Jump to content

Recommended Posts

So, I can't enable the windows firewall, bitdefender sent a notification every few seconds stating web resource infected (connecting to ticketdmapi545454.twilight.paradox.com). This consisted for 2 days and then vanished.

Malwarebytes found a file in a temp directory called scvhost (notice misspelling of svchost). This was removed on several occasions. It is now no longer found by Malwarebytes, but I still see that the "infected web resource" (no longer reported by bitdefender) is still connecting to the twilight.paradox.com IP 195.201.144.233. 

 

I also tried a system restore, but they're all missing. I tried in save mode/restart, and I see a NEW user with a jumbled name 7J0yPFTYqcCO. 

Help! 

 

 

Link to post
Share on other sites

That may be hard to follow. Bottom line is that  1. Malwarebytes removed a trojan.bitcoinminer, but

2. it looks like it's still active and creating fake system files,

3. contacting foreign IPs,

4. has disabled/broken my firewalls,

5. removed all restore points, and

6. appears to have created a new "hidden" user account with jumbled username that only appears in safe mode's system restore (after safe reboot). 

It also seems to have cripple my internet access so I had to create this post on my phone. 

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please post the logs for my review.

Wait for further instructions
====

Link to post
Share on other sites

Thank you Nasdaq. Bear with me as I go through the process of retrieving the logs using my phone to PC and back. I think the malware is also changing my DNS and otherwise hacking my internet connection so I'm trying to use it as little as possible. I'll post the logs once complete. Thanks! 

Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by skizz (administrator) on GEMINI-III (ASUSTeK COMPUTER INC. GL702VSK) (03-01-2020 15:12:00)
Running from P:\11. Downloads
Loaded Profiles: skizz (Available Profiles: skizz)
Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenter.exe
(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(BandLab Singapore Pte Ltd. -> BandLab) C:\Users\skizz\AppData\Local\Programs\bandlab-assistant\BandLab Assistant.exe
(BandLab Singapore Pte Ltd. -> BandLab) C:\Users\skizz\AppData\Local\Programs\bandlab-assistant\BandLab Assistant.exe
(BandLab Singapore Pte Ltd. -> BandLab) C:\Users\skizz\AppData\Local\Programs\bandlab-assistant\BandLab Assistant.exe
(BandLab Singapore Pte Ltd. -> BandLab) C:\Users\skizz\AppData\Local\Programs\bandlab-assistant\BandLab Assistant.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Client\PerfTune.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer64.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Stefan Kostic (stefan3372)) [File not signed] P:\14. Edge Downloads\The Witcher 3 Mod Manager-2678-0-7-11-1571758907\TheWitcher3ModManager.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2240288 2019-02-03] (voidtools -> voidtools)
HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6268224 2019-12-17] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1673900302-2435382068-390420314-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [7864296 2019-10-02] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-1673900302-2435382068-390420314-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --notification-launch-id=3|0|Default|0|hxxps://ghost-recon.ubisoft.com/|p#hxxps://ghost-recon.ubisoft.com/#11576542142888-15879665-350292982 --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session
HKU\S-1-5-21-1673900302-2435382068-390420314-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [807936 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24182768 2019-12-13] (Plex, Inc. -> Plex, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\79.1.1.23\Installer\chrmstp.exe [2019-12-19] (Brave Software, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05B9C890-040C-4E52-AB88-F9B5611E269A} - System32\Tasks\update-S-1-5-21-1673900302-2435382068-390420314-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {05D7F6CF-55CF-48EB-BDB3-6D9956B8125B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {195678CA-7CDB-456A-97A1-0410D3AD6998} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {219E0DFE-5DD4-4657-905F-395254D5C3FC} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [4705144 2017-05-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {359E61BB-8DA7-485D-BD0C-5CF25A4F8F01} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {397053E0-0336-4D21-8D86-B8B0FBC90FAF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D474738-FEFF-415B-B8C5-1B590BE011E6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2015968 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {4B65D4DD-4DF2-40E1-9616-0053ACD55193} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {50180BB3-9F54-4234-85F4-6136192D91C5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301928 2019-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {515FA6DF-7094-4585-AED8-9BCDF4DDBF56} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {574E5C5B-4182-4831-AC5A-651D854CBF7B} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {5EDC3E75-B752-401E-ABC5-A75C8AA8319B} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {63C0BE8F-3DAA-4331-9FF1-0099F8D821D1} - System32\Tasks\PTUI => C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Client\XtuUiLauncher.exe [96128 2018-01-12] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
Task: {67C163B1-3C2A-4405-A270-7E7D3A62649B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {6D424D47-E371-42B9-A8A2-A1803DB6F2F8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {722C688F-0146-4F1C-AE2C-3DC5A4905143} - System32\Tasks\SS2Svc32Run => C:\Program Files\ASUSTeK COMPUTER INC\SS2\UserInterface\SS2Svc32.exe [2758656 2017-03-29] () [File not signed]
Task: {748C8CEA-EA23-4A12-90B8-905B031B0B11} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7C87D783-4029-4D15-B35A-B4EFC823C4E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D62088E-324C-4D84-99D0-A0A03D56116B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {83DC30DC-C952-478F-93AD-4EFC30BEE0AF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {971EEEB2-CD09-4ACD-AB6C-F1A58366398D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A4951978-C554-41EB-BD67-3BCEC83EE632} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AE933808-AF9B-49EC-9801-FAC92D672592} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1E77609-938C-4E29-91FA-565A7D271DAA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9226752 2017-05-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B28E9AE8-60DF-4FE5-9EFF-853E5261DB2A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {B832AC3B-B593-4271-B6DB-6D58667A3B08} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BA345D94-29B5-4C35-82A1-F322A6C21CE4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFB6696E-CE86-49EE-B1A7-966D51589226} - System32\Tasks\GoogleUpdateTaskMachineAll => C:\Users\skizz\AppData\Roaming\folder\db.vbe [13873 2019-12-08] () [File not signed] <==== ATTENTION
Task: {C2C97DD4-83C1-4CD0-AA26-66B79D8B9B04} - System32\Tasks\SS2Svc64Run => C:\Program Files\ASUSTeK COMPUTER INC\SS2\UserInterface\x64\SS2Svc64.exe [486400 2017-03-29] () [File not signed]
Task: {CAB591E1-3267-4726-8F8C-D60FA8EAE9D4} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
Task: {CF33B0F1-799B-472A-8A88-1B6E2FCA1A94} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
Task: {CF9AA851-7CD3-4B6C-AF21-388C41709000} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {CFFF56E8-476C-417D-AE0E-73C690C37190} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [778224 2019-04-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {D04B0BFA-1426-404A-9AC7-D41DB73F8B9D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D3208356-9557-4DE9-9B2E-986EFCFCAB8A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19967504 2016-11-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {DC0AC8EF-1806-48DA-9F70-E0F1740EA6AC} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {E07CB71D-3AD6-4745-8F1F-8CCC25A9DB07} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E18890D0-1BE5-468E-9F94-DC6A8E564850} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E4BAE7EA-33C6-4443-A2E1-140ACF519FD4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [222944 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {EC82A7BC-4F72-4712-B76F-AACCE3DA5DA2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1460A51-B779-4874-BD2E-9F7DCDE61358} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654456 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F4AB721D-EA9B-4ED6-BE97-B892A1DB5DBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {F7021E59-AC31-4661-A308-A56FED820679} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeK COMPUTER INC\SS2\UserInterface\SS2UILauncher.exe [1153896 2017-03-29] (A-Volute -> $AVPUBLISHER_NAME$)
Task: {F778DDAA-5341-43BE-8BDD-7C4A372FAB0E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [222944 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {F8CFAFF1-7878-44CA-A972-B74360B4B676} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9AEA270-3BB4-4AA0-B296-42A34E7CF50E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1673900302-2435382068-390420314-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2dd63772-8384-42cb-9dc8-86349ff02359}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{8bc99837-73cd-4a12-9482-272e2d5c0c77}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8bc99837-73cd-4a12-9482-272e2d5c0c77}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1673900302-2435382068-390420314-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-1673900302-2435382068-390420314-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-1673900302-2435382068-390420314-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1537519090203
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

