92413-E2BF-4C55-B270-C973FC285671} - System32\Tasks\moroney freshmanmoroney freshman => C:\Program Files (x86)\Chashma\Civilian.exe
Task: {FBD9AAB9-9455-4B8E-8755-0B082CDC0382} - System32\Tasks\GoogleUpdateTaskMachineCore1d56547c7a39528 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-06] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-2700948062-1647726445-2134823314-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5af4a54c-053f-46ce-99e8-280385bdf85f}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e7c40fe4-11f0-42ac-959e-e9ce32ce4188}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-09-06] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-09-06] (Google Inc -> Google LLC)

Chrome: 
=======
CHR Profile: C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default [2019-09-07]
CHR Extension: (Slides) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-13]
CHR Extension: (Docs) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-13]
CHR Extension: (Google Drive) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-13]
CHR Extension: (YouTube) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-13]
CHR Extension: (Honey) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-08-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-08-26]
CHR Extension: (Steam Inventory Helper) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2019-09-03]
CHR Extension: (Roblox Stats) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclphmdapapdejhlefddandngjhdkonb [2019-08-21]
CHR Extension: (CPRewritten Flash Enabler) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgjegocmcicmloagcapoglndjkhpdmm [2019-09-01]
CHR Extension: (Share on Rabbit) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2019-08-13]
CHR Extension: (Sheets) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-13]
CHR Extension: (__MSG_appName__) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jacclmdgigbhmkgccfniikgkfjblkgpa [2019-08-13]
CHR Extension: (Roblox+) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2019-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-13]
CHR Extension: (Gmail) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\Leebu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlienFusionService; C:\Program Files\Alienware\Command Center\AlienFusionService.exe [16104 2014-10-30] (Dell Inc. -> Alienware)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-08-13] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-08-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-07-12] (Intel(R) pGFX -> Intel Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC -> iolo technologies, LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AWCCDriver; C:\WINDOWS\System32\drivers\AWCCDriver.sys [42440 2019-07-31] (IndiLogic LLC -> Dell Inc.)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136720 2018-05-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-11] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-07] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-09-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-09-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-09-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-09-07] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-11] (Microsoft Windows -> Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [53752 2019-04-24] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [68192 2017-02-24] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [72288 2017-02-24] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssbthid; C:\WINDOWS\System32\drivers\ssbthid.sys [43824 2018-11-09] (SteelSeries ApS -> )
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46776 2018-12-21] (SteelSeries ApS -> )
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48032 2018-12-21] (SteelSeries ApS -> SteelSeries ApS)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [48608 2019-07-31] (Microsoft Windows Hardware Compatibility Publisher -> STMicroelectronics)
R3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2019-07-02] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-08-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-08-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-13] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel(R) Software -> Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-07 10:27 - 2019-09-07 10:27 - 000000000 ____D C:\FRST
2019-09-07 10:12 - 2019-09-07 10:12 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-09-07 10:12 - 2019-09-07 10:12 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-09-07 10:12 - 2019-09-07 10:12 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-09-07 10:11 - 2019-09-07 10:11 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-09-07 10:02 - 2019-09-07 10:02 - 000000000 ____D C:\AdwCleaner
2019-09-07 09:43 - 2019-09-07 09:43 - 000000000 ___HD C:\OneDriveTemp
2019-09-07 00:21 - 2019-09-07 00:21 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-06 23:50 - 2019-09-06 23:50 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-09-06 23:45 - 2019-09-06 23:45 - 000003448 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d56547c7b44579
2019-09-06 23:45 - 2019-09-06 23:45 - 000003324 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d56547c7a39528
2019-09-06 23:45 - 2019-09-06 23:45 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-06 23:45 - 2019-09-06 23:45 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-06 21:43 - 2019-09-06 21:43 - 000000000 ____D C:\Users\Leebu\AppData\Local\mbam
2019-09-06 21:41 - 2019-09-06 21:41 - 000000000 ____D C:\Users\Leebu\AppData\Local\mbamtray
2019-09-06 21:40 - 2019-09-06 21:40 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-06 21:40 - 2019-09-06 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-06 21:40 - 2019-09-06 21:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-06 21:40 - 2019-09-06 21:40 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-06 21:40 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-09-06 21:40 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-06 17:02 - 2019-09-06 17:02 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Macromedia
2019-09-06 17:00 - 2019-09-06 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2019-09-06 17:00 - 2019-09-06 17:00 - 000000000 ____D C:\ProgramData\Roblox
2019-09-06 17:00 - 2019-09-06 17:00 - 000000000 ____D C:\Program Files (x86)\Roblox
2019-09-06 16:59 - 2019-09-06 23:25 - 000000001 _____ C:\shgs
2019-09-06 16:58 - 2019-09-06 23:29 - 000000000 ___HD C:\Program Files (x86)\formulaic
2019-09-06 16:58 - 2019-09-06 17:37 - 000000000 ___HD C:\Program Files (x86)\Chashma
2019-09-06 16:58 - 2019-09-06 16:58 - 000004112 _____ C:\WINDOWS\System32\Tasks\proselytism_unscheduled
2019-09-06 16:58 - 2019-09-06 16:58 - 000004112 _____ C:\WINDOWS\System32\Tasks\mediterranean boughton abd
2019-09-06 16:58 - 2019-09-06 16:58 - 000004096 _____ C:\WINDOWS\System32\Tasks\viscusi-floyd
2019-09-06 16:58 - 2019-09-06 16:58 - 000004094 _____ C:\WINDOWS\System32\Tasks\tandon_equidistant
2019-09-06 16:58 - 2019-09-06 16:58 - 000004092 _____ C:\WINDOWS\System32\Tasks\neutrinos
2019-09-06 16:58 - 2019-09-06 16:58 - 000004092 _____ C:\WINDOWS\System32\Tasks\moroney freshman
2019-09-06 16:58 - 2019-09-06 16:58 - 000004082 _____ C:\WINDOWS\System32\Tasks\proviso
2019-09-06 16:58 - 2019-09-06 16:58 - 000004082 _____ C:\WINDOWS\System32\Tasks\cranmer
2019-09-06 16:58 - 2019-09-06 16:58 - 000004014 _____ C:\WINDOWS\System32\Tasks\mediterranean boughton abdmediterranean boughton abd
2019-09-06 16:58 - 2019-09-06 16:58 - 000004008 _____ C:\WINDOWS\System32\Tasks\proselytism_unscheduledproselytism_unscheduled
2019-09-06 16:58 - 2019-09-06 16:58 - 000003980 _____ C:\WINDOWS\System32\Tasks\tandon_equidistanttandon_equidistant
2019-09-06 16:58 - 2019-09-06 16:58 - 000003976 _____ C:\WINDOWS\System32\Tasks\moroney freshmanmoroney freshman
2019-09-06 16:58 - 2019-09-06 16:58 - 000003974 _____ C:\WINDOWS\System32\Tasks\viscusi-floydviscusi-floyd
2019-09-06 16:58 - 2019-09-06 16:58 - 000003960 _____ C:\WINDOWS\System32\Tasks\neutrinosneutrinos
2019-09-06 16:58 - 2019-09-06 16:58 - 000003946 _____ C:\WINDOWS\System32\Tasks\provisoproviso
2019-09-06 16:58 - 2019-09-06 16:58 - 000003946 _____ C:\WINDOWS\System32\Tasks\cranmercranmer
2019-09-04 21:43 - 2019-09-04 21:43 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Apple Computer
2019-09-04 21:43 - 2019-09-04 21:43 - 000000000 ____D C:\Users\Leebu\AppData\Local\Apple Computer
2019-09-04 21:42 - 2019-09-04 21:42 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-09-04 21:42 - 2019-09-04 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-09-04 21:42 - 2019-09-04 21:42 - 000000000 ____D C:\Program Files\iPod
2019-09-04 21:41 - 2019-09-04 21:42 - 000000000 ____D C:\Program Files\iTunes
2019-09-04 21:41 - 2019-09-04 21:41 - 000000000 ____D C:\ProgramData\Apple Computer
2019-09-04 21:39 - 2019-09-04 21:39 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2019-09-04 21:39 - 2019-09-04 21:39 - 000000000 ____D C:\Users\Leebu\AppData\Local\Apple
2019-09-04 21:39 - 2019-09-04 21:39 - 000000000 ____D C:\Program Files\Bonjour
2019-09-04 21:39 - 2019-09-04 21:39 - 000000000 ____D C:\Program Files (x86)\Bonjour
2019-09-04 21:39 - 2019-09-04 21:39 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-09-04 21:38 - 2019-09-04 21:39 - 000000000 ____D C:\Program Files\Common Files\Apple
2019-09-04 21:37 - 2019-09-04 21:39 - 000000000 ____D C:\ProgramData\Apple
2019-09-03 20:06 - 2019-09-03 20:06 - 000004206 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1567566378
2019-09-03 20:06 - 2019-09-03 20:06 - 000001397 _____ C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-09-03 20:06 - 2019-09-03 20:06 - 000000000 ____D C:\Users\Leebu\AppData\Local\Opera Software
2019-09-03 20:05 - 2019-09-03 20:05 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Opera Software
2019-09-01 14:32 - 2019-09-01 14:32 - 000000000 ____D C:\Users\Leebu\AppData\LocalLow\Robot Gentleman
2019-08-30 22:11 - 2019-09-06 15:50 - 000000000 ____D C:\ProgramData\Voicemod
2019-08-30 22:01 - 2019-09-06 15:42 - 000000000 ____D C:\Users\Leebu\AppData\Local\Voicemod
2019-08-30 22:01 - 2019-08-30 22:01 - 000000944 _____ C:\Users\Public\Desktop\Voicemod.lnk
2019-08-30 22:01 - 2019-08-30 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod Desktop
