mr47steam Posted October 31, 2020 ID:1417667 Share Posted October 31, 2020 Hello, I think I have a malware problem on my computer. Several days ago 29/10/2020 I was playing a game: HITMAN 2 and it run smoothly with no problems as it normally does. About an hour later I decided to download a movie from a torrent website (apologies if you disapprove) https://kickasstorrents.cr/the-lord-of-the-rings-the-fellowship-of-the-ring-2001-extended-1080p-10bit-bluray-6ch-x265-hevc-psa-t4607656.html (download at your own discretion if you wish to inspect the file) I've used this torrent site for years and had no problems, however this file didnt open any movie and flat out didnt work, so I deleted it immediately. Soon after that, I launched HITMAN 2 again and this time, after several minutes of playtime, the game begins to stutter and memory usage goes up to 99% in task manager (something I'm pretty sure didnt happen before). This happens every time I run the game now. The only thing that has changed on my computer in between running the game those two times was the new suspicious torrent files, so I am fairly certain that causes the problem. I have since uninstalled uTorrent and all files which went along with it (at least I think I did) just in case. Since then I have run scans with Malwarebytes, HitmanPro, SuperAntiSpyware, CCleaner, Avira, Avast, AdwCleaner and TDSSkiller (all free versions, downloaded since the problem begun) in safe mode, and while some of them did detect a few threats and quarantined them, the game stuttering problem remains. I have looked through each process and service in task manager when the computer is idle, and can't find anything particularly suspicious or unusual, but that may be just me. Some of the files detected by the scans were located in SysWOW64 and I also have my reservations about several files I have found in System32, as they appear to be videofiles with the "last modified" date at around the time I downloaded the torrent file. However I don't know if these suspicions are correct. I dont have much experience with IT and mostly use the computer to play games or browse the internet, but I tried my best to resolve the issue with advice found in various forums and articles, but still no success. Thank you for reading and hope you can help me. Link to post Share on other sites More sharing options...
kevinf80 Posted October 31, 2020 ID:1417686 Share Posted October 31, 2020 Hello mr47steam and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
mr47steam Posted November 1, 2020 Author ID:1417722 Share Posted November 1, 2020 Hello, thank you for your help. I have followed your instructions although I already had Malwarebytes as well as AdwCleaner installed and am using Windows 7 64 bit. I have also included a screenshot of something detected by windows security essentials earlier today. Here are the logs you requested: Malwarebytes scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/1/20 Scan Time: 12:49 AM Log File: 1e93821e-1bdc-11eb-a9e7-d850e6baba02.json -Software Information- Version: 4.2.2.95 Components Version: 1.0.1096 Update Package Version: 1.0.32308 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: MR47-PC\Rysiu -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 269020 Threats Detected: 7 Threats Quarantined: 7 Time Elapsed: 19 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, 193, 236865, , , , , , PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, 193, 236865, , , , , , PUP.Optional.Conduit, HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, 193, 236865, 1.0.32308, , ame, , , Registry Value: 2 PUP.Optional.Conduit, HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, 193, 236865, 1.0.32308, , ame, , , PUP.Optional.Conduit, HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, 193, 236865, 1.0.32308, , ame, , , Registry Data: 1 PUP.Optional.Conduit, HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 193, 293058, 1.0.32308, , ame, , , Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.BundleInstaller, C:\USERS\RYSIU\DOWNLOADS\UTORRENT (1).EXE, Quarantined, 516, 790622, 1.0.32308, , ame, , 021DB6AE2083C0DD60B343BBB78B2EA8, CDCA0C3E8950AC521395D73CFE10078AE5977827CAE5457CF18999793ED800B6 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Older Malwarebytes scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/31/20 Scan Time: 2:57 AM Log File: caada0b1-1b24-11eb-a220-000000000000.json -Software Information- Version: 4.2.2.95 Components Version: 1.0.1096 Update Package Version: 1.0.32260 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: MR47-PC\Rysiu -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 266288 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 9 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4286441355, C:\USERS\RYSIU\APPDATA\ROAMING\UTORRENT\UPDATES\3.4.9_43295.EXE, Quarantined, 1000000, 0, 1.0.32260, 2BD38B3CCA892262FF7DE78B, dds, 00963281, B657BB057C2CC7B0EC5E7B30FA573729, B80EFB7F8A27C16C014A4EFA41AE362E4B26E508C57F09F294FD4E0A4C7D740D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Oldest Malwarebytes scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/29/20 Scan Time: 10:23 PM Log File: 595dde38-1a35-11eb-927e-d850e6baba02.json -Software Information- Version: 4.2.2.95 Components Version: 1.0.1096 Update Package Version: 1.0.32214 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: MR47-PC\Rysiu -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 267495 Threats Detected: 26 Threats Quarantined: 26 Time Elapsed: 9 min, 26 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\WebDiscoverBrowser, Quarantined, 1729, 253912, 1.0.32214, , ame, , , PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, 1729, 253915, 1.0.32214, , ame, , , PUP.Optional.InstallCore, HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\CSASTATS\ic, Quarantined, 507, 586068, 1.0.32214, , ame, , , PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, Quarantined, 1729, 253915, 1.0.32214, , ame, , , Registry Value: 1 PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|okobbkjieahoombnpchkalmccifhjfoa, Quarantined, 1824, 867816, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 Adware.PremierOpinion, C:\PROGRAM FILES (X86)\PREMIEROPINION, Quarantined, 836, 729333, 1.0.32214, , ame, , , Adware.MobileGenie, C:\USERS\RYSIU\APPDATA\LOCAL\GENIENEXT, Quarantined, 2647, 770848, 1.0.32214, , ame, , , PUP.Optional.MindSpark.Generic, C:\USERS\RYSIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\okobbkjieahoombnpchkalmccifhjfoa, Quarantined, 1824, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\USERS\RYSIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OKOBBKJIEAHOOMBNPCHKALMCCIFHJFOA, Quarantined, 1824, 867816, 1.0.32214, , ame, , , File: 17 Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\readme.txt, Quarantined, 836, 729333, , , , , D34B7B509901A90076CC587E8707DD83, 3677CC4EB3491303095E964058A6281C1B02B244234533968CA2E31D9820EA3C PUP.Optional.MindSpark.Generic, C:\USERS\RYSIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1824, 867816, , , , , 7E3034789614A4DD5766D0BED7F5EF65, 95763A5B2F582103C055F535F2E9C093A923DC38729FF7D6916E98FF7B2CA998 PUP.Optional.MindSpark.Generic, C:\USERS\RYSIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1824, 867816, , , , , 353E9AFBDFE776AA02D3F377BCAC27C6, B06A08D2874F4A84B9C6360D029B999BFC798F741658A25E60A4C4F955D0540A PUP.Optional.MindSpark.Generic, C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okobbkjieahoombnpchkalmccifhjfoa\000003.log, Quarantined, 1824, 867816, , , , , BB3DCD2582F4FEE9ACFD4DF77EBF4D7E, D7CE77DBC2664F4404AC4346275EAE8515CCAAA3AC450DD6BEDA126BC98920E4 PUP.Optional.MindSpark.Generic, C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okobbkjieahoombnpchkalmccifhjfoa\CURRENT, Quarantined, 1824, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.MindSpark.Generic, C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okobbkjieahoombnpchkalmccifhjfoa\LOCK, Quarantined, 1824, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okobbkjieahoombnpchkalmccifhjfoa\LOG, Quarantined, 1824, 867816, , , , , D9FE2F16500B0188B33E4225AF0A7E16, 2B9310CEF5E7BEFA97BC31C934663764EE2404621E6B84E52449FEE6233F9168 PUP.Optional.MindSpark.Generic, C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\okobbkjieahoombnpchkalmccifhjfoa\MANIFEST-000001, Quarantined, 1824, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\USERS\RYSIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OKOBBKJIEAHOOMBNPCHKALMCCIFHJFOA\13.955.18.60892_0\MANIFEST.JSON, Quarantined, 1824, 867816, 1.0.32214, , ame, , 1F867D16C31D479B6CD8E812C1E80B06, 230B6E1515A023F679AD000F07E25A24F22C8C537CD791D5241C14DF2B704F51 Adware.InstallCore, C:\USERS\RYSIU\DOWNLOADS\KINGOROOT.EXE, Quarantined, 508, 650796, 1.0.32214, , ame, , 14EA546DF40C0F969F0C5940C723552A, F2F8A455109EA335A4EE1772C4EA55AB4721C99E02654106BA88A0FE374C105A Generic.Malware/Suspicious, C:\USERS\RYSIU\DOWNLOADS\OSDOWNLOADER-INSTALLER_1922739830.EXE, Quarantined, 0, 392686, 1.0.32214, , shuriken, , F18EA8E4B96082A92231DDB7FB5C9143, 4E8B1767DA81A34ECD0EDAB7C12A81F3CA8D364B8E0CA2BCB304B1048F0D42F0 Generic.Malware/Suspicious, C:\WINDOWS\TEMP\_AVAST_\UNP241983831.TMP, Quarantined, 0, 392686, 1.0.32214, , shuriken, , 0618D602B5B4B3F465D7BC93828FD6E0, 979FB54ACC4E2615713389E1ACDB7C02071827E4483E9434749F5220EAFB854C PUP.Optional.InstallCore, C:\USERS\RYSIU\DOWNLOADS\INSTALLER.EXE, Quarantined, 507, 522074, 1.0.32214, , ame, , 138AC23F75D1078F321AD9114B3DF07B, 167B5F75029743048681614B8A251CFB7461817BB3B0F7AE7431855BA415A026 Generic.Malware/Suspicious, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Windows Movie Maker.lnk, Quarantined, 0, 392686, , , , , 1D9E98E57E2607D7245BEE536913D684, A1585582085FE667C3678C0E6D023846B70AAE660DB492DA0E45BC8449ADCA9F Generic.Malware/Suspicious, C:\USERS\PUBLIC\Desktop\Windows Movie Maker.lnk, Quarantined, 0, 392686, , , , , 1D9E98E57E2607D7245BEE536913D684, A1585582085FE667C3678C0E6D023846B70AAE660DB492DA0E45BC8449ADCA9F Generic.Malware/Suspicious, C:\USERS\RYSIU\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Windows Movie Maker.lnk, Quarantined, 0, 392686, , , , , DD6A6D5FEDA29E3EA3D9568918DC73F3, 5052D5E72E89F8EFBEF15566A59704445ADDCA79705E36AFD9EAE66E40335712 Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\WINDOWS LIVE\PHOTO GALLERY\WINMOVIEMAKER.EXE, Quarantined, 0, 392686, 1.0.32214, , shuriken, , 11E1A1485EFA62F67EBB7D68191769A2, 46D4CC26818261050A1D9A6E5F4EB4FA4C0766EDBD9A53FF0BFC1277345CD9A3 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) AdwCleaner scan: # ------------------------------- # Malwarebytes AdwCleaner 8.0.8.0 # ------------------------------- # Build: 10-08-2020 # Database: 2020-09-29.