Edge: 
======
DownloadDir: P:\14. Edge Downloads

FireFox:
========
FF ProfilePath: C:\Users\skizz\AppData\Roaming\Mozilla\Firefox\Profiles\KcEUZfEL.default [2018-09-14]
FF Extension: (Avira Browser Safety) - C:\Users\skizz\AppData\Roaming\Mozilla\Firefox\Profiles\KcEUZfEL.default\Extensions\abs@avira.com [2018-09-14] [hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Avira Password Manager) - C:\Users\skizz\AppData\Roaming\Mozilla\Firefox\Profiles\KcEUZfEL.default\Extensions\passwordmanager@avira.com [2018-09-14] [hxxps://s3.eu-central-1.amazonaws.com/avira-pwm-extensions/update.rdf]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-1673900302-2435382068-390420314-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\skizz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.youtube.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Notifications: Default -> hxxps://connect.xfinity.com; hxxps://drive.google.com; hxxps://forum.generationzero.com; hxxps://ghost-recon.ubisoft.com; hxxps://tomclancy-thedivision.ubisoft.com; hxxps://www.bandsintown.com
CHR Profile: C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default [2020-01-03]
CHR DownloadDir: P:\11. Downloads
CHR Extension: (Google Translate) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-06-21]
CHR Extension: (Slides) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Entanglement Web App) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2018-06-21]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2018-06-21]
CHR Extension: (Super Netflix) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aioencjhbaolepcoappllicjebblphoc [2018-06-21]
CHR Extension: (Docs) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Google Drive) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-12]
CHR Extension: (YouTube) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]
CHR Extension: (Avira Password Manager) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2019-12-30]
CHR Extension: (JSONView) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2019-05-28]
CHR Extension: (OneTab) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-06-21]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2019-05-28]
CHR Extension: (uBlock Origin) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-25]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2018-06-21]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2018-06-21]
CHR Extension: (Google News) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2019-11-12]
CHR Extension: (Google Tasks) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2018-11-03]
CHR Extension: (Dropbox for Gmail) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-10-24]
CHR Extension: (Dark Reader) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-12-07]
CHR Extension: (Gmail Offline) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2018-06-21]
CHR Extension: (Soundtrap - Make Music Online) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\epaknpicfmoglpinnnjckaobafganajf [2018-06-21]
CHR Extension: (Google Play Music) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-10-10]
CHR Extension: (PanicButton) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2018-06-21]
CHR Extension: (Pandora) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2018-06-21]
CHR Extension: (Sheets) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Page Analytics (by Google)) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2018-06-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-08-17]
CHR Extension: (Google Docs Offline) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (Vysor) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2019-05-13]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-18]
CHR Extension: (A Journey through Middle-earth) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2018-06-21]
CHR Extension: (Sheets) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgjdbbnhkmopplfiibmdgghhdhbiidh [2018-06-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-12-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2019-12-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-06-21]
CHR Extension: (Pretty New Tab) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieijbjcimmnfodcfgefococlmmkhodad [2018-06-21]
CHR Extension: (SMS from Gmail â„¢ & Facebookâ„¢ (MightyText)) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2019-10-28]
CHR Extension: (Chrome Remote Desktop) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-17]
CHR Extension: (Pocket Website) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2018-06-21]
CHR Extension: (Cisco Webex Extension) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-08-17]
CHR Extension: (Auto Replay for YouTubeâ„¢) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2019-11-25]
CHR Extension: (Google Voice (by Google)) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2019-12-26]
CHR Extension: (Voice Instead) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kphdioekpiaekpmlkhpaicehepbkccbf [2018-10-23]
CHR Extension: (Momentum) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2019-12-20]
CHR Extension: (Email This) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblkllcjgihfnlefhnnpppndbbjallh [2019-11-27]
CHR Extension: (Google Maps) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-06-21]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2019-12-18]
CHR Extension: (Into The Mist) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2018-06-21]
CHR Extension: (Twitch Chat Font Size) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpkoifcpcppiffkipnijfdmbgifadbbh [2018-06-21]
CHR Extension: (Do It (Tomorrow)) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2018-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Indeed for Chrome) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\onimolfnbjjikjiialpfahffkjjgdgkh [2019-12-03]
CHR Extension: (Gmail) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-13]
CHR Profile: C:\Users\skizz\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-03]
CHR Profile: C:\Users\skizz\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-03]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 AtcHost; C:\Program Files\Bitdefender Antivirus Free\atchost.exe [1475272 2019-10-25] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-05-28] (Bitdefender SRL -> Bitdefender)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-15] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-12-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-12-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2215168 2016-10-31] (Intel Corporation -> Intel Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2240288 2019-02-03] (voidtools -> voidtools)
R2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServices.exe [21640 2019-12-13] (Microsoft Corporation -> Microsoft Corporation)