2019-08-30 22:01 - 2019-08-30 22:01 - 000000000 ____D C:\Program Files\Voicemod Desktop
2019-08-30 22:01 - 2019-07-02 17:27 - 000045408 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vmdrv.sys
2019-08-29 16:12 - 2019-08-29 16:15 - 000000000 ____D C:\Users\Leebu\AppData\Local\CastleMinerZ
2019-08-28 20:13 - 2019-08-28 20:13 - 000000000 ____D C:\Users\Leebu\AppData\LocalLow\Hyper Hippo Productions Ltd_
2019-08-28 19:49 - 2019-08-29 14:22 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2019-08-28 19:49 - 2019-08-29 14:22 - 000017148 _____ C:\WINDOWS\diagerr.xml
2019-08-28 17:09 - 2019-08-28 17:09 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2019-08-27 21:22 - 2019-08-28 20:14 - 000000000 ____D C:\Users\Leebu\AppData\LocalLow\Unity
2019-08-27 21:22 - 2019-08-27 21:22 - 000000000 ____D C:\Users\Leebu\AppData\LocalLow\Ninja Kiwi
2019-08-27 20:26 - 2019-08-27 20:26 - 000000000 ____D C:\Users\Leebu\AppData\Local\GameAnalytics
2019-08-24 01:43 - 2019-08-24 01:43 - 000003218 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2019-08-24 01:42 - 2019-08-24 01:42 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-08-22 17:28 - 2019-08-22 17:28 - 000022648 _____ C:\Users\Leebu\OneDrive\Documents\BouS' Battleblock Theater Hacks.CT
2019-08-21 18:14 - 2019-09-05 20:31 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\obs-studio
2019-08-21 18:11 - 2019-08-21 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2019-08-21 18:10 - 2019-08-21 18:11 - 000000000 ____D C:\Program Files\obs-studio
2019-08-21 17:40 - 2019-08-21 17:40 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\WinRAR
2019-08-21 17:06 - 2019-08-21 17:06 - 000001048 _____ C:\Users\Public\Desktop\WinRAR.lnk
2019-08-21 17:06 - 2019-08-21 17:06 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-21 17:06 - 2019-08-21 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-21 17:06 - 2019-08-21 17:06 - 000000000 ____D C:\Program Files\WinRAR
2019-08-19 19:56 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2019-08-19 19:56 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2019-08-19 19:56 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2019-08-19 19:56 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2019-08-19 19:56 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2019-08-19 19:56 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2019-08-19 19:56 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2019-08-19 19:56 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2019-08-19 19:56 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2019-08-19 19:56 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2019-08-19 19:56 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2019-08-19 19:56 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2019-08-19 19:56 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2019-08-19 19:56 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2019-08-19 19:56 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2019-08-19 19:56 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2019-08-19 19:56 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2019-08-19 19:56 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2019-08-19 19:56 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2019-08-19 19:56 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2019-08-19 19:56 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2019-08-19 19:56 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2019-08-19 19:56 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2019-08-19 19:56 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2019-08-19 19:56 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2019-08-19 19:56 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2019-08-19 19:56 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2019-08-19 19:56 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2019-08-19 19:56 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2019-08-19 19:56 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2019-08-19 19:56 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2019-08-19 19:56 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2019-08-19 19:56 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2019-08-19 19:56 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2019-08-19 19:56 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2019-08-19 19:56 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2019-08-19 19:56 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2019-08-19 19:56 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2019-08-19 19:56 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2019-08-19 19:56 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2019-08-19 19:56 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2019-08-19 19:56 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2019-08-19 19:56 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2019-08-19 19:56 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2019-08-19 19:56 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2019-08-19 19:56 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2019-08-19 19:56 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2019-08-19 19:56 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2019-08-19 19:56 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2019-08-19 19:56 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2019-08-19 19:56 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2019-08-19 19:56 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2019-08-19 19:56 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2019-08-19 19:56 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2019-08-19 19:56 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2019-08-19 19:56 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2019-08-19 19:56 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2019-08-19 19:56 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2019-08-19 19:56 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2019-08-19 19:56 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2019-08-19 19:56 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2019-08-19 19:56 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2019-08-19 19:56 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2019-08-19 19:56 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2019-08-19 19:56 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2019-08-19 19:56 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2019-08-19 19:56 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2019-08-19 19:56 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2019-08-19 19:56 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2019-08-19 19:56 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2019-08-19 19:56 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2019-08-19 19:56 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2019-08-19 19:56 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2019-08-19 19:56 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2019-08-19 19:56 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2019-08-19 19:56 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2019-08-19 19:56 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2019-08-19 19:56 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2019-08-19 19:56 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2019-08-19 19:56 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2019-08-19 19:56 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2019-08-19 19:56 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2019-08-19 19:56 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2019-08-19 19:56 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2019-08-19 19:56 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2019-08-19 19:56 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2019-08-19 19:56 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2019-08-19 19:56 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2019-08-19 19:56 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2019-08-19 19:56 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2019-08-19 19:56 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2019-08-19 19:56 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2019-08-19 19:56 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2019-08-19 19:56 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2019-08-19 19:56 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2019-08-19 19:56 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2019-08-19 19:56 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2019-08-19 19:56 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2019-08-19 19:56 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2019-08-19 19:56 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2019-08-19 19:56 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2019-08-19 19:56 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2019-08-19 19:56 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2019-08-19 19:56 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2019-08-19 19:56 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2019-08-19 19:56 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2019-08-19 19:56 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2019-08-19 19:56 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2019-08-19 19:56 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2019-08-19 19:56 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2019-08-19 19:56 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2019-08-19 19:56 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2019-08-19 19:56 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2019-08-19 19:56 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2019-08-19 19:56 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2019-08-19 19:56 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2019-08-19 19:56 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2019-08-19 19:56 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2019-08-19 19:56 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2019-08-19 19:56 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2019-08-19 19:56 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2019-08-19 