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 11-01-2020 # Duration: 00:00:02 # OS: Windows 7 Home Premium # Cleaned: 4 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [55362 octets] - [31/10/2020 13:58:22] AdwCleaner[C00].txt - [48167 octets] - [31/10/2020 13:59:10] AdwCleaner[S01].txt - [1880 octets] - [01/11/2020 01:24:24] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020 Ran by Rysiu (administrator) on MR47-PC (01-11-2020 01:34:16) Running from C:\Users\Rysiu\Downloads Loaded Profiles: Rysiu Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Users\Rysiu\Desktop\AdwCleaner.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4072376 2018-01-17] (Comodo Security Solutions, Inc. -> COMODO) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Run: [] => [X] HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11219376 2020-10-20] (Support.com Inc -> SUPERAntiSpyware) HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Policies\system: [shell] explorer.exe <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {098C70FB-23E1-4642-B996-0C93C353E8E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-20] (Google LLC -> Google LLC) Task: {0EE85D52-4E2B-44B9-A5F4-04A41F8B75E2} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {151A3465-644A-413C-81D0-AB35998C88E2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {2204B548-B76D-4E21-856B-B6D2676CCD10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-20] (Google LLC -> Google LLC) Task: {2CD07463-EAE7-48B0-9BA4-01FAA840B9D7} - System32\Tasks\{A6914F55-5D5D-4A47-AB79-E47038378197} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\ Task: {36A22032-D28F-48E8-9738-7BCF00CBC076} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3BA29DBA-8EFF-4A1C-9D7E-B34003314C2D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe Task: {3CCC2364-FD9B-4ACD-B3FE-26AB32FA2271} - System32\Tasks\{03E29A20-5C2A-4950-813B-0460E765AC19} => C:\Windows\system32\pcalua.exe -a "C:\Users\Rysiu\Downloads\vcredist_x86 (3).exe" -d C:\Users\Rysiu\Downloads Task: {3CEEA9C4-439C-4E4D-A955-234D67DA5F2E} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [5875840 2012-01-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {4267E910-BCAF-4014-816B-0E291D9A3DF5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-13] (Adobe Inc. -> Adobe) Task: {473DAF73-90F8-4038-81D9-A00E0938752F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd) Task: {479B2974-0A21-42D1-86B4-89DAF750B70D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_pepper.exe [1497656 2020-10-13] (Adobe Inc. -> Adobe) Task: {522DC138-8244-4DBD-B670-0B3524024941} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd) Task: {535626FE-EA44-4B71-A20B-CE24B4D004E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe) Task: {60891CC4-9EDB-42E0-B244-D1D10C6B13DA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {6C4EBE9D-88C8-4C32-A240-5BE7AF60EEA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {87ED603A-858B-4F57-9607-D3986C83FF6A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645240 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {8D897B69-AFDC-4A06-9911-29DBD75A6997} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.) Task: {938E242A-EF78-42E2-86C9-0B1E3F4AE57C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {94F585F0-CEA8-4558-8B55-91CC2BF54049} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {9C75F73A-50A5-4010-9EA2-A2AA4A925B69} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645240 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {9EADF39D-03ED-41BA-AB52-B2E2878417D3} - \DNSUMBARGER -> No File <==== ATTENTION Task: {A8C9229C-003A-4E5E-86AD-6E43671F1426} - System32\Tasks\AdobeAAMUpdater-1.0-Rysiu-PC-Rysiu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {AA2A7DDA-4E2F-4627-87B8-22935E52AA25} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1124536 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {AFCDC2B6-EC58-4329-9956-E5D1BA1BCC8B} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645240 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {B3E59CEA-6D90-45AD-A4B6-A3FE248739FB} - System32\Tasks\{C2DD6C52-AA99-4EE5-903A-AA3145E07FDA} => C:\Windows\system32\pcalua.exe -a "C:\Users\Rysiu\Downloads\vcredist_x64 (2).exe" -d C:\Users\Rysiu\Downloads Task: {BD3CADA7-6C38-47E3-A6DF-740B328893EA} - System32\Tasks\{D847BC38-E293-4129-84BF-AFC54A5EF441} => C:\Windows\system32\pcalua.exe -a C:\Users\Rysiu\Downloads\msiinv\msiinv.exe -d C:\Users\Rysiu\Downloads\msiinv Task: {C59F6550-28DF-4591-88E1-613310A19E28} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle America, Inc. -> Oracle Corporation) Task: {D94105DA-E388-48D5-9EB2-0556AF628E71} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {EBEAB95F-B4D6-42B7-BDA9-7EF2599A1E37} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe Task: {F2DAA2E8-B0B1-4440-A31D-18C9906B2902} - System32\Tasks\{D9AED3A5-E454-4343-9861-012B09832F1E} => C:\Windows\system32\pcalua.exe -a C:\Users\Rysiu\Downloads\RemoveOnRebootSetup.exe -d C:\Users\Rysiu\Downloads (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{77EC785D-E222-42AE-89B8-AB615EDFD573}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{AE397CBB-ECE5-4121-AB0C-17D2604FCC89}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{AE397CBB-ECE5-4121-AB0C-17D2604FCC89}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{F64ADBCA-3657-401E-91A8-433F97F5E2BD}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{F64ADBCA-3657-401E-91A8-433F97F5E2BD}: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found FF HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Firefox\Extensions: [{30b2f2f3-2f94-48b2-b3a4-5244f212bbd3}] - C:\Program Files (x86)\ViewPassword\150.xpi => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\190.7.0\\npsitesafety.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-25] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default [2020-11-01] CHR DownloadDir: C:\Users\Rysiu\Downloads CHR HomePage: Default -> hxxp://www.google.co.uk/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR Extension: (Safe Torrent Scanner) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2020-10-31] CHR Extension: (Google Drive) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21] CHR Extension: (TV) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-12-26] CHR Extension: (YouTube) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04] CHR Extension: (Honey) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-10-26] CHR Extension: (Avira Safe Shopping) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-10-29] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-09-10] CHR Extension: (Google Search) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23] CHR Extension: (High Contrast) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-11-20] CHR Extension: (AHA Music - Song Finder for Browser) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpacanjfikmhoddligfbehkpomnbgblf [2020-06-07] CHR Extension: (Adobe Acrobat) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-16] CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2020-10-15] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2020-10-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30] CHR Extension: (Gmail) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-12] CHR Profile: C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-10-29] CHR StartupUrls: Profile 1 -> "hxxps://uk.yahoo.com/?fr=fpc-comodo&type=19_25050030006_63.0.3239.108_u_hp_sp" CHR DefaultSearchURL: Profile 1 -> hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030006_63.0.3239.108_u_ds_sp&p={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> yahoo.com CHR Extension: (Google Slides) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-28] CHR Extension: (Google Docs) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-28] CHR Extension: (Google Drive) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28] CHR Extension: (Rapport) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-07-28] CHR Extension: (YouTube) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28] CHR Extension: (Google Sheets) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-28] CHR Extension: (Google Docs Offline) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-28] CHR Extension: (Gmail) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28] CHR Extension: (Chrome Media Router) - C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28] CHR Profile: C:\Users\Rysiu\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-29] CHR HKU\S-1-5-21-1623833313-998961705-177475952-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2020-09-22] () [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-05-04] (BattlEye Innovations e.K. -> ) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-10-31] (SurfRight B.V. -> SurfRight B.V.) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199544 2018-01-17] (Comodo Security Solutions, Inc. -> COMODO) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-10-29] (Malwarebytes Inc -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2520376 2020-10-24] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474240 2020-10-24] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-17] (Even Balance, Inc. -> ) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies Inc. -> VIA Technologies, Inc.) R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1978584 2014-08-13] (VMware, Inc. -> VMware, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare) R2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe [120096 2018-01-16] (Wondershare Technology Co.,Ltd -> Wondershare) R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-08-29] (VMware, Inc. -> VMware, Inc.) S3 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] (ASUSTeK Computer Inc. -> ) R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [130536 2011-11-03] (MCCI Internal Testing Software -> ASMedia Technology Inc) R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [395752 2011-11-03] (MCCI Internal Testing Software -> ASMedia Technology Inc) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [120416 2017-03-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-23] (Enigma Software Group USA, LLC -> ) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-10-29] (Malwarebytes Corporation -> Malwarebytes) R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [57728 2020-11-01] (SurfRight B.V. -> ) R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [66336 2019-05-10] (Martin Malik - REALiX -> REALiX(tm)) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50576 2018-01-17] (Comodo Security Solutions, Inc. -> COMODO) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74936 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-10-29] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [121968 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 MpKsl9e10254c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41CBFEE5-CAEF-469B-B9C5-303F849C6FE6}\MpKslDrv.sys [47336 2020-11-01] (Microsoft Windows -> Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] (ASUSTeK Computer Inc. -> ) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-02-04] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [213088 2017-03-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr)) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 GPU-Z; \??\C:\Users\Rysiu\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMUdisk64.sys [X] S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\TS888x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-01 01:34 - 2020-11-01 01:40 - 000029133 _____ C:\Users\Rysiu\Downloads\FRST.txt 2020-11-01 01:31 - 2020-11-01 01:37 - 000000000 ____D C:\FRST 2020-11-01 01:31 - 2020-11-01 01:31 - 002299904 _____ (Farbar) C:\Users\Rysiu\Downloads\FRST64.exe 2020-11-01 01:29 - 2020-11-01 01:29 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-11-01 01:29 - 2020-11-01 01:29 - 000074936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-11-01 01:28 - 2020-11-01 01:28 - 000121968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-11-01 01:21 - 2020-11-01 01:22 - 008447152 _____ (Malwarebytes) C:\Users\Rysiu\Downloads\adwcleaner_8.0.8 (1).exe 2020-11-01 00:48 - 2020-11-01 00:48 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-10-31 19:05 - 2020-11-01 01:26 - 000003100 _____ C:\Windows\system32\Tasks\AMDLinkUpdate 2020-10-31 18:44 - 2020-10-31 18:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-10-31 17:50 - 2019-02-16 05:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2020-10-31 17:50 - 2019-02-16 05:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2020-10-31 17:49 - 2017-11-17 04:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2020-10-31 17:49 - 2017-11-15 01:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2020-10-31 17:49 - 2017-11-15 00:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2020-10-31 17:49 - 2017-11-14 03:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2020-10-31 17:49 - 2017-11-14 03:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2020-10-31 17:49 - 2017-11-14 03:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2020-10-31 17:49 - 2017-11-14 03:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2020-10-31 17:49 - 2017-11-14 03:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2020-10-31 17:49 - 2017-11-14 03:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2020-10-31 17:49 - 2017-11-14 03:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2020-10-31 17:49 - 2017-11-14 03:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2020-10-31 17:49 - 2017-11-14 03:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2020-10-31 17:49 - 2017-11-14 03:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2020-10-31 17:49 - 2017-11-14 03:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2020-10-31 17:49 - 2017-11-14 03:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2020-10-31 17:49 - 2017-11-14 03:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2020-10-31 17:49 - 2017-11-14 03:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2020-10-31 17:49 - 2017-11-14 03:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2020-10-31 17:49 - 2017-11-14 03:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2020-10-31 17:49 - 2017-11-14 03:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2020-10-31 17:49 - 2017-11-14 03:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2020-10-31 17:49 - 2017-11-14 03:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2020-10-31 17:49 - 2017-11-14 03:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2020-10-31 17:49 - 2017-11-14 03:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2020-10-31 17:49 - 2017-11-14 03:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2020-10-31 17:49 - 2017-11-14 03:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2020-10-31 17:49 - 2017-11-14 03:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2020-10-31 17:49 - 2017-11-14 03:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2020-10-31 17:49 - 2017-11-14 02:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2020-10-31 17:49 - 2017-11-14 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2020-10-31 17:49 - 2017-11-14 02:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2020-10-31 17:49 - 2017-11-14 02:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2020-10-31 17:49 - 2017-11-14 02:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2020-10-31 17:49 - 2017-11-14 02:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2020-10-31 17:49 - 2017-11-14 02:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2020-10-31 17:49 - 2017-11-14 02:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2020-10-31 17:49 - 2017-11-14 02:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2020-10-31 17:49 - 2017-11-14 02:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2020-10-31 17:49 - 2017-11-14 01:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2020-10-31 17:49 - 2017-11-14 01:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2020-10-31 17:49 - 2017-11-14 01:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2020-10-31 17:49 - 2017-11-14 01:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2020-10-31 17:49 - 2017-11-14 01:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2020-10-31 17:49 - 2017-11-14 00:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2020-10-31 17:49 - 2017-11-14 00:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2020-10-31 17:49 - 2017-11-07 20:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2020-10-31 17:49 - 2017-11-07 20:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2020-10-31 17:49 - 2017-11-07 20:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2020-10-31 17:49 - 2017-11-07 20:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2020-10-31 17:49 - 2017-11-07 20:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2020-10-31 17:49 - 2017-11-07 20:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2020-10-31 17:49 - 2017-11-07 20:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2020-10-31 17:49 - 2017-11-07 20:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2020-10-31 17:49 - 2017-11-07 20:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2020-10-31 17:49 - 2017-11-07 20:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2020-10-31 17:49 - 2017-11-07 20:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2020-10-31 17:49 - 2017-11-07 20:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2020-10-31 17:49 - 2017-11-07 20:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2020-10-31 17:49 - 2017-11-07 20:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2020-10-31 17:49 - 2017-11-07 20:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2020-10-31 17:49 - 2017-11-07 20:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2020-10-31 17:49 - 2017-11-07 20:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2020-10-31 17:49 - 2017-11-07 20:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2020-10-31 17:49 - 2017-11-07 20:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2020-10-31 17:49 - 2017-11-07 20:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2020-10-31 17:49 - 2017-11-07 20:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2020-10-31 17:49 - 2017-11-07 20:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2020-10-31 17:49 - 2017-11-07 20:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2020-10-31 17:49 - 2017-11-07 19:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2020-10-31 17:49 - 2017-11-07 16:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2020-10-31 17:49 - 2017-11-07 16:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2020-10-31 17:49 - 2017-11-04 15:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll 2020-10-31 17:49 - 2017-11-04 15:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll 2020-10-31 17:49 - 2017-11-04 15:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll 2020-10-31 17:49 - 2017-11-04 15:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll 2020-10-31 17:49 - 2017-11-02 16:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2020-10-31 17:49 - 2017-11-02 16:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll 2020-10-31 17:49 - 2017-11-02 16:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll 2020-10-31 17:49 - 2017-11-02 16:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll 2020-10-31 17:49 - 2017-11-02 15:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll 2020-10-31 17:49 - 2017-11-02 15:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll 2020-10-31 17:49 - 2017-11-02 15:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll 2020-10-31 17:49 - 2017-11-02 14:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll 2020-10-31 17:49 - 2017-10-18 02:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2020-10-31 17:49 - 2017-10-18 02:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2020-10-31 17:49 - 2017-10-18 02:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2020-10-31 17:49 - 2017-10-18 02:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2020-10-31 17:49 - 2017-10-18 02:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2020-10-31 17:49 - 2017-10-18 02:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2020-10-31 17:49 - 2017-10-18 02:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2020-10-31 17:49 - 2017-10-16 23:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2020-10-31 17:49 - 2017-10-16 23:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2020-10-31 17:49 - 2017-10-16 22:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2020-10-31 17:49 - 2017-10-16 21:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2020-10-31 17:49 - 2017-10-12 00:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2020-10-31 17:49 - 2017-10-12 00:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2020-10-31 17:49 - 2017-10-12 00:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2020-10-31 17:49 - 2017-10-12 00:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2020-10-31 17:49 - 2017-10-12 00:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2020-10-31 17:49 - 2017-10-12 00:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2020-10-31 17:49 - 2017-10-12 00:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2020-10-31 17:49 - 2017-10-12 00:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2020-10-31 17:49 - 2017-10-12 00:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2020-10-31 17:49 - 2017-10-12 00:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2020-10-31 17:49 - 2017-10-12 00:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2020-10-31 17:49 - 2017-10-12 00:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2020-10-31 17:49 - 2017-10-12 00:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2020-10-31 17:49 - 2017-10-12 00:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2020-10-31 17:49 - 2017-10-12 00:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2020-10-31 17:49 - 2017-10-12 00:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2020-10-31 17:49 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2020-10-31 17:49 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2020-10-31 17:49 - 2017-10-12 00:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2020-10-31 17:49 - 2017-10-12 00:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2020-10-31 17:49 - 2017-10-12 00:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2020-10-31 17:49 - 2017-09-13 15:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2020-10-31 17:49 - 2017-09-13 15:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2020-10-31 17:49 - 2017-09-13 15:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2020-10-31 17:49 - 2017-09-13 15:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2020-10-31 17:49 - 2017-09-13 15:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2020-10-31 17:49 - 2017-09-13 15:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2020-10-31 17:49 - 2017-09-13 15:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2020-10-31 17:49 - 2017-09-13 15:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2020-10-31 17:49 - 2017-09-13 15:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2020-10-31 17:49 - 2017-09-13 15:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 15:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2020-10-31 17:49 - 2017-09-13 15:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2020-10-31 17:49 - 2017-09-13 15:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2020-10-31 17:49 - 2017-09-13 15:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2020-10-31 17:49 - 2017-09-13 15:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2020-10-31 17:49 - 2017-09-13 14:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2020-10-31 17:49 - 2017-09-13 14:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2020-10-31 17:49 - 2017-09-13 14:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2020-10-31 17:49 - 2017-09-13 14:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2020-10-31 17:49 - 2017-09-13 14:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2020-10-31 17:49 - 2017-09-13 14:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2020-10-31 17:49 - 2017-09-13 14:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2020-10-31 17:49 - 2017-09-13 14:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2020-10-31 17:49 - 2017-09-13 14:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2020-10-31 17:49 - 2017-09-13 14:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2020-10-31 17:49 - 2017-09-13 14:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2020-10-31 17:49 - 2017-09-13 14:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2020-10-31 17:49 - 2017-09-13 14:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 14:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 14:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 14:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2020-10-31 17:49 - 2017-09-13 14:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2020-10-31 17:49 - 2017-09-08 15:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2020-10-31 17:49 - 2017-09-08 15:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2020-10-31 17:49 - 2017-09-08 14:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2020-10-31 17:49 - 2017-09-08 14:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2020-10-31 17:49 - 2017-09-07 15:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2020-10-31 17:49 - 2017-09-07 15:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2020-10-31 17:49 - 2017-09-07 14:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2020-10-31 17:49 - 2017-09-07 14:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2020-10-31 17:49 - 2017-09-07 14:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2020-10-31 17:49 - 2017-09-07 13:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2020-10-31 17:49 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2020-10-31 17:49 - 2017-08-19 15:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2020-10-31 17:49 - 2017-08-19 15:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2020-10-31 17:49 - 2017-08-19 15:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2020-10-31 17:49 - 2017-08-19 15:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2020-10-31 17:49 - 2017-08-19 15:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2020-10-31 17:49 - 2017-08-19 15:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2020-10-31 17:49 - 2017-08-19 15:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2020-10-31 17:49 - 2017-08-19 15:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2020-10-31 17:49 - 2017-08-19 15:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2020-10-31 17:49 - 2017-08-19 15:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2020-10-31 17:49 - 2017-08-19 14:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2020-10-31 17:49 - 2017-08-19 14:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2020-10-31 17:49 - 2017-08-16 15:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2020-10-31 17:49 - 2017-08-16 15:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2020-10-31 17:49 - 2017-08-15 15:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2020-10-31 17:49 - 2017-08-15 15:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2020-10-31 17:49 - 2017-08-15 15:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2020-10-31 17:49 - 2017-08-15 15:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll 2020-10-31 17:49 - 2017-08-14 17:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2020-10-31 17:49 - 2017-08-14 17:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll 2020-10-31 17:49 - 2017-08-13 21:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2020-10-31 17:49 - 2017-08-13 21:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe 2020-10-31 17:49 - 2017-08-13 21:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe 2020-10-31 17:49 - 2017-08-11 06:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll 2020-10-31 17:49 - 2017-08-11 06:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll 2020-10-31 17:49 - 2017-08-11 06:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2020-10-31 17:49 - 2017-08-11 06:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll 2020-10-31 17:49 - 2017-08-11 06:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll 2020-10-31 17:49 - 2017-08-11 06:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll 2020-10-31 17:49 - 2017-08-11 06:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe 2020-10-31 17:49 - 2017-08-11 06:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe 2020-10-31 17:49 - 2017-08-11 06:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2020-10-31 17:49 - 2017-08-11 06:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2020-10-31 17:49 - 2017-08-11 06:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2020-10-31 17:49 - 2017-08-11 06:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2020-10-31 17:49 - 2017-08-11 06:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll 2020-10-31 17:49 - 2017-08-11 06:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll 2020-10-31 17:49 - 2017-08-11 06:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll 2020-10-31 17:49 - 2017-08-11 06:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2020-10-31 17:49 - 2017-08-11 06:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe 2020-10-31 17:49 - 2017-08-11 06:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe 2020-10-31 17:49 - 2017-08-11 06:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll 2020-10-31 17:49 - 2017-08-11 06:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2020-10-31 17:49 - 2017-08-11 05:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys 2020-10-31 17:49 - 2017-07-29 14:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2020-10-31 17:49 - 2017-07-21 14:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll 2020-10-31 17:49 - 2017-07-21 14:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll 2020-10-31 17:49 - 2017-07-21 14:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll 2020-10-31 17:49 - 2017-07-21 14:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll 2020-10-31 17:49 - 2017-07-14 15:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2020-10-31 17:49 - 2017-07-14 15:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2020-10-31 17:49 - 2017-07-14 15:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2020-10-31 17:49 - 2017-07-14 14:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2020-10-31 17:49 - 2017-07-14 14:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2020-10-31 17:49 - 2017-07-14 14:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2020-10-31 17:49 - 2017-07-08 15:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2020-10-31 17:49 - 2017-07-07 15:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys 2020-10-31 17:49 - 2017-07-07 15:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll 2020-10-31 17:49 - 2017-07-07 15:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll 2020-10-31 17:49 - 2017-07-01 13:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll 2020-10-31 17:49 - 2017-06-15 20:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2020-10-31 17:49 - 2017-06-12 22:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2020-10-31 17:49 - 2017-06-12 22:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll 2020-10-31 17:49 - 2017-06-12 22:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx 2020-10-31 17:49 - 2017-06-12 22:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll 2020-10-31 17:49 - 2017-06-12 22:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2020-10-31 17:49 - 2017-06-12 22:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll 2020-10-31 17:49 - 2017-06-12 22:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx 2020-10-31 17:49 - 2017-06-12 22:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll 2020-10-31 17:49 - 2017-06-12 22:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2020-10-31 17:49 - 2017-06-12 22:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe 2020-10-31 17:49 - 2017-06-12 22:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe 2020-10-31 17:49 - 2017-06-12 22:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe 2020-10-31 17:49 - 2017-06-12 22:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe 2020-10-31 17:49 - 2017-06-12 22:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe 2020-10-31 17:49 - 2017-06-02 08:10 - 000733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2020-10-31 17:49 - 2017-05-30 04:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2020-10-31 17:49 - 2017-05-30 04:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2020-10-31 17:49 - 2017-05-30 04:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2020-10-31 17:49 - 2017-05-16 15:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2020-10-31 17:49 - 2017-05-16 15:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2020-10-31 17:49 - 2017-05-16 15:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2020-10-31 17:49 - 2017-05-12 16:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2020-10-31 17:49 - 2017-05-12 15:58 - 001648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2020-10-31 17:49 - 2017-05-12 15:58 - 001180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2020-10-31 17:49 - 2017-05-10 15:33 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe 2020-10-31 17:49 - 2017-05-10 15:29 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2020-10-31 17:49 - 2017-05-10 15:29 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2020-10-31 17:49 - 2017-05-10 15:29 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2020-10-31 17:49 - 2017-05-10 15:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2020-10-31 17:49 - 2017-05-10 15:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe 2020-10-31 17:49 - 2017-05-10 15:14 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2020-10-31 17:49 - 2017-05-10 15:13 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2020-10-31 17:49 - 2017-05-10 15:13 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2020-10-31 17:49 - 2017-05-10 15:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2020-10-31 17:49 - 2017-05-10 15:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2020-10-31 17:49 - 2017-05-10 15:13 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2020-10-31 17:49 - 2017-05-10 15:13 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2020-10-31 17:49 - 2017-05-10 15:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2020-10-31 17:49 - 2017-05-10 15:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2020-10-31 17:49 - 2017-05-10 15:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2020-10-31 17:49 - 2017-05-10 15:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2020-10-31 17:49 - 2017-05-10 15:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2020-10-31 17:49 - 2017-05-07 15:33 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2020-10-31 17:49 - 2017-05-07 15:29 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2020-10-31 17:49 - 2017-04-21 15:34 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2020-10-31 17:49 - 2017-04-21 15:15 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2020-10-31 17:49 - 2017-04-17 15:37 - 000876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2020-10-31 17:49 - 2017-04-17 15:12 - 000581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2020-10-31 17:49 - 2017-04-12 15:32 - 001483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2020-10-31 17:49 - 2017-04-12 15:32 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2020-10-31 17:49 - 2017-04-12 15:32 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2020-10-31 17:49 - 2017-04-12 15:32 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2020-10-31 17:49 - 2017-04-12 15:26 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2020-10-31 17:49 - 2017-04-12 15:25 - 001176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2020-10-31 17:49 - 2017-04-12 15:25 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2020-10-31 17:49 - 2017-04-12 15:25 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2020-10-31 17:49 - 2017-04-04 14:53 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2020-10-31 17:49 - 2017-03-30 15:03 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe 2020-10-31 17:49 - 2017-03-30 14:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe 2020-10-31 17:49 - 2017-03-10 16:32 - 001389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll 2020-10-31 17:49 - 2017-03-10 16:32 - 000300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2020-10-31 17:49 - 2017-03-10 16:20 - 001508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll 2020-10-31 17:49 - 2017-03-10 16:20 - 000237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll 2020-10-31 17:49 - 2017-03-10 15:57 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe 2020-10-31 17:49 - 2017-03-10 15:55 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2020-10-31 17:49 - 2017-03-10 15:55 - 000195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys 2020-10-31 17:49 - 2017-03-07 16:30 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2020-10-31 17:49 - 2017-03-07 16:17 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2020-10-31 17:49 - 2017-03-04 01:27 - 001574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2020-10-31 17:49 - 2017-03-04 01:27 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll 2020-10-31 17:49 - 2017-03-04 01:14 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2020-10-31 17:49 - 2017-03-04 01:14 - 000077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll 2020-10-31 17:49 - 2017-02-09 16:32 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2020-10-31 17:49 - 2017-02-09 16:32 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2020-10-31 17:49 - 2017-02-09 16:32 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll 2020-10-31 17:49 - 2017-02-09 16:31 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2020-10-31 17:49 - 2017-02-09 16:31 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll 2020-10-31 17:49 - 2017-02-09 16:14 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll 2020-10-31 17:49 - 2017-02-09 16:14 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll 2020-10-31 17:49 - 2017-02-09 16:14 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2020-10-31 17:49 - 2017-02-09 15:51 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll 2020-10-31 17:49 - 2017-01-13 18:00 - 000976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2020-10-31 17:49 - 2017-01-13 18:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2020-10-31 17:49 - 2017-01-13 17:45 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2020-10-31 17:49 - 2017-01-13 17:45 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2020-10-31 17:49 - 2017-01-11 18:01 - 001887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2020-10-31 17:49 - 2017-01-11 18:01 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2020-10-31 17:49 - 2017-01-11 17:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2020-10-31 17:49 - 2017-01-11 17:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2020-10-31 