R2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [21640 2019-12-13] (Microsoft Corporation -> Microsoft Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [5840360 2019-10-02] (GlassWire -> SecureMix LLC)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2397816 2017-04-04] (Intel Corporation - pGFX -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183568 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-25] (Malwarebytes Inc -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 NGS; C:\ProgramData\Nexon\NGS\NGService.exe [3045936 2019-11-15] (NEXON Korea Corporation. -> NEXON Korea Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2140656 2019-12-13] (Plex, Inc. -> Plex, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [97080 2019-08-12] (ProtonVPN AG -> )
S3 Rockstar Service; Q:\Games\Rockstar Games\Launcher\RockstarService.exe [474256 2019-12-12] (Rockstar Games, Inc. -> Rockstar Games)
R3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [40312 2017-06-08] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-11-27] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [288312 2019-12-20] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-11-27] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18816 2018-01-12] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 TinyWall; "C:\Program Files (x86)\TinyWall\TinyWall.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-11-14] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1693368 2019-10-25] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [739024 2019-11-27] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-10-31] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66616 2016-10-31] (Intel Corporation -> Intel Corporation)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309144 2019-11-27] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-31] (Intel Corporation -> Intel Corporation)
R3 gameflt; C:\WINDOWS\System32\DriverStore\FileRepository\gameflt.inf_amd64_1b1c9965dc1c6f0f\gameflt.sys [71000 2019-12-13] (Microsoft Windows -> Microsoft Corporation)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [564136 2019-11-27] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (GlassWire -> SecureMix LLC)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2019-04-25] (Bitdefender SRL -> BitDefender LLC)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-03-27] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [730384 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-01] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-01] (Malwarebytes Inc -> Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2016-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2019-03-18] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_fb9ec72187c47cbc\nvlddmkm.sys [23231744 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_fb9ec72187c47cbc\nvpciflt.sys [58408 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPNSplitTunnelCalloutDriver; C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\win10\ProtonVPNSplitTunnelCalloutDriver.Sys [48664 2019-07-01] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-20] (Valve Corp. -> )
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2018-09-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [637112 2019-10-25] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\WinRing0\WinRing0x64.sys [14536 2015-10-20] (EVGA -> OpenLibSys.org)
R3 Xvdd; C:\WINDOWS\System32\DriverStore\FileRepository\xvdd.inf_amd64_4beca0218f643d77\xvdd.sys [478256 2019-10-14] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
S3 HWiNFO; \??\C:\Users\skizz\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-03 13:48 - 2020-01-03 14:41 - 000000000 ___DC C:\Users\skizz\Documents\The Witcher 3 Mod Manager
2020-01-02 09:48 - 2020-01-02 10:01 - 000000000 ____D C:\Program Files (x86)\TinyWall
2020-01-02 09:48 - 2020-01-02 09:59 - 000000628 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2020-01-02 09:47 - 2020-01-02 09:47 - 001228800 _____ C:\Users\skizz\Downloads\TinyWallInstaller.msi
2020-01-02 09:46 - 2020-01-02 09:46 - 000002012 _____ C:\Users\skizz\Downloads\README
2020-01-01 16:33 - 2020-01-01 16:39 - 000470970 _____ C:\WINDOWS\ntbtlog.txt
2020-01-01 16:33 - 2020-01-01 16:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-12-30 21:22 - 2020-01-01 16:56 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-30 21:22 - 2020-01-01 16:56 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-12-28 16:09 - 2019-12-28 16:09 - 000001224 ____C C:\Users\skizz\Desktop\malwarebytes_12_28_2019.txt
2019-12-25 20:14 - 2019-12-25 20:14 - 000003987 ____C C:\Users\skizz\Desktop\AdwCleaner[C00]_12_25_2019.txt
2019-12-25 20:03 - 2019-12-25 20:03 - 000001287 ____C C:\Users\skizz\Desktop\malwarebytes_log3_12_25_2019.txt
2019-12-25 19:32 - 2019-12-25 19:45 - 000000000 ____D C:\AdwCleaner
2019-12-25 19:17 - 2020-01-03 15:12 - 000000000 ____D C:\FRST
2019-12-25 19:03 - 2019-12-25 19:03 - 000001224 ____C C:\Users\skizz\Desktop\malwarebytes_log2_12_25_2019.txt
2019-12-25 18:57 - 2019-12-25 18:59 - 000001324 ____C C:\Users\skizz\Desktop\malwarebytes_12_25_2019.txt
2019-12-25 00:37 - 2019-12-25 00:37 - 000003646 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2019-12-22 22:32 - 2019-12-22 22:32 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\DaiTech
2019-12-22 03:13 - 2019-12-22 03:13 - 000000000 ____D C:\Users\skizz\AppData\Local\Microids
2019-12-21 00:55 - 2019-12-21 00:55 - 000000000 ____D C:\Users\skizz\AppData\Local\GlassWire
2019-12-21 00:50 - 2019-12-21 00:50 - 000002008 _____ C:\Users\Public\Desktop\GlassWire.lnk
2019-12-21 00:50 - 2019-12-21 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2019-12-21 00:50 - 2019-12-21 00:50 - 000000000 ____D C:\ProgramData\GlassWire
2019-12-21 00:50 - 2019-12-21 00:50 - 000000000 ____D C:\Program Files (x86)\GlassWire
2019-12-21 00:50 - 2015-05-28 20:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2019-12-21 00:50 - 2015-05-28 20:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2019-12-21 00:48 - 2019-12-21 00:48 - 000000000 ____D C:\Users\Default\AppData\Local\D3DSCache
2019-12-21 00:48 - 2019-12-21 00:48 - 000000000 ____D C:\Users\Default User\AppData\Local\D3DSCache
2019-12-21 00:34 - 2019-12-25 00:35 - 000001266 _____ C:\WINDOWS\system32\.crusader
2019-12-21 00:26 - 2019-12-21 00:36 - 000000000 ____D C:\ProgramData\HitmanPro
2019-12-20 13:40 - 2019-12-20 13:40 - 000634492 _____ C:\WINDOWS\Minidump\122019-14546-01.dmp
2019-12-20 09:19 - 2019-12-20 23:20 - 000000000 ____D C:\Users\skizz\AppData\Local\PoliceStoriesRelease
2019-12-19 17:47 - 2019-12-19 17:47 - 000000749 ____C C:\Users\skizz\Desktop\Police Stories.lnk
2019-12-19 09:18 - 2019-12-19 09:18 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\Wx3 Labs, LLC
2019-12-19 08:56 - 2019-12-19 08:56 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\Gray Cube
2019-12-19 08:37 - 2019-12-19 08:37 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\JJXX
2019-12-18 21:35 - 2019-12-19 21:22 - 000000739 ____C C:\Users\skizz\Desktop\Starcom Nexus.lnk