19:56 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2019-08-19 19:56 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2019-08-19 19:56 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2019-08-19 19:56 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2019-08-19 19:56 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2019-08-19 19:56 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2019-08-19 19:55 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2019-08-19 19:55 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2019-08-19 19:55 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2019-08-19 19:55 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2019-08-19 19:55 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2019-08-19 19:55 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2019-08-19 19:55 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2019-08-19 19:55 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2019-08-19 19:55 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2019-08-19 19:55 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2019-08-19 19:55 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2019-08-19 19:55 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2019-08-19 19:55 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2019-08-19 19:55 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2019-08-19 19:55 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2019-08-19 19:55 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2019-08-19 19:48 - 2019-09-07 09:53 - 000000000 ____D C:\Program Files\Cheat Engine 6.8.3
2019-08-19 19:48 - 2019-08-19 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.8.3
2019-08-19 19:34 - 2019-08-19 19:34 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\NVIDIA
2019-08-19 14:58 - 2019-09-07 09:41 - 000000000 ____D C:\Users\Leebu\AppData\Local\CrashDumps
2019-08-18 17:19 - 2019-08-18 17:20 - 000000000 ____D C:\Users\Leebu\AppData\Local\NVIDIA
2019-08-18 17:19 - 2019-08-18 17:19 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:19 - 2019-08-18 17:19 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:19 - 2019-08-18 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-08-18 17:19 - 2019-06-18 01:59 - 002785776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2019-08-18 17:19 - 2019-06-18 01:59 - 002164080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2019-08-18 17:19 - 2019-06-18 01:59 - 001316664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2019-08-18 17:18 - 2019-08-18 17:18 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-08-18 17:18 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-08-18 17:18 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-08-18 17:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-08-18 17:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-08-18 17:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-08-18 17:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-08-18 17:18 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-08-18 17:18 - 2019-06-18 01:56 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-08-18 17:18 - 2019-06-12 20:37 - 000179184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2019-08-18 17:18 - 2019-06-12 20:37 - 000154608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2019-08-18 17:18 - 2019-03-05 21:33 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-08-17 19:16 - 2019-08-17 19:16 - 000000000 ____D C:\Users\Leebu\AppData\Local\CrashReportClient
2019-08-17 17:15 - 2019-08-17 17:15 - 000000000 ____D C:\Users\Leebu\AppData\Local\lolStudios
2019-08-16 15:23 - 2019-08-16 15:23 - 000000000 ____D C:\Users\Leebu\AppData\Local\Software Statistics Service
2019-08-15 20:59 - 2019-08-15 20:59 - 000001886 _____ C:\Users\Public\Desktop\Alienware Command Center.lnk
2019-08-15 20:59 - 2019-08-15 20:59 - 000000000 ____D C:\ProgramData\iolo
2019-08-15 20:59 - 2019-08-15 20:59 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-08-15 20:58 - 2019-08-15 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2019-08-15 20:58 - 2019-08-15 20:58 - 000000000 ____D C:\Program Files\Alienware
2019-08-15 20:56 - 2019-08-15 20:56 - 000000000 ____D C:\Users\Leebu\AppData\Local\Downloaded Installations
2019-08-15 12:21 - 2019-08-15 12:21 - 000000000 ____D C:\ProgramData\Dell
2019-08-14 18:37 - 2019-08-14 18:37 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\EasyAntiCheat
2019-08-14 18:37 - 2019-08-14 18:37 - 000000000 ____D C:\Users\Leebu\AppData\Local\OneDrive
2019-08-14 15:57 - 2019-08-14 15:57 - 000000000 ____D C:\Users\Leebu\AppData\Local\IsolatedStorage
2019-08-14 15:57 - 2019-08-14 15:57 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2019-08-14 15:57 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2019-08-14 15:57 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2019-08-14 15:57 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2019-08-14 15:57 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2019-08-14 15:57 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2019-08-14 15:42 - 2019-08-14 15:42 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-14 13:35 - 2019-08-14 13:35 - 000000000 ____D C:\Program Files\UNP
2019-08-13 23:23 - 2019-08-13 23:23 - 000000000 ____D C:\Users\Leebu\AppData\Local\DBG
2019-08-13 22:52 - 2019-08-07 06:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-13 22:52 - 2019-08-07 01:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-13 22:52 - 2019-08-07 01:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-13 22:52 - 2019-08-07 00:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-13 22:52 - 2019-08-07 00:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-13 22:52 - 2019-08-07 00:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-13 22:52 - 2019-08-07 00:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-13 22:52 - 2019-08-07 00:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-13 22:52 - 2019-08-07 00:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-13 22:52 - 2019-08-07 00:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-13 22:52 - 2019-08-07 00:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-13 22:52 - 2019-07-09 01:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-13 22:52 - 2019-07-09 00:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-13 22:52 - 2019-07-08 23:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-13 22:52 - 2019-07-08 20:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-13 22:52 - 2019-07-08 19:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-13 22:51 - 2019-08-07 06:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-13 22:51 - 2019-08-07 06:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-13 22:51 - 2019-08-07 06:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-13 22:51 - 2019-08-07 05:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-13 22:51 - 2019-08-07 05:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-13 22:51 - 2019-08-07 05:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-13 22:51 - 2019-08-07 05:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-13 22:51 - 2019-08-07 05:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-13 22:51 - 2019-08-07 05:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-13 22:51 - 2019-08-07 05:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-13 22:51 - 2019-08-07 05:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-13 22:51 - 2019-08-07 05:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-13 22:51 - 2019-08-07 05:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-13 22:51 - 2019-08-07 05:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-13 22:51 - 2019-08-07 05:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-13 22:51 - 2019-08-07 05:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-13 22:51 - 2019-08-07 05:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-13 22:51 - 2019-08-07 05:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-13 22:51 - 2019-08-07 05:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-13 22:51 - 2019-08-07 05:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-13 22:51 - 2019-08-07 05:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-13 22:51 - 2019-08-07 05:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-13 22:51 - 2019-08-07 05:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-13 22:51 - 2019-08-07 05:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-13 22:51 - 2019-08-07 05:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-13 22:51 - 2019-08-07 05:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-13 22:51 - 2019-08-07 05:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-13 22:51 - 2019-08-07 02:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-13 22:51 - 2019-08-07 01:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-13 22:51 - 2019-08-07 01:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-13 22:51 - 2019-08-07 01:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-13 22:51 - 2019-08-07 01:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-13 22:51 - 2019-08-07 01:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-13 22:51 - 2019-08-07 01:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-13 22:51 - 2019-08-07 01:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-13 22:51 - 2019-08-07 01:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-13 22:51 - 2019-08-07 01:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-13 22:51 - 2019-08-07 01:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-13 22:51 - 2019-08-07 01:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-13 22:51 - 2019-08-07 01:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-13 22:51 - 2019-08-07 01:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-13 22:51 - 2019-08-07 01:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-13 22:51 - 2019-08-07 01:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-13 22:51 - 2019-08-07 01:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-13 22:51 - 2019-08-07 01:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-13 22:51 - 2019-08-07 01:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-13 22:51 - 2019-08-07 01:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-13 22:51 - 2019-08-07 01:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-13 