17:49 - 2016-11-21 18:12 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2020-10-31 17:49 - 2016-11-20 16:19 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2020-10-31 17:49 - 2016-11-20 14:07 - 000467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2020-10-31 17:49 - 2016-11-10 16:32 - 001009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2020-10-31 17:49 - 2016-11-10 16:19 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2020-10-31 17:49 - 2016-11-09 16:41 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2020-10-31 17:49 - 2016-11-09 16:33 - 003244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2020-10-31 17:49 - 2016-11-09 16:33 - 001941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2020-10-31 17:49 - 2016-11-09 16:33 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2020-10-31 17:49 - 2016-11-09 16:33 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2020-10-31 17:49 - 2016-11-09 16:33 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2020-10-31 17:49 - 2016-11-09 16:17 - 002365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2020-10-31 17:49 - 2016-11-09 16:17 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2020-10-31 17:49 - 2016-11-09 16:17 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2020-10-31 17:49 - 2016-11-09 16:17 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2020-10-31 17:49 - 2016-11-09 16:02 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2020-10-31 17:49 - 2016-11-09 15:55 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2020-10-31 17:49 - 2016-10-11 15:32 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2020-10-31 17:49 - 2016-10-11 15:31 - 001148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2020-10-31 17:49 - 2016-10-11 15:31 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2020-10-31 17:49 - 2016-10-11 15:31 - 000457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2020-10-31 17:49 - 2016-10-11 15:31 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2020-10-31 17:49 - 2016-10-11 15:31 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:31 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2020-10-31 17:49 - 2016-10-11 15:31 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:31 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2020-10-31 17:49 - 2016-10-11 15:31 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:31 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2020-10-31 17:49 - 2016-10-11 15:31 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 001027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2020-10-31 17:49 - 2016-10-11 15:18 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2020-10-31 17:49 - 2016-10-11 15:18 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2020-10-31 17:49 - 2016-10-11 15:18 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2020-10-31 17:49 - 2016-10-11 15:18 - 000069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2020-10-31 17:49 - 2016-10-11 14:55 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe 2020-10-31 17:49 - 2016-10-11 13:33 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2020-10-31 17:49 - 2016-10-11 13:18 - 000419648 _____ C:\Windows\SysWOW64\locale.nls 2020-10-31 17:49 - 2016-10-11 13:17 - 000419648 _____ C:\Windows\system32\locale.nls 2020-10-31 17:49 - 2016-10-11 13:06 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2020-10-31 17:49 - 2016-10-08 13:06 - 000633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2020-10-31 17:49 - 2016-10-07 15:32 - 003649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2020-10-31 17:49 - 2016-10-07 15:12 - 002291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2020-10-31 17:49 - 2016-10-05 14:54 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2020-10-31 17:49 - 2016-09-15 14:56 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2020-10-31 17:49 - 2016-09-12 21:08 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2020-10-31 17:49 - 2016-09-12 20:49 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2020-10-31 17:49 - 2016-09-08 20:34 - 000263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2020-10-31 17:49 - 2016-09-08 20:34 - 000208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2020-10-31 17:49 - 2016-09-08 20:34 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2020-10-31 17:49 - 2016-09-08 20:34 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2020-10-31 17:49 - 2016-09-08 14:55 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2020-10-31 17:49 - 2016-09-08 14:55 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2020-10-31 17:49 - 2016-08-22 16:19 - 001386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2020-10-31 17:49 - 2016-08-12 16:26 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2020-10-31 17:49 - 2016-08-06 15:31 - 002023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2020-10-31 17:49 - 2016-08-06 15:31 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2020-10-31 17:49 - 2016-08-06 15:31 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2020-10-31 17:49 - 2016-08-06 15:31 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2020-10-31 17:49 - 2016-08-06 15:31 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2020-10-31 17:49 - 2016-08-06 15:31 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2020-10-31 17:49 - 2016-08-06 15:15 - 001178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2020-10-31 17:49 - 2016-08-06 15:15 - 000249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2020-10-31 17:49 - 2016-08-06 15:15 - 000214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2020-10-31 17:49 - 2016-08-06 15:15 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2020-10-31 17:49 - 2016-08-06 15:15 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2020-10-31 17:49 - 2016-08-06 15:01 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2020-10-31 17:49 - 2016-08-06 15:01 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2020-10-31 17:49 - 2016-08-06 14:53 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2020-10-31 17:49 - 2016-08-06 14:53 - 000012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2020-10-31 17:49 - 2016-08-06 14:53 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2020-10-31 17:49 - 2016-06-14 17:16 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2020-10-31 17:49 - 2016-06-14 17:11 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2020-10-31 17:49 - 2016-06-14 15:21 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2020-10-31 17:49 - 2016-06-14 15:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2020-10-31 17:49 - 2016-06-14 15:15 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2020-10-31 17:49 - 2016-06-14 15:00 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2020-10-31 17:49 - 2016-06-14 15:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2020-10-31 17:47 - 2016-08-29 15:04 - 003229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2020-10-31 17:47 - 2016-08-29 14:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2020-10-31 17:47 - 2016-05-12 15:18 - 000090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2020-10-31 17:02 - 2020-10-31 17:02 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2020-10-31 17:02 - 2020-10-31 17:02 - 000001945 _____ C:\Windows\epplauncher.mif 2020-10-31 17:02 - 2020-10-31 17:02 - 000000000 ____D C:\Program Files\Microsoft Security Client 2020-10-31 17:02 - 2020-10-31 17:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client 2020-10-31 17:01 - 2020-10-31 17:01 - 015065792 _____ (Microsoft Corporation) C:\Users\Rysiu\Downloads\MSEInstall (1).exe 2020-10-31 17:01 - 2020-10-31 17:01 - 012231000 _____ (Microsoft Corporation) C:\Users\Rysiu\Downloads\MSEInstall.exe 2020-10-31 15:45 - 2020-10-31 19:21 - 000000000 ____D C:\Users\Rysiu\Downloads\Knives Out (2019) [1080p] [WEBRip] [5.1] [YTS.MX] 2020-10-31 15:43 - 2020-10-31 15:43 - 000000850 _____ C:\Users\Rysiu\Desktop\µTorrent.lnk 2020-10-31 15:02 - 2020-10-31 15:02 - 000001054 _____ C:\Windows\system32\.crusader 2020-10-31 13:51 - 2020-10-31 13:58 - 000000000 ____D C:\AdwCleaner 2020-10-31 13:50 - 2020-10-31 13:50 - 008447152 _____ (Malwarebytes) C:\Users\Rysiu\Downloads\adwcleaner_8.0.8.exe 2020-10-31 13:49 - 2020-10-31 13:49 - 008447152 _____ (Malwarebytes) C:\Users\Rysiu\Desktop\AdwCleaner.exe 2020-10-31 03:34 - 2020-10-31 15:05 - 000000000 ____D C:\Users\Rysiu\AppData\Local\CrashDumps 2020-10-31 03:15 - 2020-10-31 03:15 - 011431000 _____ (SurfRight B.V.) C:\Users\Rysiu\Downloads\HitmanPro_x64 (1).exe 2020-10-31 03:15 - 2020-10-31 03:15 - 000001853 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2020-10-31 03:15 - 2020-10-31 03:15 - 000001853 _____ C:\ProgramData\Desktop\HitmanPro.lnk 2020-10-31 03:15 - 2020-10-31 03:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2020-10-31 03:15 - 2020-10-31 03:15 - 000000000 ____D C:\Program Files\HitmanPro 2020-10-31 01:29 - 2020-10-31 01:29 - 000000000 ____D C:\SUPERDelete 2020-10-31 01:28 - 2020-10-31 01:28 - 000000000 ____D C:\Users\Rysiu\AppData\Roaming\SUPERAntiSpyware.com 2020-10-31 01:27 - 2020-10-31 01:28 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2020-10-31 01:27 - 2020-10-31 01:27 - 000001768 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2020-10-31 01:27 - 2020-10-31 01:27 - 000001768 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk 2020-10-31 01:27 - 2020-10-31 01:27 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2020-10-31 01:27 - 2020-10-31 01:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2020-10-31 01:26 - 2020-10-31 01:27 - 158885936 _____ (SUPERAntiSpyware) C:\Users\Rysiu\Downloads\SUPERAntiSpyware.exe 2020-10-31 00:14 - 2020-10-31 00:35 - 000000000 ____D C:\ProgramData\HitmanPro 2020-10-31 00:14 - 2020-10-31 00:14 - 011431000 _____ (SurfRight B.V.) C:\Users\Rysiu\Downloads\HitmanPro_x64.exe 2020-10-31 00:11 - 2020-10-31 00:13 - 000197606 _____ C:\TDSSKiller.3.1.0.28_31.10.2020_00.11.27_log.txt 2020-10-31 00:11 - 2020-10-31 00:11 