2019-12-18 20:48 - 2019-12-18 20:48 - 000000000 ____D C:\Users\skizz\AppData\Roaming\ScummVM
2019-12-18 20:42 - 2019-12-20 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blade Runner [GOG.com]
2019-12-18 20:42 - 2019-12-18 20:42 - 000000983 _____ C:\Users\Public\Desktop\Blade Runner.lnk
2019-12-18 15:44 - 2019-12-20 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-12-18 04:27 - 2019-12-18 04:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2019-12-17 20:55 - 2019-12-17 20:55 - 000000000 ____D C:\Users\skizz\AppData\Local\GameAnalytics
2019-12-17 20:50 - 2019-12-17 20:50 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\GhostShark Games
2019-12-17 19:15 - 2019-12-17 19:15 - 000003222 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineAll
2019-12-17 19:15 - 2019-12-17 19:15 - 000000000 ___HD C:\Users\skizz\AppData\Roaming\folder
2019-12-17 18:24 - 2019-12-17 18:24 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\Chance Agency
2019-12-17 11:30 - 2019-12-17 11:30 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-12-17 11:30 - 2019-12-17 11:30 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-12-17 11:30 - 2019-12-17 11:30 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-12-17 11:30 - 2019-12-17 11:30 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-12-17 01:57 - 2019-12-17 01:57 - 000000000 ___DC C:\Users\skizz\Documents\TheWild8Backup
2019-12-17 01:54 - 2019-12-17 01:54 - 000000731 ____C C:\Users\skizz\Desktop\The Wild Eight.lnk
2019-12-17 01:54 - 2019-12-17 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Wild Eight
2019-12-16 22:35 - 2019-12-16 22:35 - 000000585 ____C C:\Users\skizz\Desktop\Still There.lnk
2019-12-16 22:04 - 2019-12-16 22:04 - 000000223 ____C C:\Users\skizz\Desktop\Neo Cab Demo.url
2019-12-15 23:33 - 2019-12-13 23:28 - 000052152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2019-12-14 20:32 - 2019-12-14 20:32 - 000000000 ____D C:\Users\skizz\AppData\Roaming\EasyAntiCheat
2019-12-14 20:32 - 2019-12-14 20:32 - 000000000 ____D C:\Users\skizz\AppData\Local\CrashRpt
2019-12-13 03:14 - 2019-12-13 03:14 - 000061749 ____C C:\Users\skizz\Desktop\EJxGm89VUAERo8e.jfif
2019-12-13 03:07 - 2019-12-13 03:07 - 000062984 ____C C:\Users\skizz\Desktop\babyyoda2.webp
2019-12-13 00:43 - 2019-12-13 00:43 - 000000222 ____C C:\Users\skizz\Desktop\Hunt Showdown.url
2019-12-12 22:48 - 2019-12-12 22:48 - 000635636 _____ C:\WINDOWS\Minidump\121219-9562-01.dmp
2019-12-11 23:01 - 2020-01-03 14:20 - 000000000 ___DC C:\Users\skizz\Documents\The Witcher 3
2019-12-11 22:49 - 2019-12-11 23:40 - 000000000 ___DC C:\Users\skizz\Documents\DawnOfMan
2019-12-11 22:49 - 2019-12-11 22:49 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\Madruga Works
2019-12-11 20:15 - 2019-12-11 20:15 - 000000767 ____C C:\Users\skizz\Desktop\Dawn of Man Solstice.lnk
2019-12-11 20:15 - 2019-12-11 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of Man Solstice
2019-12-11 00:23 - 2019-12-08 13:28 - 011843696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-12-11 00:23 - 2019-12-08 13:28 - 010167952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-12-11 00:23 - 2019-12-08 13:28 - 001729440 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-12-11 00:23 - 2019-12-08 13:28 - 001729440 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-12-11 00:23 - 2019-12-08 13:28 - 001329568 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-12-11 00:23 - 2019-12-08 13:28 - 001329568 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-12-11 00:23 - 2019-12-08 13:28 - 001079200 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-12-11 00:23 - 2019-12-08 13:28 - 001079200 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-12-11 00:23 - 2019-12-08 13:28 - 000937888 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-12-11 00:23 - 2019-12-08 13:28 - 000937888 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-12-11 00:23 - 2019-12-08 13:28 - 000451656 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-12-11 00:23 - 2019-12-08 13:28 - 000352712 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-12-11 00:23 - 2019-12-08 13:27 - 001483712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-12-11 00:23 - 2019-12-08 13:27 - 001146880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-12-11 00:23 - 2019-12-08 13:27 - 000824256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-12-11 00:23 - 2019-12-08 13:27 - 000684992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-12-11 00:23 - 2019-12-08 13:27 - 000676608 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-12-11 00:23 - 2019-12-08 13:27 - 000557072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-12-11 00:23 - 2019-12-08 13:27 - 000545296 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 040510424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 035380264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 017462424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 015030896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 005382024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 004717656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 002076064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 001727920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6444166.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 001568504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 001491472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6444166.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 001371648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 001064840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 000812800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-12-11 00:23 - 2019-12-08 13:26 - 000659152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-10 21:26 - 2019-12-10 21:26 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-10 21:26 - 2019-12-10 21:26 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-10 21:26 - 2019-12-10 21:26 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-10 21:26 - 2019-12-10 21:26 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-10 21:26 - 2019-12-10 21:26 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-10 21:26 - 2019-12-10 21:26 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-10 21:26 - 2019-12-10 21:26 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-10 21:26 - 2019-12-10 21:26 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-10 21:26 - 2019-12-10 21:26 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-10 21:26 - 2019-12-10 21:26 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-10 21:26 - 2019-12-10 21:26 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-10 21:26 - 2019-12-10 21:26 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-10 21:25 - 2019-12-10 21:26 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-10 21:25 - 2019-12-10 21:25 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-10 21:25 - 2019-12-10 21:25 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-10 21:25 - 2019-12-10 21:25 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-10 21:25 - 2019-12-10 21:25 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-10 21:25 - 2019-12-10 21:25 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-10 21:25 - 2019-12-10 21:25 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-10 02:33 - 2019-12-10 02:34 - 000000000 ___DC C:\Users\skizz\Documents\Rockstar Games