22:51 - 2019-08-07 01:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-13 22:51 - 2019-08-07 00:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-13 22:51 - 2019-08-07 00:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-13 22:51 - 2019-08-07 00:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-13 22:51 - 2019-08-07 00:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-13 22:51 - 2019-08-07 00:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-13 22:51 - 2019-08-07 00:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-13 22:51 - 2019-08-07 00:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-13 22:51 - 2019-08-07 00:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-13 22:51 - 2019-08-07 00:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-13 22:51 - 2019-08-07 00:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-13 22:51 - 2019-08-07 00:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-13 22:51 - 2019-08-07 00:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-13 22:51 - 2019-08-07 00:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-13 22:51 - 2019-08-07 00:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-13 22:51 - 2019-08-07 00:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-13 22:51 - 2019-08-07 00:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-13 22:51 - 2019-08-07 00:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-13 22:51 - 2019-08-07 00:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-13 22:51 - 2019-08-07 00:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-13 22:51 - 2019-08-07 00:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-13 22:51 - 2019-08-07 00:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-13 22:51 - 2019-08-07 00:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-13 22:51 - 2019-08-07 00:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-13 22:51 - 2019-08-07 00:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-13 22:51 - 2019-08-07 00:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-13 22:51 - 2019-08-07 00:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-13 22:51 - 2019-08-07 00:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-13 22:51 - 2019-08-07 00:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-13 22:51 - 2019-08-07 00:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-13 22:51 - 2019-08-07 00:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-13 22:51 - 2019-08-07 00:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-13 22:51 - 2019-08-07 00:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-13 22:51 - 2019-08-07 00:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-13 22:51 - 2019-08-07 00:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-13 22:51 - 2019-08-07 00:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-13 22:51 - 2019-08-07 00:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-13 22:51 - 2019-08-07 00:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-13 22:51 - 2019-08-07 00:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-13 22:51 - 2019-08-07 00:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-13 22:51 - 2019-08-07 00:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-13 22:51 - 2019-08-07 00:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-13 22:51 - 2019-08-07 00:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-13 22:51 - 2019-08-07 00:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-13 22:51 - 2019-08-06 23:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-13 22:51 - 2019-07-10 23:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-13 22:51 - 2019-07-10 18:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-13 22:51 - 2019-07-10 18:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-13 22:51 - 2019-07-10 18:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-13 22:51 - 2019-07-09 01:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-13 22:51 - 2019-07-09 01:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-13 22:51 - 2019-07-09 01:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-13 22:51 - 2019-07-09 00:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-13 22:51 - 2019-07-09 00:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-13 22:51 - 2019-07-09 00:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-13 22:51 - 2019-07-09 00:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-13 22:51 - 2019-07-09 00:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-13 22:51 - 2019-07-09 00:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-13 22:51 - 2019-07-09 00:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-13 22:51 - 2019-07-09 00:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-13 22:51 - 2019-07-09 00:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-13 22:51 - 2019-07-09 00:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-13 22:51 - 2019-07-09 00:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-13 22:51 - 2019-07-09 00:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-13 22:51 - 2019-07-09 00:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-13 22:51 - 2019-07-09 00:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-13 22:51 - 2019-07-08 23:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-13 22:51 - 2019-07-08 23:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-13 22:51 - 2019-07-08 20:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-13 22:51 - 2019-07-08 20:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-13 22:51 - 2019-07-08 20:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-13 22:51 - 2019-07-08 20:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-13 22:51 - 2019-07-08 20:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-13 22:51 - 2019-07-08 20:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-13 22:51 - 2019-07-08 20:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-13 22:51 - 2019-07-08 20:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-13 22:51 - 2019-07-08 20:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-13 22:51 - 2019-07-08 20:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-13 22:51 - 2019-07-08 20:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-13 22:51 - 2019-07-08 20:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-13 22:51 - 2019-07-08 20:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-13 22:51 - 2019-07-08 20:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-13 22:51 - 2019-07-08 20:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-13 22:51 - 2019-07-08 20:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-13 22:51 - 2019-07-08 20:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-13 22:51 - 2019-07-08 20:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-13 22:51 - 2019-07-08 19:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-13 22:51 - 2019-07-08 19:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-13 22:51 - 2019-07-08 19:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-13 22:51 - 2019-07-08 19:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-13 22:51 - 2019-07-08 19:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-13 22:51 - 2019-07-08 19:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-13 22:51 - 2019-07-08 19:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-13 22:51 - 2019-07-08 19:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-13 22:51 - 2019-07-08 19:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-13 22:51 - 2019-07-08 19:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-13 22:51 - 2019-07-08 19:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-13 22:51 - 2019-07-08 19:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-13 22:51 - 2019-07-08 19:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-13 22:51 - 2019-07-08 19:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-13 22:51 - 2019-07-08 19:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-13 22:51 - 2019-07-08 19:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-13 22:51 - 2019-07-08 19:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-13 22:51 - 2019-07-08 19:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-13 22:51 - 2019-07-08 19:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-13 22:51 - 2019-07-08 19:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-13 22:51 - 2019-07-08 19:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-13 22:51 - 2019-07-08 19:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-13 22:51 - 2019-07-08 19:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-13 22:51 - 2019-07-08 19:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-13 22:51 - 2019-07-08 19:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-13 22:51 - 2019-07-08 19:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-13 22:51 - 2019-07-08 19:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-13 22:51 - 2019-07-08 19:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-13 22:51 - 2019-07-08 19:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-13 22:51 - 2019-07-08 19:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-13 22:51 - 2019-07-08 19:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-13 22:51 - 2019-07-08 19:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-13 22:51 - 2019-07-08 19:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-13 22:51 - 2019-07-08 19:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-13 22:51 - 2019-07-08 19:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-13 22:51 - 2019-07-08 19:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-13 22:51 - 2019-07-08 19:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-13 22:51 - 2019-07-08 19:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-13 22:51 - 2019-07-08 19:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-13 22:51 - 2019-07-08 19:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-13 22:51 - 2019-07-08 19:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-13 22:51 - 2019-07-08 19:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-13 22:51 - 2019-07-08 19:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-13 22:51 - 2019-07-08 19:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-13 22:51 - 2019-07-08 19:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-13 22:51 - 2019-07-08 19:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-13 22:51 - 2019-07-08 19:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-13 22:51 - 2019-07-08 19:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-13 22:51 - 2019-07-08 19:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-13 22:51 - 2019-07-08 19:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-13 22:51 - 2019-07-08 19:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-13 22:51 - 2019-07-08 19:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-13 22:51 - 2019-07-08 19:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-13 22:51 - 2019-07-08 19:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-13 22:51 - 2019-07-08 19:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-13 22:51 - 2019-07-08 19:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-13 22:51 - 2019-07-08 19:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-13 22:51 - 2019-07-08 19:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-13 22:51 - 2019-07-08 19:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-13 22:51 - 2019-07-08 19:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-13 22:51 - 2019-07-08 19:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-13 22:51 - 2019-06-19 19:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-13 22:48 - 2019-08-13 22:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-13 22:48 - 2019-08-13 22:48 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-13 22:46 - 2019-08-13 22:46 - 000001023 _____ C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2019-08-13 22:44 - 2019-08-16 15:44 - 000000000 ____D C:\Users\Leebu\AppData\Local\osu!
2019-08-13 22:38 - 2019-08-13 22:38 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Google
2019-08-13 22:35 - 2019-08-29 17:42 - 000000000 ____D C:\Program Files\rempl
2019-08-13 20:18 - 2019-08-13 20:18 - 000000000 ___SH C:\Users\Public\Shared Files
2019-08-13 20:11 - 2019-09-06 23:50 - 000000000 ____D C:\Users\Leebu\AppData\Local\NVIDIA Corporation
2019-08-13 20:10 - 2019-08-14 18:37 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-08-13 20:10 - 2019-08-13 20:10 - 000000000 ____D C:\Users\Leebu\AppData\Local\FortniteGame
2019-08-13 17:19 - 2019-08-13 17:19 - 000000000 ____D C:\Program Files\Epic Games
2019-08-13 17:11 - 2019-08-17 12:05 - 000000000 ____D C:\Users\Leebu\AppData\Local\D3DSCache
2019-08-13 16:03 - 2019-08-13 16:05 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Kast
2019-08-13 16:03 - 2019-08-13 16:03 - 000002259 _____ C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kast.lnk
2019-08-13 16:03 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2019-08-13 16:03 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2019-08-13 16:03 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2019-08-13 16:03 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2019-08-13 16:03 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2019-08-13 16:03 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2019-08-13 16:02 - 2019-08-13 16:02 - 000000000 ____D C:\Users\Leebu\AppData\Local\kast-app-updater
2019-08-13 16:02 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2019-08-13 16:02 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2019-08-13 16:02 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2019-08-13 16:02 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2019-08-13 16:02 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2019-08-13 16:02 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2019-08-13 16:02 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2019-08-13 16:00 - 2019-08-14 13:25 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job
2019-08-13 16:00 - 2019-08-14 13:25 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2700948062-1647726445-2134823314-1001.job
2019-08-13 16:00 - 2019-08-13 16:00 - 000003410 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-2700948062-1647726445-2134823314-1001
2019-08-13 16:00 - 2019-08-13 16:00 - 000003346 _____ C:\WINDOWS\System32\Tasks\update-sys
2019-08-13 16:00 - 2019-08-13 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2019-08-13 16:00 - 2019-08-13 16:00 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2019-08-13 15:58 - 2019-08-30 22:04 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-13 15:56 - 2019-08-13 20:10 - 000000000 ____D C:\Users\Leebu\AppData\Local\UnrealEngine
2019-08-13 15:56 - 2019-08-13 15:56 - 000000000 ____D C:\Users\Leebu\AppData\Local\UnrealEngineLauncher
2019-08-13 15:56 - 2019-08-13 15:56 - 000000000 ____D C:\Users\Leebu\AppData\Local\EpicGamesLauncher
2019-08-13 15:56 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2019-08-13 15:56 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2019-08-13 15:56 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2019-08-13 15:56 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2019-08-13 15:56 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2019-08-13 15:54 - 2019-08-13 15:54 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2019-08-13 15:54 - 2019-08-13 15:54 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2019-08-13 15:53 - 2019-08-13 17:17 - 000000000 ____D C:\ProgramData\Epic
2019-08-13 15:53 - 2019-08-13 15:53 - 000000000 ____D C:\Program Files (x86)\Epic Games
2019-08-13 15:52 - 2019-09-06 17:01 - 000000253 _____ C:\Users\Leebu\AppData\LocalLow\rbxcsettings.rbx
2019-08-13 15:52 - 2019-09-04 15:34 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-08-13 15:52 - 2019-08-21 18:03 - 000000000 ____D C:\Users\Leebu\AppData\Local\Roblox
2019-08-13 15:45 - 2019-08-13 15:45 - 000000000 ____D C:\Users\Leebu\AppData\Local\Steam
2019-08-13 15:45 - 2019-08-13 15:45 - 000000000 ____D C:\Users\Leebu\AppData\Local\CEF
2019-08-13 15:42 - 2019-09-03 21:51 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-13 15:42 - 2019-08-13 15:42 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2019-08-13 15:42 - 2019-08-13 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-08-13 15:39 - 2019-09-05 19:24 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Discord
2019-08-13 15:39 - 2019-08-13 15:39 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-08-13 15:39 - 2019-08-13 15:39 - 000000000 ____D C:\Users\Leebu\AppData\Local\Discord
2019-08-13 15:38 - 2019-08-13 15:40 - 000000000 ____D C:\Users\Leebu\AppData\Local\SquirrelTemp
2019-08-13 15:34 - 2019-09-06 23:45 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-13 15:34 - 2019-09-06 23:41 - 000000000 ____D C:\Users\Leebu\AppData\Local\Google
2019-08-13 15:34 - 2019-08-13 15:34 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-13 15:34 - 2019-08-13 15:34 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-13 15:33 - 2019-08-13 16:20 - 000000000 ____D C:\ProgramData\Packages
2019-08-13 15:32 - 2019-08-13 15:32 - 000000000 ___HD C:\Users\Leebu\MicrosoftEdgeBackups
2019-08-13 15:21 - 2019-08-13 15:21 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\My Cheat Tables
2019-08-13 15:21 - 2019-08-13 15:21 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\AutomaticSolution Software
2019-08-13 15:21 - 2017-11-26 19:00 - 000783175 _____ C:\Users\Leebu\OneDrive\Documents\AutoClicker.exe
2019-08-13 15:20 - 2019-09-07 10:14 - 000000000 ___RD C:\Users\Leebu\OneDrive
2019-08-13 15:20 - 2019-09-06 23:56 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\Lightshot
2019-08-13 15:20 - 2019-08-13 15:20 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2700948062-1647726445-2134823314-1001
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\Steam Achievement
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\SavedGames
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\ROBLOX
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\OFX Presets
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\My Games
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\Bandicam
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\Alienware TactX
2019-08-13 15:20 - 2019-08-13 15:20 - 000000000 ____D C:\Users\Leebu\OneDrive\Documents\AlienFX
2019-08-13 15:19 - 2019-08-13 15:48 - 000000000 ____D C:\Users\Leebu\AppData\Local\PlaceholderTileLogoFolder
2019-08-13 15:19 - 2019-08-13 15:19 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-08-13 15:18 - 2019-08-13 15:33 - 000000000 ____D C:\Users\Leebu\AppData\Local\MicrosoftEdge
2019-08-13 15:18 - 2019-08-13 15:18 - 000000000 ____D C:\Users\Leebu\AppData\Local\Comms
2019-08-13 15:17 - 2019-08-13 15:43 - 000000000 ____D C:\Users\Leebu\AppData\Local\Publishers
2019-08-13 15:17 - 2019-08-13 15:17 - 000000000 ____D C:\Users\Leebu\AppData\Local\PackageStaging
2019-08-13 15:16 - 2019-09-07 10:13 - 000000000 __SHD C:\Users\Leebu\IntelGraphicsProfiles
2019-08-13 15:16 - 2019-08-14 13:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-13 15:16 - 2019-08-14 13:27 - 000000000 ___RD C:\Users\Leebu\3D Objects
2019-08-13 15:16 - 2019-08-13 16:08 - 000000000 ____D C:\Users\Leebu\AppData\Local\Packages
2019-08-13 15:16 - 2019-08-13 15:17 - 000000000 ____D C:\Users\Leebu\AppData\Local\ConnectedDevicesPlatform
2019-08-13 15:16 - 2019-08-13 15:16 - 000000000 ____D C:\Users\Leebu\AppData\Roaming\Adobe
2019-08-13 15:16 - 2019-08-13 15:16 - 000000000 ____D C:\Users\Leebu\AppData\Local\VirtualStore
2019-08-13 15:12 - 2019-09-03 17:37 - 000002367 _____ C:\Users\Leebu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-13 15:12 - 2019-08-14 13:27 - 000000000 ____D C:\Users\Leebu
2019-08-13 15:12 - 2019-08-13 15:12 - 000000020 ___SH C:\Users\Leebu\ntuser.ini
2019-08-13 15:10 - 2019-08-13 15:09 - 000741432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-08-13 15:06 - 2019-08-13 15:06 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-08-13 15:05 - 2019-08-13 15:05 - 000000000 ____D C:\Program Files\Synaptics
2019-08-13 15:04 - 2019-08-13 15:04 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-08-13 15:04 - 2019-08-13 15:04 - 000000000 ____D C:\WINDOWS\Setup
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-08-13 14:57 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-08-13 14:57 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\OCR
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\Program Files\MSBuild
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-08-13 14:57 - 2019-08-13 14:57 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\0409