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Rysiu\Downloads\tdsskiller.exe 2020-10-30 14:03 - 2020-11-01 01:09 - 000000000 ____D C:\Users\Rysiu\AppData\LocalLow\IGDump 2020-10-29 23:52 - 2020-10-29 23:52 - 000000000 ____D C:\Windows\system32\Tasks\Avira 2020-10-29 22:50 - 2020-10-29 22:50 - 000000000 ____D C:\Users\Public\Security Sessions 2020-10-29 22:47 - 2020-10-29 22:47 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2020-10-29 22:43 - 2020-10-29 22:50 - 000000000 ____D C:\Users\Rysiu\AppData\Local\Avira 2020-10-29 22:42 - 2020-10-30 13:55 - 000000000 ____D C:\Program Files (x86)\Avira 2020-10-29 22:42 - 2020-10-29 23:53 - 000000000 ____D C:\ProgramData\Avira 2020-10-29 22:40 - 2020-10-29 22:40 - 004522088 _____ (Avira Operations GmbH & Co. KG) C:\Users\Rysiu\Downloads\avira_en_sptl1_1623021377-1604011237__featurews-spotlight-release.exe 2020-10-29 22:22 - 2020-10-29 22:22 - 000000000 ____D C:\Users\Rysiu\AppData\Local\mbam 2020-10-29 22:21 - 2020-10-29 22:21 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-10-29 22:19 - 2020-10-29 22:19 - 002062144 _____ (Malwarebytes) C:\Users\Rysiu\Downloads\MBSetup-092170.092170-consumer.exe 2020-10-29 20:32 - 2020-10-29 20:32 - 000000000 ___HD C:\$AV_ASW 2020-10-29 17:39 - 2020-10-29 17:39 - 000232168 _____ (AVAST Software) C:\Users\Rysiu\Downloads\avast_free_antivirus_setup_online.exe 2020-10-29 01:36 - 2020-10-29 01:36 - 000000000 ____D C:\Users\Rysiu\Downloads\The Lord of the Rings The Fellowship of the Ring EXTENDED (2001) 2020-10-27 13:57 - 2020-10-27 14:01 - 2705795796 _____ C:\Users\Rysiu\Downloads\22m_1603793118_8645.mp4 2020-10-26 13:30 - 2020-10-31 19:01 - 000437736 _____ C:\Windows\system32\FNTCACHE.DAT 2020-10-25 19:01 - 2020-10-25 19:01 - 000042896 _____ C:\Users\Rysiu\Downloads\green-book-2018-english-yify-21414.zip 2020-10-25 18:40 - 2020-10-25 19:29 - 000000000 ____D C:\Users\Rysiu\Downloads\Green Book (2018) [WEBRip] [1080p] [YTS.AM] 2020-10-25 00:13 - 2020-10-25 00:13 - 019463448 _____ (Microsoft Corporation) C:\Users\Rysiu\Downloads\MediaCreationTool20H2.exe 2020-10-24 23:12 - 2020-10-24 23:13 - 000000000 ____D C:\Users\Rysiu\AppData\Roaming\ProcessLasso 2020-10-24 23:12 - 2020-10-24 23:12 - 002453384 _____ (Bitsum LLC) C:\Users\Rysiu\Downloads\processlassosetup64.exe 2020-10-24 21:38 - 2020-10-24 21:38 - 052783176 _____ C:\Users\Rysiu\Downloads\[Guru3D.com]-MSIAfterburnerSetup463Beta2Build15840.zip 2020-10-24 21:09 - 2020-10-24 21:09 - 000000000 ____D C:\Users\Rysiu\vulkan-sdk 2020-10-24 21:09 - 2020-10-24 21:09 - 000000000 ____D C:\Users\Rysiu\AppData\Local\LunarG 2020-10-24 13:30 - 2020-10-24 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan SDK 1.2.154.1 2020-10-24 13:29 - 2020-10-24 13:29 - 000000000 ____D C:\VulkanSDK 2020-10-23 20:28 - 2020-10-23 20:31 - 270211496 _____ C:\Users\Rysiu\Downloads\VulkanSDK-1.2.154.1-Installer.exe 2020-10-23 16:36 - 2020-10-23 16:36 - 009968600 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Rysiu\Downloads\GPU-Z.2.35.0.exe 2020-10-23 16:34 - 2020-10-23 16:34 - 005190744 _____ (Husdawg, LLC) C:\Users\Rysiu\Downloads\Detection (4).exe 2020-10-23 16:32 - 2020-10-23 16:32 - 000106496 _____ (PCGameBenchmark) C:\Users\Rysiu\Downloads\PCGameBenchmark_Detector (7).exe 2020-10-23 16:04 - 2020-10-24 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software 2020-10-23 15:37 - 2020-10-23 15:39 - 632089432 _____ (AMD Inc.) C:\Users\Rysiu\Downloads\win7-radeon-software-adrenalin-2020-edition-20.9.2-sep29.exe 2020-10-17 19:58 - 2020-10-17 19:58 - 000000000 ____D C:\Users\Rysiu\Downloads\John Wick Chapter 3 - Parabellum (2019) [WEBRip] [1080p] [YTS.LT] 2020-10-16 16:25 - 2020-10-16 16:26 - 261102787 _____ C:\Users\Rysiu\Downloads\EP.1.360p (1).mp4 2020-10-11 20:37 - 2020-04-30 17:18 - 000062626 _____ C:\Users\Rysiu\Downloads\Extraction.2020.720p.BluRay.x264.[YTS.MX]-English.srt 2020-10-11 20:36 - 2020-10-11 20:36 - 000022892 _____ C:\Users\Rysiu\Downloads\extraction-2020-english-yify-241669.zip 2020-10-11 16:17 - 2020-10-11 16:17 - 000000796 _____ C:\Users\Public\Desktop\Speccy.lnk 2020-10-11 16:17 - 2020-10-11 16:17 - 000000796 _____ C:\ProgramData\Desktop\Speccy.lnk 2020-10-11 16:17 - 2020-10-11 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2020-10-11 16:17 - 2020-10-11 16:17 - 000000000 ____D C:\Program Files\Speccy 2020-10-11 16:16 - 2020-10-11 16:16 - 008234296 _____ (Piriform Software Ltd) C:\Users\Rysiu\Downloads\spsetup132.exe 2020-10-07 23:07 - 2020-10-07 23:08 - 015276051 _____ C:\Users\Rysiu\Downloads\pK0WE9aXDaZO9OkH.mp4 2020-10-06 16:02 - 2020-10-08 16:59 - 000000000 ____D C:\Users\Rysiu\Downloads\Pirates Of The Caribbean Dead Men Tell No Tales (2017) [1080p] [YTS.AG] 2020-10-04 15:19 - 2020-10-10 18:32 - 000000000 ____D C:\Users\Rysiu\Downloads\Ebay GPU 2020-10-04 01:20 - 2020-10-04 01:20 - 000000000 ____D C:\Users\Rysiu\Downloads\Pirates of the Caribbean - On Stranger Tides (2011) [1080p] 2020-10-02 21:43 - 2020-10-02 21:45 - 000000000 ____D C:\Users\Rysiu\Downloads\Extraction.2020.HDRip.XviD.AC3-EVO[TGx] 2020-10-02 01:12 - 2020-10-02 01:16 - 000000000 ____D C:\Users\Rysiu\Downloads\Pirates of the Caribbean - At Worlds End (2007) [1080p] ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-01 01:35 - 2009-07-14 04:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-11-01 01:35 - 2009-07-14 04:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-11-01 01:26 - 2020-01-11 03:31 - 000003110 _____ C:\Windows\system32\Tasks\AMDInstallLauncher 2020-11-01 01:26 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-11-01 01:25 - 2014-01-13 08:42 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2020-11-01 00:36 - 2015-07-26 23:47 - 000000000 ____D C:\KMPlayer 2020-11-01 00:32 - 2014-01-14 16:09 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2020-11-01 00:15 - 2019-10-03 18:40 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0 2020-11-01 00:12 - 2019-10-03 18:40 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-11-01 00:12 - 2019-10-03 18:40 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-10-31 21:20 - 2014-01-14 18:27 - 000000000 ____D C:\Program Files (x86)\Steam 2020-10-31 20:05 - 2009-07-14 05:13 - 000820870 _____ C:\Windows\system32\PerfStringBackup.INI 2020-10-31 20:05 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf 2020-10-31 19:05 - 2018-04-18 11:57 - 000113912 _____ C:\Users\Rysiu\AppData\Local\GDIPFONTCACHEV1.DAT 2020-10-31 19:05 - 2009-07-14 05:09 - 000000000 ____D C:\Windows\system32\Tasks\WPD 2020-10-31 19:05 - 2009-07-14 04:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2020-10-31 18:56 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\DVD Maker 2020-10-31 18:56 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\Setup 2020-10-31 18:56 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\migwiz 2020-10-31 18:56 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\Dism 2020-10-31 18:55 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\Setup 2020-10-31 18:55 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\migwiz 2020-10-31 18:55 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\Dism 2020-10-31 18:55 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\PolicyDefinitions 2020-10-31 18:49 - 2014-08-18 00:19 - 000000000 ____D C:\Program Files\Microsoft Silverlight 2020-10-31 18:49 - 2014-08-18 00:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2020-10-31 18:47 - 2009-07-14 03:20 - 000000000 ____D C:\Program Files\Common Files\System 2020-10-31 18:47 - 2009-07-14 02:34 - 000000678 _____ C:\Windows\win.ini 2020-10-31 18:42 - 2009-07-14 03:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2020-10-31 18:34 - 2016-10-10 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2020-10-31 18:31 - 2013-05-02 12:43 - 000804736 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2020-10-31 18:23 - 2014-08-18 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2020-10-31 18:20 - 2014-01-08 12:56 - 000000000 ____D C:\Windows\system32\MRT 2020-10-31 18:12 - 2014-01-08 12:56 - 129170736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2020-10-31 17:51 - 2020-02-23 15:58 - 000000000 ____D C:\Users\Rysiu\Downloads\Profile Pictures 2020-10-31 17:48 - 2014-01-29 13:44 - 000000000 ____D C:\Users\Rysiu\AppData\Local\Paint.NET 2020-10-31 16:21 - 2016-12-03 23:52 - 000000000 ____D C:\Users\Rysiu\AppData\Roaming\uTorrent 2020-10-31 15:51 - 2019-04-02 14:47 - 000000000 ____D C:\Users\Rysiu\AppData\Local\BitTorrentHelper 2020-10-31 13:58 - 2014-01-14 15:26 - 000000000 ____D C:\Users\Rysiu 2020-10-31 13:07 - 2019-08-20 13:01 - 000000000 ____D C:\Users\Rysiu\Documents\Outlook Files 2020-10-31 02:00 - 2014-08-16 02:39 - 000000000 ____D C:\Users\Rysiu\AppData\Local\Adobe 2020-10-29 23:53 - 2014-01-08 11:37 - 000000000 ____D C:\ProgramData\Package Cache 2020-10-29 23:15 - 2019-02-11 17:59 - 000000000 ____D C:\ProgramData\AVAST Software 2020-10-29 23:12 - 2018-03-12 02:23 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update 2020-10-29 22:21 - 2018-05-07 14:09 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-10-29 22:21 - 2018-04-17 21:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-10-29 22:21 - 2018-04-17 21:22 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-10-29 22:20 - 2018-04-17 21:22 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-10-29 22:06 - 2010-11-21 03:27 - 000795000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2020-10-29 17:35 - 2014-11-23 11:58 - 000000000 ____D C:\Users\Rysiu\AppData\Roaming\VMware 2020-10-29 17:32 - 2019-06-15 16:54 - 000000000 ____D C:\Users\Rysiu\AppData\Roaming\TS3Client 2020-10-29 14:22 - 2015-04-17 11:07 - 000000000 ____D C:\Users\Rysiu\AppData\Local\cmsiex 2020-10-26 16:06 - 2020-01-11 03:30 - 000003126 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate 2020-10-26 16:06 - 2019-05-10 22:50 - 000003350 _____ C:\Windows\system32\Tasks\AMD ThankingURL 2020-10-26 16:06 - 2016-05-15 08:53 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2020-10-26 16:06 - 2014-01-14 16:21 - 000003230 _____ C:\Windows\system32\Tasks\SidebarExecute 2020-10-25 