2019-12-10 02:33 - 2019-12-10 02:34 - 000000000 ____D C:\Users\skizz\AppData\Local\Rockstar Games
2019-12-10 02:32 - 2019-12-10 02:32 - 000000872 ____C C:\Users\skizz\Desktop\Rockstar Games Launcher.lnk
2019-12-10 02:32 - 2019-12-10 02:32 - 000000000 ___DC C:\Users\skizz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2019-12-10 02:32 - 2019-12-10 02:32 - 000000000 ____D C:\ProgramData\Rockstar Games
2019-12-10 02:32 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2019-12-10 02:32 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2019-12-10 02:32 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2019-12-10 02:32 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2019-12-10 02:32 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2019-12-10 02:32 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2019-12-10 02:32 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2019-12-10 02:32 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2019-12-10 02:32 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2019-12-10 02:32 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2019-12-10 02:32 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2019-12-10 02:32 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2019-12-10 02:32 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2019-12-10 02:32 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2019-12-10 02:32 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2019-12-10 02:32 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2019-12-10 02:32 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2019-12-10 02:32 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2019-12-10 02:32 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2019-12-10 02:32 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2019-12-10 02:32 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2019-12-10 02:32 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2019-12-10 02:32 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2019-12-10 02:32 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2019-12-10 02:32 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2019-12-10 02:32 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2019-12-10 02:32 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2019-12-10 02:32 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2019-12-10 02:32 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2019-12-10 02:32 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2019-12-10 02:32 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2019-12-10 02:32 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2019-12-10 02:32 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2019-12-10 02:32 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2019-12-10 02:32 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2019-12-10 02:32 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2019-12-10 02:32 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2019-12-10 02:32 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2019-12-10 02:32 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2019-12-10 02:32 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2019-12-10 02:32 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2019-12-10 02:32 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2019-12-10 02:32 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2019-12-10 02:32 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2019-12-10 02:32 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2019-12-10 02:32 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2019-12-10 02:32 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2019-12-10 02:32 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2019-12-10 02:32 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2019-12-10 02:32 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2019-12-10 02:32 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2019-12-10 02:32 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2019-12-10 02:32 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2019-12-10 02:32 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2019-12-10 02:32 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2019-12-10 02:32 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2019-12-10 02:32 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2019-12-10 02:32 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2019-12-10 02:32 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2019-12-10 02:32 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2019-12-10 02:32 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2019-12-10 02:32 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2019-12-10 02:32 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2019-12-10 02:32 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2019-12-10 02:32 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2019-12-10 02:32 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2019-12-10 02:32 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2019-12-10 02:32 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2019-12-10 02:32 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2019-12-10 02:32 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2019-12-10 02:32 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2019-12-10 02:32 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2019-12-10 02:32 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2019-12-10 02:32 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2019-12-10 02:32 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2019-12-10 02:32 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2019-12-10 02:32 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2019-12-10 02:32 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2019-12-10 02:32 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2019-12-10 02:32 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2019-12-10 02:32 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2019-12-10 02:32 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2019-12-10 02:32 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2019-12-10 02:32 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2019-12-10 02:32 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2019-12-10 02:32 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2019-12-10 02:32 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2019-12-10 02:32 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2019-12-10 