2019-08-13 14:56 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-08-13 14:52 - 2019-08-24 12:11 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-13 14:52 - 2019-05-30 18:57 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-08-13 14:52 - 2019-05-30 18:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-13 14:50 - 2018-04-11 16:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-08-13 14:49 - 2019-09-07 10:19 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-13 14:49 - 2019-09-07 00:22 - 000000000 ___RD C:\Program Files (x86)
2019-08-13 14:49 - 2019-09-06 23:28 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-13 14:49 - 2019-09-06 21:40 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-13 14:49 - 2019-09-06 15:51 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-13 14:49 - 2019-08-29 16:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-13 14:49 - 2019-08-25 15:21 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-13 14:49 - 2019-08-17 19:15 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-13 14:49 - 2019-08-14 13:35 - 000000000 ____D C:\WINDOWS\appcompat
2019-08-13 14:49 - 2019-08-14 02:13 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-13 14:49 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-13 14:49 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-13 14:49 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-13 14:49 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-13 14:49 - 2019-08-14 02:13 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-13 14:49 - 2019-08-13 20:18 - 000000000 __SHD C:\Users\Public\Libraries
2019-08-13 14:49 - 2019-08-13 17:21 - 000000000 ____D C:\Program Files\Windows Defender
2019-08-13 14:49 - 2019-08-13 15:06 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\setup
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-08-13 14:49 - 2019-08-13 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-08-13 14:49 - 2019-08-13 14:57 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\system32\com
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\IME
2019-08-13 14:49 - 2019-08-13 14:56 - 000000000 ____D C:\Program Files\Common Files\system
2019-08-13 14:49 - 2019-08-13 14:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-08-13 14:49 - 2019-08-13 14:51 - 000000000 ____D C:\WINDOWS\system32\spool
2019-08-13 14:49 - 2019-08-13 14:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-08-13 14:49 - 2019-08-13 14:50 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-08-13 14:49 - 2019-08-13 14:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-08-13 14:49 - 2019-08-13 14:50 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-08-13 14:49 - 2019-08-13 14:50 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-08-13 14:49 - 2019-08-13 14:50 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 __RSD C:\WINDOWS\media
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Web
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\WaaS
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Vss
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\tracing
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\TAPI
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SystemResources
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SystemApps
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\ras
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\IME
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\ias
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\System
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SKB
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\ServiceState
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\security
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\schemas
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\SchCache
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Resources
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\rescache
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Registration
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\PLA
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Performance
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\InputMethod
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Globalization
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Cursors
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\Branding
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\addins
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files\Windows Security
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files\windows nt
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files\Common Files\Services
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-08-13 14:49 - 2019-08-13 14:49 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-08-13 14:49 - 2019-08-13 14:46 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-08-13 14:49 - 2019-08-13 14:46 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-08-13 14:49 - 2019-08-13 14:46 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-08-13 14:49 - 2019-08-13 14:46 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-08-13 14:49 - 2019-08-13 14:46 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-08-13 14:49 - 2019-08-13 14:46 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-08-13 14:49 - 2019-08-13 14:46 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-08-13 14:49 - 2019-08-13 14:46 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2019-08-13 14:49 - 2019-08-13 14:46 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-08-13 14:49 - 2019-08-13 14:46 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-08-13 14:49 - 2019-08-13 14:46 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-08-13 14:49 - 2019-08-13 14:46 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2019-08-13 14:49 - 2019-08-13 14:46 - 000000219 _____ C:\WINDOWS\system.ini
2019-08-13 14:49 - 2019-08-13 14:46 - 000000092 _____ C:\WINDOWS\win.ini
2019-08-13 14:49 - 2019-08-13 14:41 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-08-13 14:49 - 2019-08-13 14:41 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-08-13 14:49 - 2019-08-13 14:39 - 000000000 ____D C:\WINDOWS\Help
2019-08-13 14:49 - 2019-08-13 14:37 - 000000000 ____D C:\ProgramData\USOPrivate
2019-08-13 14:47 - 2019-09-05 14:12 - 000000000 ____D C:\WINDOWS\INF
2019-08-13 14:47 - 2019-08-13 14:47 - 000000000 _SHDL C:\Users\Default User
2019-08-13 14:47 - 2019-08-13 14:47 - 000000000 _SHDL C:\Users\All Users
2019-08-13 14:47 - 2019-08-13 14:47 - 000000000 _SHDL C:\Documents and Settings
2019-08-13 14:39 - 2019-09-07 10:16 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-13 14:39 - 2019-08-13 23:05 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-13 14:39 - 2019-08-13 14:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2019-08-13 14:39 - 2016-06-29 12:23 - 006376896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-08-13 14:39 - 2016-06-29 12:23 - 002462656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-08-13 14:39 - 2016-06-29 12:23 - 001764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-08-13 14:39 - 2016-06-29 12:23 - 001362880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2019-08-13 14:39 - 2016-06-29 12:23 - 000546240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-08-13 14:39 - 2016-06-29 12:23 - 000393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-08-13 14:39 - 2016-06-29 12:23 - 000083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-08-13 14:39 - 2016-06-29 12:23 - 000069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-08-13 14:39 - 2016-06-22 12:23 - 007208075 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-08-13 14:38 - 2019-09-07 10:12 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-13 14:38 - 2019-09-06 23:51 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-08-13 14:38 - 2019-08-24 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-08-13 14:38 - 2019-08-18 17:19 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-08-13 14:38 - 2019-08-18 17:19 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-08-13 14:38 - 2019-08-13 14:50 - 000000000 ____D C:\Intel
2019-08-13 14:38 - 2019-08-13 14:38 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2019-08-13 14:38 - 2019-08-13 14:38 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-08-13 14:38 - 2019-08-13 14:38 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2019-08-13 14:38 - 2019-08-13 14:38 - 000000000 ____D C:\Program Files\Realtek
2019-08-13 14:38 - 2019-08-13 14:38 - 000000000 ____D C:\Program Files\Intel
2019-08-13 14:38 - 2019-08-13 14:38 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2019-08-13 14:38 - 2016-07-12 07:14 - 000103952 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2019-08-13 14:38 - 2016-07-12 07:14 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2019-08-13 14:37 - 2019-08-13 14:37 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2019-08-13 14:37 - 2019-08-13 14:37 - 000000000 ____D C:\ProgramData\USOShared
2019-08-13 14:34 - 2019-09-07 10:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-13 14:34 - 2019-08-13 17:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-08-13 14:33 - 2019-09-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-13 14:33 - 2019-08-30 22:07 - 000244616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-13 14:33 - 2019-08-13 14:33 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-08-13 14:26 - 2019-09-07 10:10 - 083886080 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-08-13 14:26 - 2019-09-07 10:10 - 027262976 _____ C:\WINDOWS\system32\config\SYSTEM
2019-08-13 14:26 - 2019-09-07 10:10 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-13 14:26 - 2019-09-07 10:10 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-08-13 14:26 - 2019-09-07 10:10 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2019-08-13 14:26 - 2019-09-07 10:10 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2019-08-13 14:26 - 2019-08-29 15:05 - 000000000 ____D C:\WINDOWS\Panther
2019-08-13 14:26 - 2019-08-28 20:20 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-08-13 14:26 - 2019-08-13 14:56 - 000000000 ____D C:\WINDOWS\servicing
2019-08-13 14:26 - 2019-08-13 14:49 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-08-13 13:05 - 2019-08-13 15:07 - 000000000 ___HD C:\$SysReset