02:32 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2019-12-10 02:32 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2019-12-10 02:32 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2019-12-10 02:32 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2019-12-10 02:32 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2019-12-10 02:32 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2019-12-10 02:32 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2019-12-10 02:32 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2019-12-10 02:32 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2019-12-10 02:32 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2019-12-10 02:32 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2019-12-10 02:32 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2019-12-10 02:32 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2019-12-10 02:32 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2019-12-10 02:32 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2019-12-10 02:32 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2019-12-10 02:32 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2019-12-10 02:32 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2019-12-10 02:32 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2019-12-10 02:32 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2019-12-10 02:32 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2019-12-10 02:32 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2019-12-10 02:32 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2019-12-10 02:32 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2019-12-10 02:32 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2019-12-10 02:32 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2019-12-10 02:32 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2019-12-10 02:32 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2019-12-10 02:32 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2019-12-10 02:32 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2019-12-10 02:32 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2019-12-10 02:32 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2019-12-10 02:32 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2019-12-10 02:32 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2019-12-10 02:32 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2019-12-10 02:32 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2019-12-10 02:32 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2019-12-10 02:32 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2019-12-10 02:32 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2019-12-10 02:32 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2019-12-10 02:32 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2019-12-10 02:32 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2019-12-10 02:32 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2019-12-10 02:32 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2019-12-10 02:32 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2019-12-10 02:32 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2019-12-10 02:32 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2019-12-10 02:32 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2019-12-10 02:32 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2019-12-10 02:32 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2019-12-10 02:32 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2019-12-10 02:32 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2019-12-10 02:32 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2019-12-10 02:32 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2019-12-10 02:32 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2019-12-10 02:32 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2019-12-10 02:32 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2019-12-10 02:32 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2019-12-10 02:32 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2019-12-10 02:32 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2019-12-10 02:32 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2019-12-10 02:30 - 2019-12-10 02:33 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-12-10 02:29 - 2019-12-10 02:33 - 000000000 ____D C:\Program Files\Rockstar Games
2019-12-10 02:26 - 2019-12-10 02:26 - 000000279 ____C C:\Users\skizz\Desktop\Red Dead Redemption 2.url
2019-12-09 22:32 - 2019-12-09 22:32 - 000000222 ____C C:\Users\skizz\Desktop\The Witcher 3 Wild Hunt.url
2019-12-09 18:44 - 2019-12-09 19:15 - 000000000 ___DC C:\Users\skizz\Documents\Xenia
2019-12-08 23:52 - 2019-12-08 23:52 - 000000000 ____D C:\Users\skizz\AppData\Roaming\UnrealEngine
2019-12-08 23:52 - 2019-12-08 23:52 - 000000000 ____D C:\Users\skizz\AppData\Roaming\Arise
2019-12-08 23:47 - 2019-12-08 23:52 - 000000780 ____C C:\Users\skizz\Desktop\Arise A Simple Story.lnk
2019-12-08 23:47 - 2019-12-08 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arise A Simple Story
2019-12-08 20:39 - 2019-12-08 20:39 - 000000000 ___DC C:\Users\skizz\Documents\Assassin's Creed Origins
2019-12-08 20:10 - 2019-12-31 15:25 - 000000940 ____C C:\Users\skizz\Desktop\Assassins Creed Origins The Curse of the Pharaohs.lnk
2019-12-08 20:10 - 2019-12-08 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Origins The Curse of the Pharaohs
2019-12-08 02:36 - 2019-12-08 02:36 - 000000860 ____C C:\Users\skizz\Desktop\Remnant From The Ashes Letos Lab.lnk
2019-12-08 02:36 - 2019-12-08 02:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remnant From The Ashes Letos Lab
2019-12-07 23:08 - 2019-12-07 23:08 - 000000000 ____D C:\Users\skizz\AppData\Local\Remnant
2019-12-07 03:31 - 2019-12-07 03:31 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\Unknown
2019-12-07 03:30 - 2017-09-15 01:12 - 018646528 ____C C:\Users\skizz\Desktop\RoomOfRoilands.exe
2019-12-07 01:32 - 2019-12-07 01:32 - 000001235 _____ C:\Users\skizz\AppData\Local\recently-used.xbel
2019-12-05 16:00 - 2019-12-05 16:06 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\MCC
2019-12-05 16:00 - 2019-12-05 16:00 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\UnrealEngine
2019-12-05 10:40 - 2019-12-05 10:40 - 000001271 ____C C:\Users\skizz\Desktop\Halo The Master Chief Collection Halo Reach.lnk
2019-12-05 10:40 - 2019-12-05 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halo The Master Chief Collection Halo Reach
2019-12-05 10:08 - 2019-12-05 10:08 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\Thunder Lotus Games
2019-12-05 10:04 - 2019-12-05 10:04 - 000000276 ____C C:\Users\skizz\Desktop\Jotun Valhalla Edition.url
2019-12-04 00:51 - 2019-12-04 00:53 - 000000837 ____C C:\Users\skizz\Desktop\PS3 Game Updates.lnk
2019-12-04 00:51 - 2019-12-04 00:51 - 000000000 ___DC C:\Users\skizz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PS3 Game Updates

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-03 15:10 - 2019-09-13 05:04 - 000000000 ____D C:\Users\skizz\AppData\Roaming\Everything
2020-01-03 14:50 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-03 14:46 - 2017-08-04 02:32 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-03 14:17 - 2018-04-14 19:40 - 000000000 ___DC C:\Users\skizz\AppData\Local\CrashDumps
2020-01-03 14:02 - 2018-08-31 21:43 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2020-01-03 13:57 - 2019-01-02 15:46 - 000000000 ___DC C:\Users\skizz\AppData\Roaming\bandlab-assistant
2020-01-03 10:32 - 2018-04-13 14:47 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-01-03 10:26 - 2018-04-11 23:48 - 000000000 ____D C:\Program Files (x86)\Steam
2020-01-03 09:17 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-03 09:17 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-02 14:24 - 2019-09-12 22:23 - 000003132 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2020-01-02 08:08 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-01-01 22:36 - 2018-04-12 11:47 - 000000000 ___DC C:\Users\skizz\AppData\Local\ElevatedDiagnostics
2020-01-01 17:50 - 2019-03-18 20:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2020-01-01 16:52 - 2019-09-12 22:26 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-01 16:52 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-01 16:45 - 2019-09-12 22:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-01 16:39 - 2019-03-18 20:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-01-01 16:30 - 2019-09-13 05:04 - 000000000 ____D C:\Users\skizz\AppData\Local\Everything
2019-12-31 16:05 - 2018-09-19 07:01 - 000000000 ___DC C:\Users\skizz\Documents\TheWildEight
2019-12-31 12:32 - 2019-09-12 22:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-27 11:48 - 2019-09-12 19:55 - 000000000 ____D C:\Windows10Upgrade
2019-12-26 11:29 - 2018-04-11 20:08 - 000000000 ___DC C:\Users\skizz\AppData\Local\Packages
2019-12-26 01:49 - 2018-06-21 00:30 - 000000000 ___DC C:\Users\skizz\AppData\Local\Plex Media Server
2019-12-25 21:08 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-12-25 20:56 - 2019-03-18 20:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-12-25 20:55 - 2018-09-13 18:17 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-25 19:45 - 2017-05-03 23:22 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-12-25 18:27 - 2019-08-17 13:33 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-12-25 18:27 - 2019-08-17 13:33 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-12-25 18:27 - 2019-08-17 13:33 - 000002059 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-25 01:51 - 2019-05-15 09:43 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-12-25 01:51 - 2019-05-15 09:43 - 000002415 _____ C:\Users\Public\Desktop\Brave.lnk
2019-12-25 01:51 - 2018-04-12 00:09 - 000002339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-25 01:51 - 2018-04-12 00:09 - 000002298 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-25 00:38 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-24 20:10 - 2019-09-12 22:18 - 000000000 ____D C:\Users\skizz
2019-12-24 04:58 - 2019-02-24 16:23 - 000000000 ___DC C:\Users\skizz\AppData\Roaming\qBittorrent
2019-12-24 01:57 - 2018-10-20 20:35 - 000000000 ___DC C:\Users\skizz\AppData\Roaming\vlc
2019-12-23 21:16 - 2018-06-21 00:20 - 000000000 ___DC C:\Users\skizz\AppData\Roaming\HexChat
2019-12-22 17:25 - 2018-04-13 14:47 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2019-12-21 00:44 - 2019-01-02 07:27 - 000000000 ___DC C:\Users\skizz\AppData\Local\PlaceholderTileLogoFolder
2019-12-21 00:34 - 2019-05-13 18:45 - 000000000 ____D C:\Users\skizz\Desktop\Sekiro_FPS
2019-12-20 23:20 - 2019-10-16 01:30 - 000000000 ____D C:\WINDOWS\Minidump
2019-12-20 23:20 - 2019-02-14 09:06 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-12-20 23:20 - 2017-08-04 02:43 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2019-12-20 22:56 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\registration
2019-12-20 21:46 - 2018-12-21 18:18 - 000000000 ___DC C:\Users\skizz\AppData\Local\EpicGamesLauncher
2019-12-20 13:40 - 2019-10-16 01:30 - 1233330605 _____ C:\WINDOWS\MEMORY.DMP
2019-12-18 19:24 - 2018-07-03 09:26 - 000000000 ___DC C:\Users\skizz\AppData\LocalLow\Mozilla
2019-12-18 15:44 - 2018-06-30 17:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-12-18 04:27 - 2017-08-04 02:25 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-16 22:27 - 2019-02-04 08:43 - 000000052 ____C C:\Users\skizz\AppData\Roaming\~SiMPLEX.ini
2019-12-16 22:04 - 2018-04-11 23:54 - 000000000 ___DC C:\Users\skizz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-12-13 23:28 - 2019-10-14 15:12 - 000031880 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2019-12-13 23:28 - 2019-09-12 22:34 - 001320376 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2019-12-13 23:28 - 2019-09-12 22:34 - 000149432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2019-12-13 23:28 - 2019-09-12 22:34 - 000088200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2019-12-13 14:22 - 2019-09-12 22:23 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-13 14:22 - 2019-09-12 22:23 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-13 04:05 - 2018-09-10 19:26 - 000000000 ___DC C:\Users\skizz\AppData\Local\Origin
2019-12-13 04:05 - 2018-09-10 19:26 - 000000000 ____D C:\ProgramData\Origin
2019-12-12 19:43 - 2017-08-04 03:15 - 000000000 ____D C:\Program Files\Microsoft Office
2019-12-12 01:09 - 2019-05-08 00:21 - 000000000 ____D C:\Users\skizz\AppData\Local\NVIDIA
2019-12-11 11:05 - 2019-09-12 22:15 - 000436824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-11 03:55 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-11 03:55 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-11 03:55 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-11 00:25 - 2018-04-11 22:09 - 000000000 ____D C:\Temp
2019-12-10 21:30 - 2018-04-13 17:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-10 21:27 - 2018-04-13 17:17 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-10 02:34 - 2018-06-19 20:05 - 000000000 ___DC C:\Users\skizz\AppData\Local\D3DSCache
2019-12-10 02:33 - 2018-06-19 11:50 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-12-08 09:20 - 2019-09-11 01:03 - 004957288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-12-08 09:20 - 2019-09-11 01:03 - 004224176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-12-07 01:32 - 2018-06-21 00:25 - 000000000 ___DC C:\Users\skizz\AppData\Local\gtk-2.0
2019-12-06 22:09 - 2019-03-18 20:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-12-06 19:09 - 2019-09-11 01:03 - 000055685 _____ C:\WINDOWS\system32\nvinfo.pb
2019-12-06 17:21 - 2019-03-09 12:14 - 005562208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-12-06 17:21 - 2019-03-09 12:14 - 002652712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-12-06 17:21 - 2019-03-09 12:14 - 001768456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-12-06 17:21 - 2019-03-09 12:14 - 000670744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-12-06 17:21 - 2019-03-09 12:14 - 000455152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-12-06 17:21 - 2019-03-09 12:14 - 000129392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-12-06 17:21 - 2019-03-09 12:14 - 000083392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-12-04 02:50 - 2019-03-09 12:14 - 008800072 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Files in the root of some directories ========