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-28 19:52 - 2019-03-19 00:02 - 000000000 ___HD C:\$WINDOWS.~BT

==================== Files in the root of some directories ================

2019-09-06 20:15 - 2019-09-06 20:15 - 000000003 _____ () C:\Users\Leebu\AppData\Local\updater.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Leebu (07-09-2019 10:30:50)
Running from C:\Users\Leebu\OneDrive\Desktop
Windows 10 Home Version 1803 17134.950 (X64) (2019-08-13 21:49:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2700948062-1647726445-2134823314-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2700948062-1647726445-2134823314-503 - Limited - Disabled)
Guest (S-1-5-21-2700948062-1647726445-2134823314-501 - Limited - Disabled)
Leebu (S-1-5-21-2700948062-1647726445-2134823314-1001 - Administrator - Enabled) => C:\Users\Leebu
WDAGUtilityAccount (S-1-5-21-2700948062-1647726445-2134823314-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alienware Command Center (HKLM\...\{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.) Hidden
Alienware Command Center (HKLM-x32\...\InstallShield_{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.8.3 (HKLM\...\Cheat Engine 6.8.3_is1) (Version:  - Cheat Engine)
Discord (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
iTunes (HKLM\...\{00ECC1A0-72EC-4E21-A03E-A9242A92CE1F}) (Version: 12.9.6.3 - Apple Inc.)
Kast 2.0.8 (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\d06bcc57-f338-548b-9321-2ecf1ddd47ff) (Version: 2.0.8 - Evasyst, Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033 (HKLM-x32\...\{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA GeForce NOW 2.0.10.85 (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.10.85 - NVIDIA Corporation)
NVIDIA Install Application (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer) (Version: 2.1002.324.0 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
Opera Stable 63.0.3368.71 (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\Opera 63.0.3368.71) (Version: 63.0.3368.71 - Opera Software)
osu! (HKLM-x32\...\{b6ceca0f-4e07-4897-86e0-ad0533553cb1}) (Version: latest - ppy Pty Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Roblox Player (HKLM-x32\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Player for Leebu (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for Leebu (HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\roblox-studio) (Version:  - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 1.2.6.2 - Voicemod S.L.)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.20.7.0_x86__kgqvnymyfvs32 [2019-09-06] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1590.2.0_x86__kgqvnymyfvs32 [2019-09-04] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-28] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0 [2019-08-29] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-06-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-13 14:49 - 2019-08-13 14:46 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2019-08-14 15:42 - 2019-08-14 15:42 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Leebu\OneDrive\Desktop\1010687.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Murine"
HKLM\...\StartupApproved\Run: => "Hogen"
HKLM\...\StartupApproved\Run: => "Provincetown"
HKLM\...\StartupApproved\Run32: => "Decaf"
HKLM\...\StartupApproved\Run32: => "Argentino"
HKLM\...\StartupApproved\Run32: => "Beeper"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\StartupFolder: => "anglaiseanglaise.lnk"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\StartupFolder: => "anglaise.lnk"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Ewart"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Daisy"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "doll"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "hairdressing"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Tentative"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Rationalist"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Knox"
HKU\S-1-5-21-2700948062-1647726445-2134823314-1001\...\StartupApproved\Run: => "Amiability"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B6F3F3C8-1F9E-4686-A518-23DDA6E6F035}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B4741D05-6543-48FB-9521-E4C8612D4AFD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E651EB19-1866-456E-A746-602B5A1CCAD3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FCE079A2-B9DE-4DC0-9A29-A92EA909AA93}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D3B117CC-AEAC-4064-96F8-7403A7B443BC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C337E5C8-6416-40E3-AC48-CF628FFDF408}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{72765A4E-2E51-44A1-9164-DBFA7F782705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe (BigCorporation) [File not signed]
FirewallRules: [{911573CA-E646-48FE-8B99-006D76B4993B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe (BigCorporation) [File not signed]
FirewallRules: [{9B663EC4-C847-480D-842B-3DC248F766D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{92B7625C-208A-46E2-90F8-9244CEC21057}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{28114CF2-A737-4E1F-8846-1A93D752EC52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7017DE6B-F9DC-4A4E-BEBB-93F680C8D021}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E19AE31C-7543-47F2-BAE2-3132A9461622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{701C0CF0-A2CD-475F-8187-980A663CA20F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{586BCE21-CCD0-4761-AA9B-9EC540422671}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe () [File not signed]
FirewallRules: [{59B64F70-724B-4391-8D74-3A6C034B27F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe () [File not signed]
FirewallRules: [{2EA3551A-33E2-46E1-B5B9-4D04312635FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{261D0262-0C66-45EF-9F5F-F92F20273F36}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6D5583A9-1101-4DB5-8D1F-94FD5241D15C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{BDCDF05E-50C1-494D-8BE5-58F16848CF65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{0C8E570D-B145-416B-82A5-E45A6EFBB755}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleMiner Z\CastleMinerZ.exe (DigitalDNA Games) [File not signed]
FirewallRules: [{4B1A795B-F346-4B81-8C3B-1303DCD0A152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleMiner Z\CastleMinerZ.exe (DigitalDNA Games) [File not signed]
FirewallRules: [{2ADEC510-76F2-4FD5-8F56-666FD845BB62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC567691-137A-42ED-A853-AE47BD1CA324}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B6D174EE-FC0E-45D9-B796-CB54A09F33A6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A80E7FE9-99F9-42D5-8186-1188631767E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0F4CD3CA-F53F-4CE9-A0FF-81C0797D3363}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36AE9383-F50B-4149-8B79-20BFC8049B54}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A640280A-6009-46D6-92C6-D474F61B9D93}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54AFBEA9-0E85-4D94-BF1E-5FD452E1A89A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3DECA8EB-2069-4008-A5A1-F6B6B0111043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds! Reatomized\60SecondsReatomized.exe () [File not signed]
FirewallRules: [{602D4D5E-8991-4C8F-911B-F0DABD7FEAE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds! Reatomized\60SecondsReatomized.exe () [File not signed]
FirewallRules: [{E084F335-5FAB-4B3E-BA4C-B64313B68AC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons Adventure Time TD\btdadventuretime.exe () [File not signed]
FirewallRules: [{362F2E40-93D4-4C8E-B429-0C5E5CAD49DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons Adventure Time TD\btdadventuretime.exe () [File not signed]
FirewallRules: [{AF760BDB-E797-4702-B8D7-AABF180E9ED8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0ECA664F-A070-4E31-BD3C-5575C8CF41AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7C8FE5B2-D6F5-4064-80F6-32F58AB5A8D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{509F66B6-8EBB-4B4C-A862-A63D0141F020}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3B2CA36F-E3D6-4548-B4E1-0ECB693DE926}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B3673A81-EF8D-427A-A247-5F13BA4096CF}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{306D8A1D-6CA3-4B26-9EFE-748452B64D06}] => (Allow) C:\Program Files (x86)\Misperceive\Pakistanis.exe No File
FirewallRules: [{DA0E0CF3-79BF-447E-A263-8F13C88C9068}] => (Allow) C:\Program Files (x86)\Chashma\Pakistanis.exe No File
FirewallRules: [{1ADD4A60-98D4-4E0E-BB13-33A70242AD19}] => (Allow) C:\Program Files (x86)\adventitious\Civilian.exe No File
FirewallRules: [{96270266-E6B2-4EF1-8E0F-E424B8BB6BFE}] => (Allow) C:\Program Files (x86)\Chashma\Civilian.exe No File
FirewallRules: [TCP Query User{FE3C6FED-2D5B-4218-973C-912774D9D764}C:\program files (x86)\google\chrome\application\chromeccs.exe] => (Block) C:\program files (x86)\google\chrome\application\chromeccs.exe No File
FirewallRules: [UDP Query User{1FA7A6D7-1652-4AF3-986B-EAD94176E436}C:\program files (x86)\google\chrome\application\chromeccs.exe] => (Block) C:\program files (x86)\google\chrome\application\chromeccs.exe No File
FirewallRules: [{E45090BF-A532-4169-9DAF-43635AAC1379}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{FE04C156-A055-4D8F-81DE-285BC05034B5}C:\users\leebu\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\leebu\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{95B67B05-97D6-4979-AF46-31BA3391B9E1}C:\users\leebu\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\leebu\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4405FEA9-D34D-4003-8D76-898184026078}] => (Block) C:\users\leebu\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C3C9B823-BB03-4E66-BE89-75F4D74785F4}] => (Block) C:\users\leebu\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