2019-02-04 12:48 - 2019-09-12 20:55 - 000000182 ____C () C:\Users\skizz\AppData\Roaming\sp_data.sys
2019-02-04 08:43 - 2019-12-16 22:27 - 000000052 ____C () C:\Users\skizz\AppData\Roaming\~SiMPLEX.ini
2019-12-07 01:32 - 2019-12-07 01:32 - 000001235 _____ () C:\Users\skizz\AppData\Local\recently-used.xbel
2018-10-20 19:50 - 2018-10-20 19:50 - 000000003 ____C () C:\Users\skizz\AppData\Local\updater.log
2018-10-20 19:50 - 2018-10-20 19:50 - 000000425 ____C () C:\Users\skizz\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

Please post the Fixlog.txt and let me know if the problem persists.

p.s.
Attach the Addition.txt log that was created by running the Farbar program.
I need to review it.

fixlist.txt

Link to post
Share on other sites

Fixlog attached. 

 

I am still unable to enable windows firewall. Clicking "use recommended settings" button (see screenshot) is unsuccessful. 

 

Addition.txt was attached above with the initial frst.txt scan. Should I run the frst (i.e. farbar?) scan again now and provide a new FRST.txt and a new Addition.txt file?

 

Thank you for your help. 

 

 

IMG_20200104_133628.jpg

IMG_20200104_133927.jpg

Fixlog.txt

Link to post
Share on other sites

Not sure if I should continue trying different anti malware tools or wait for your next direction. I tried Microsoft's malicious software removal tool and safety scanner. The 2nd tool removed reported malware (see screenshot). 

IMG_20200104_152940.jpg

Link to post
Share on other sites

Hi,

Yes please submit fresh FRST.TXT and Addition.txt logs.

The fixlog shows that a Restore point was created.

Is this correct?

Link to post
Share on other sites

Yes, the System Restore Point was created. There is a note that says "restore point created by FRST". I believe that this action was included in the fix script that you provided. But there appears to only be 1 restore point. I am sure that I created one last week and maybe another just a couple days ago. Where did they go? 

 

**I am still unable to activate Windows Firewall. **

 

P. S. How do we know that hackers are not joining this forum and offering to "help" but instead they provide instructions to REALLY hack your computer, steal your info, and mess you up? How do I know that you are an official representative or that you are qualified to help and have good intentions? 

(And please understand that I mean no offense, it is simply a question and I am very thankful for your assistance.)

 

 

IMG_20200105_094229.jpg

IMG_20200105_094245.jpg

IMG_20200105_094304.jpg

1578245836066_FRST.txt 1578245834233_Addition.txt

Link to post
Share on other sites

Please ignore my question about credentials. I read the moderators post about who is authorized to respond and learned about your designation as "expert". 

Link to post
Share on other sites

Hi,

It is recommended the system restore have a minimum of 10% or free space.

If you cannot increase it see if you can delete or move personal file to an External disk.
===

Let check on the Firewall.

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services
  
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

Link to post
Share on other sites
Posted (edited)

I increased system restore to 10% on every drive. Not excessive? I'm thinking that instead of system restore (which is often vulnerable to corruption/deletion by malware and simply running out of space), I should start creating a backup of my entire OS / c:/ drive, and keep it on an external drive or in the cloud. Then I can restore the backup just like a system restore. But the backup might be safer and hopefully more effective. And I might not have the problem I'm having now... 

 

Below is the log you requested:

 

Farbar Service Scanner Version: 14-12-2019
Ran by skizz (administrator) on 06-01-2020 at 18:10:23
Running from "C:\Users\skizz\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc: "%SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p".
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
 

 

Edited by AdvancedSetup
updated font issue
Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know if the problem persists with WD and the Firewall.

===

 

I should start creating a backup of my entire OS / c:/ drive, and keep it on an external drive or in the cloud. Then I can restore the backup just like a system restore. But the backup might be safer and hopefully more effective. And I might not have the problem I'm having now...

This is a very good idea to protect against and Ransomware infection where all your data, pictures documents are encrypted.
The external drive must not be connected to the computer.
If it is  and you get infected while external driver connected it will be damaged and not recoverable. 

fixlist.txt

Link to post
Share on other sites

Hi


Open the Addition.txt log and look at your PATH SETTINGS.
under this key - HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path

The P:  driver is not listed.

Can you please Create a new folder and name it FRST on the control panel of the C:\ drive.
Copy the Farbar program on the new folder.

Copy the last Fixlist.txt file to the FRST folder.

Run Farbar and run the fix.

If the problem persists please run the Farbar program scan the computer and post fresh FRST.TXT and Addition.txt logs for my review.

Link to post
Share on other sites

You said to create the new folder on the "control panel" of the c drive. Is this correct? Did you mean root folder? Desktop? How do I create in the control panel? I added the new folder here:

C:/FRST

I also ran your fixlist and experienced the same results. I'm unable to start any of these core services/firewalls.

 

Are there any 3rd party software/antivirus or firewall that I should download and use now for protection? Until we can fix these issues? 

I'll add the new logs below. 

Thank you.

Link to post
Share on other sites

Hi,

As requested

If the problem persists please run the Farbar program scan the computer and post fresh FRST.TXT and Addition.txt logs for my review.

 

Link to post
Share on other sites

Hi,

Remove Bitdefender for now.
Download and run their uninstaller tool from this site.
This will remove all traces of the program.
https://www.bitdefender.com/uninstall/

Restart the computer when the removal is completed.
-----

Check and find out if Windows Defender is enabled.

Do not reinstall the program just yet. Let me know what problem persists.

Link to post
Share on other sites

Should I reprocess the fixlist you provided in the past? The one that restarts all of the windows services? Or should these services all automatically start with a standard reboot?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.