02-09-2019 20:59:21 Scheduled Checkpoint
04-09-2019 21:39:54 Installed iTunes

==================== Faulty Device Manager Devices =============

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek PCIE CardReader
Description: Realtek PCIE CardReader
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconduct Corp.
Service: RSPCIESTOR
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2019 09:40:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AlienwareAlienFXController.exe, version: 3.6.4.0, time stamp: 0x54528388
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00ddbf5f
Faulting process id: 0xb0c
Faulting application start time: 0x01d5659ae975cc98
Faulting application path: C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
Faulting module path: unknown
Report Id: 6a23cd81-a266-46b1-a36b-e5e5e6422a34
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/07/2019 09:40:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AlienwareAlienFXController.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at AlienLabs.AlienFX.Controller.LightsZoneController.getCommandsInBlackButFixedZones()
   at AlienLabs.AlienFX.Controller.LightsZoneController.SetBlackVisualization()
   at AlienLabs.AlienFX.Controller.ControllerMainForm.dimController_SetGoDarkStatus(Boolean)
   at AlienLabs.AlienFX.Controller.Classes.DimControllerClass.OnTime(System.Object)
   at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.TimerQueueTimer.CallCallback()
   at System.Threading.TimerQueueTimer.Fire()
   at System.Threading.TimerQueue.FireNextTimers()
   at System.Threading.TimerQueue.AppDomainTimerCallback(Int32)

Error: (09/06/2019 08:47:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 1.16.1804.1012, time stamp: 0x5bc7c851
Faulting module name: CoreUIComponents.dll, version: 10.0.17134.376, time stamp: 0x68dfa668
Exception code: 0xc0000005
Fault offset: 0x0000000000083d22
Faulting process id: 0x16bc
Faulting application start time: 0x01d565057746bf88
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Report Id: 84425a7a-b125-4729-946b-a72ce3e3c588
Faulting package full name: Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (09/06/2019 03:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AlienwareAlienFXController.exe, version: 3.6.4.0, time stamp: 0x54528388
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0111c13f
Faulting process id: 0x1e5c
Faulting application start time: 0x01d565044c52065b
Faulting application path: C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
Faulting module path: unknown
Report Id: f74f0622-abe4-47c8-8e1a-07a91a2f6ade
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/06/2019 03:42:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AlienwareAlienFXController.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at AlienLabs.AlienFX.Controller.LightsZoneController.getCommandsInBlackButFixedZones()
   at AlienLabs.AlienFX.Controller.LightsZoneController.SetBlackVisualization()
   at AlienLabs.AlienFX.Controller.ControllerMainForm.dimController_SetGoDarkStatus(Boolean)
   at AlienLabs.AlienFX.Controller.Classes.DimControllerClass.OnTime(System.Object)
   at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.TimerQueueTimer.CallCallback()
   at System.Threading.TimerQueueTimer.Fire()
   at System.Threading.TimerQueue.FireNextTimers()
   at System.Threading.TimerQueue.AppDomainTimerCallback(Int32)

Error: (09/05/2019 01:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AlienwareAlienFXController.exe, version: 3.6.4.0, time stamp: 0x54528388
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00e8be57
Faulting process id: 0x1854
Faulting application start time: 0x01d5642b9de456e4
Faulting application path: C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
Faulting module path: unknown
Report Id: 58b96518-2bed-47b0-b5bc-6d1b60110e4c
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/05/2019 01:51:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AlienwareAlienFXController.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at AlienLabs.AlienFX.Controller.LightsZoneController.getCommandsInBlackButFixedZones()
   at AlienLabs.AlienFX.Controller.LightsZoneController.SetBlackVisualization()
   at AlienLabs.AlienFX.Controller.ControllerMainForm.dimController_SetGoDarkStatus(Boolean)
   at AlienLabs.AlienFX.Controller.Classes.DimControllerClass.OnTime(System.Object)
   at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.TimerQueueTimer.CallCallback()
   at System.Threading.TimerQueueTimer.Fire()
   at System.Threading.TimerQueue.FireNextTimers()
   at System.Threading.TimerQueue.AppDomainTimerCallback(Int32)

Error: (09/04/2019 07:31:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffd85ac4989
Faulting process id: 0x2de0
Faulting application start time: 0x01d5637428848d0b
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 49ebe5eb-258c-4dec-8b15-2bff7c60c01b
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (09/07/2019 10:15:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2019 10:14:59 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-S1JDPBI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-S1JDPBI\Leebu SID (S-1-5-21-2700948062-1647726445-2134823314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2019 10:14:35 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-S1JDPBI)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID 
Unavailable
 to the user DESKTOP-S1JDPBI\Leebu SID (S-1-5-21-2700948062-1647726445-2134823314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2019 10:12:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2019 10:12:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2019 10:12:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2019 10:11:14 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: RtsPStor.sys

Error: (09/07/2019 10:06:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2019-09-06 16:59:25.902
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/MonClon&threatid=2147740260&enterprise=0
Name: Trojan:Win32/MonClon
ID: 2147740260
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Leebu\AppData\Local\Temp\155000687\ic-0.7de9b0957989d4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Leebu\AppData\Local\Temp\Rar$EXb8956.24998\synapse_x_crack.exe
Signature Version: AV: 1.301.677.0, AS: 1.301.677.0, NIS: 1.301.677.0
Engine Version: AM: 1.1.16300.1, NIS: 1.1.16300.1

Date: 2019-09-06 16:59:25.732
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Name: VirTool:Win32/DefenderTamperingRestore
ID: 2147741622
Severity: Severe
Category: Tool
Path: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.301.677.0, AS: 1.301.677.0, NIS: 1.301.677.0
Engine Version: AM: 1.1.16300.1, NIS: 1.1.16300.1

Date: 2019-09-06 16:58:14.357
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/MonClon&threatid=2147740260&enterprise=0
Name: Trojan:Win32/MonClon
ID: 2147740260
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Leebu\AppData\Local\Temp\155000687\ic-0.7de9b0957989d4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Leebu\AppData\Local\Temp\Rar$EXb8956.24998\synapse_x_crack.exe
Signature Version: AV: 1.301.677.0, AS: 1.301.677.0, NIS: 1.301.677.0
Engine Version: AM: 1.1.16300.1, NIS: 1.1.16300.1

Date: 2019-09-06 16:58:03.459
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/MonClon&threatid=2147740260&enterprise=0
Name: Trojan:Win32/MonClon
ID: 2147740260
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Leebu\AppData\Local\Temp\155000687\ic-0.7de9b0957989d4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Leebu\AppData\Local\Temp\Rar$EXb8956.24998\synapse_x_crack.exe
Signature Version: AV: 1.301.677.0, AS: 1.301.677.0, NIS: 1.301.677.0
Engine Version: AM: 1.1.16300.1, NIS: 1.1.16300.1

Date: 2019-09-05 14:34:11.111
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2F4E0A4B-E153-4CF4-85D8-CD642615D554}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-26 15:08:09.111
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.299.2824.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16200.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-08-13 15:03:58.931
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-08-13 15:03:58.931
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-08-13 15:03:58.931
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-08-13 15:03:58.815
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 0.0.0.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2019-09-07 10:32:39.443
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-07 10:32:39.442
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-07 10:32:39.009
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-07 10:32:39.007
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-07 10:30:49.974
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-07 10:30:49.972
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-07 10:30:49.782
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-07 10:30:49.780
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: Alienware A14 09/24/2014
Motherboard: Alienware 04WT2G
Processor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Percentage of memory in use: 52%
Total physical RAM: 8073.02 MB
Available physical RAM: 3796.36 MB
Total Virtual: 18073.02 MB
Available Virtual: 13438.5 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:930.1 GB) (Free:794.21 GB) NTFS

\\?\Volume{7b46c232-a482-4a74-a3e5-7e170b019a37}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{1d61b069-5696-4995-b82e-1498c727ace1}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS
\\?\Volume{b68ab64a-4279-476a-b191-e7db73d18508}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D12559E8)

Partition: GPT.

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image

Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.