00:58 - 2018-04-27 18:00 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2020-10-24 22:43 - 2002-01-01 02:03 - 000000000 ____D C:\Windows\pss 2020-10-24 21:43 - 2020-04-17 22:06 - 000000000 ____D C:\Users\Rysiu\Downloads\wielka magia i miecz 2020-10-24 01:52 - 2020-07-09 19:53 - 000000000 ____D C:\Users\Rysiu\AppData\Roaming\Origin 2020-10-24 01:52 - 2020-07-09 19:53 - 000000000 ____D C:\ProgramData\Origin 2020-10-24 01:43 - 2020-01-11 03:36 - 000000000 ____D C:\Users\Rysiu\AppData\Local\AMD 2020-10-24 01:38 - 2020-07-09 19:54 - 000000000 ____D C:\Program Files (x86)\Origin Games 2020-10-24 01:38 - 2020-07-09 19:54 - 000000000 ____D C:\Program Files (x86)\Origin 2020-10-24 01:38 - 2020-07-09 19:53 - 000000000 ____D C:\Users\Rysiu\AppData\Local\Origin 2020-10-23 17:41 - 2009-07-14 05:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2020-10-23 16:31 - 2016-07-04 03:03 - 000000000 ____D C:\Users\Rysiu\AppData\Local\game-debate 2020-10-23 16:04 - 2014-01-08 14:54 - 000000000 ____D C:\Program Files\AMD 2020-10-23 16:03 - 2020-01-11 03:19 - 000003146 _____ C:\Windows\system32\Tasks\StartCN 2020-10-23 16:03 - 2020-01-11 03:18 - 000003066 _____ C:\Windows\system32\Tasks\StartDVR 2020-10-23 15:40 - 2018-04-27 16:52 - 000000000 ____D C:\AMD 2020-10-21 23:33 - 2020-08-20 00:18 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-10-21 23:33 - 2020-08-20 00:18 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-10-21 23:33 - 2020-08-20 00:18 - 000002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-10-19 13:00 - 2020-08-28 14:23 - 000000000 ____D C:\Users\Rysiu\Downloads\Ebay Glue Gun 2020-10-15 01:24 - 2020-08-20 00:17 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-10-15 01:23 - 2020-08-20 00:17 - 000003204 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-10-14 22:08 - 2015-01-12 18:16 - 000000000 ____D C:\Program Files (x86)\BD2Gold 2020-10-13 23:23 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\NDF 2020-10-13 21:56 - 2019-01-20 15:35 - 000004324 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater 2020-10-13 21:56 - 2016-10-29 01:58 - 000004448 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-10-13 21:56 - 2014-04-30 00:44 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2020-10-13 21:56 - 2014-04-30 00:44 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2020-10-13 21:56 - 2014-01-14 16:09 - 000000000 ____D C:\Windows\system32\Macromed 2020-10-13 20:56 - 2019-01-20 15:56 - 000004460 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-10-05 23:25 - 2019-11-04 17:29 - 000000221 _____ C:\Users\Rysiu\Documents\to watch.txt ==================== Files in the root of some directories ======== 2016-09-27 00:01 - 2016-09-27 00:01 - 005093585 _____ () C:\Program Files (x86)\100727_Fire_Aura.mp3 2016-04-15 21:25 - 2016-03-12 09:43 - 003895954 _____ () C:\Program Files (x86)\bandit_fight.mp3 2015-03-04 02:25 - 2013-08-28 23:06 - 016822028 _____ () C:\Program Files (x86)\Battle1.ogg 2014-03-11 12:29 - 2013-08-28 23:13 - 010752062 _____ () C:\Program Files (x86)\Battle3.ogg 2015-03-04 02:25 - 2013-08-28 23:26 - 012629210 _____ () C:\Program Files (x86)\Battle6.mp3 2015-03-04 02:25 - 2013-08-29 00:19 - 016811364 _____ () C:\Program Files (x86)\Battle8.ogg 2014-04-09 17:13 - 2013-09-11 02:32 - 015943777 _____ () C:\Program Files (x86)\Cristeros2.mp3 2017-12-06 15:32 - 2017-12-06 15:32 - 003036891 _____ () C:\Program Files (x86)\disc1track3.mp3 2017-12-06 15:31 - 2017-12-06 15:31 - 003216196 _____ () C:\Program Files (x86)\disc2track3.mp3 2017-12-06 15:33 - 2017-12-06 15:33 - 004433711 _____ () C:\Program Files (x86)\disc3track3.mp3 2014-04-05 15:57 - 2013-08-29 00:15 - 014113666 _____ () C:\Program Files (x86)\Epic1.mp3 2014-04-09 17:15 - 2013-08-29 00:19 - 010074237 _____ () C:\Program Files (x86)\Epic2.mp3 2014-04-05 16:02 - 2013-08-29 00:22 - 011542065 _____ () C:\Program Files (x86)\Epic3.mp3 2014-04-09 17:16 - 2013-08-29 00:29 - 012846077 _____ () C:\Program Files (x86)\Epic4.mp3 2020-05-01 18:56 - 2020-05-01 18:56 - 003718351 _____ () C:\Program Files (x86)\Epic5-[AudioTrimmer.com] (1).mp3 2014-04-09 17:17 - 2013-08-29 00:33 - 013523755 _____ () C:\Program Files (x86)\Epic5.mp3 2015-02-28 01:29 - 2013-08-29 01:40 - 008196178 _____ () C:\Program Files (x86)\Epic7.mp3 2020-05-01 20:33 - 2020-05-01 20:33 - 001876778 _____ () C:\Program Files (x86)\Epic8-[AudioTrimmer.com] part 1.mp3 2020-05-01 20:37 - 2020-05-01 20:37 - 002435589 _____ () C:\Program Files (x86)\Epic8-[AudioTrimmer.com] part 2.mp3 2020-05-01 20:27 - 2020-05-01 20:27 - 004317659 _____ () C:\Program Files (x86)\Epic8-[AudioTrimmer.com].mp3 2015-02-28 01:31 - 2013-08-29 01:42 - 011718021 _____ () C:\Program Files (x86)\Epic8.mp3 2016-04-15 21:25 - 2016-03-12 09:25 - 002025880 _____ () C:\Program Files (x86)\fight_1.mp3 2016-04-15 21:25 - 2016-03-12 09:43 - 003072158 _____ () C:\Program Files (x86)\fight_2.mp3 2016-04-15 21:25 - 2016-03-12 09:19 - 002975347 _____ () C:\Program Files (x86)\fight_3.mp3 2016-04-15 21:25 - 2016-03-19 16:48 - 003077465 _____ () C:\Program Files (x86)\fight_as_vaegir.mp3 2016-08-16 16:02 - 2016-08-16 16:03 - 007406501 _____ () C:\Program Files (x86)\KC & The Sunshine Band - Give It Up [HQ].mp3 2016-05-05 22:54 - 2016-05-05 22:54 - 003835192 _____ () C:\Program Files (x86)\Synth Popular [Mp3glu.org].mp3 2019-10-13 19:02 - 2019-10-13 19:02 - 021446737 _____ () C:\Program Files (x86)\y2mate.com - batman_the_dark_knight_returns_see_youin_hell_extended__CyMBgAbOT0.mp3 2016-02-01 18:13 - 2016-02-01 18:13 - 000001181 _____ () C:\Users\Rysiu\AppData\Roaming\trace_FilterInstaller.1.txt 2016-02-01 18:13 - 2016-02-01 18:23 - 000000919 _____ () C:\Users\Rysiu\AppData\Roaming\trace_FilterInstaller.txt 2016-02-01 18:13 - 2016-02-01 18:23 - 000000000 _____ () C:\Users\Rysiu\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2018-03-10 02:46 - 2018-03-10 02:46 - 000000000 _____ () C:\Users\Rysiu\AppData\Local\BIT4810.tmp 2014-01-14 21:30 - 2014-01-14 21:37 - 001065984 _____ () C:\Users\Rysiu\AppData\Local\file__0.localstorage 2018-09-28 18:40 - 2018-09-28 18:40 - 000000000 _____ () C:\Users\Rysiu\AppData\Local\oobelibMkey.log 2015-10-03 14:12 - 2015-10-03 14:12 - 000000017 _____ () C:\Users\Rysiu\AppData\Local\resmon.resmoncfg 2018-03-10 02:46 - 2018-03-10 02:46 - 000000000 _____ () C:\Users\Rysiu\AppData\Local\{0A83ED76-436A-49CF-B0A6-922A85FA62FC} 2016-11-03 23:04 - 2016-11-03 23:04 - 000000000 _____ () C:\Users\Rysiu\AppData\Local\{E018494D-76BD-416B-A1E9-613AFF68DAB0} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-10-30 16:59 ==================== End of FRST.txt ======================== Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020 Ran by Rysiu (01-11-2020 01:49:26) Running from C:\Users\Rysiu\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2014-01-14 15:26:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1623833313-998961705-177475952-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-1623833313-998961705-177475952-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1623833313-998961705-177475952-1004 - Limited - Enabled) Rysiu (S-1-5-21-1623833313-998961705-177475952-1002 - Administrator - Enabled) => C:\Users\Rysiu ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\uTorrent) (Version: 3.5.5.45798 - BitTorrent Inc.) A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: - Electronic Arts, Inc.) ACP Application (HKLM\...\{B2C0A68B-80D9-48E7-A447-E6663F9D957C}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.445 - Adobe) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.9.2 - Advanced Micro Devices, Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology) BBCiPlayerDownloads (HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\bbciplayerdownloads) (Version: 2.11.2 - British Broadcasting Corporation) Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden Brave Dwarves 2 GOLD v1.15 (HKLM-x32\...\Brave Dwarves 2 GOLD_is1) (Version: - GameOverGames) CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Discord (HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Discord) (Version: 0.0.305 - Discord Inc.) dr.fone (Version 9.1.0) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 9.1.0.7 - Wondershare Technology Co.,Ltd.) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.03.03 - ) FastStone Image Viewer 5.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.6 - FastStone Soft) FPS Monitor (HKLM-x32\...\FPS Monitor_is1) (Version: 1 - ) Game Debate Hardware Scanner version 0.1.3 (HKLM-x32\...\{D81698E2-9F9C-4C66-BC9C-FC7F7FCFA55D}_is1) (Version: 0.1.3 - Social Webtech LTD) GD Hardware Scan (HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden Highway Pursuit v1.2 (HKLM-x32\...\Highway Pursuit_is1) (Version: - Adam Dawes) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.20.314 - SurfRight B.V.) Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.438464.135 - Comodo) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.128 - PandoraTV) Malwarebytes version 4.2.2.95 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.2.95 - Malwarebytes) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD) nGlide 1.03 (HKLM-x32\...\nGlide) (Version: 1.03 - Zeus Software) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.85.44831 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - PhotoScape) PlanetSide 2 (HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment) Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek) RidNacs 2.0.3 (HKLM-x32\...\RidNacs_is1) (Version: - Stephan Plath) RivaTuner Statistics Server 7.1.0 (HKLM-x32\...\RTSS) (Version: 7.1.0 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.2 - Rockstar Games) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Skype version 8.51 (HKLM-x32\...\Skype_is1) (Version: 8.51 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - SumatraPDF) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1214 - SUPERAntiSpyware.com) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Sims Deluxe (HKLM-x32\...\{10798AE3-DCBB-43C3-9C93-C23512427E25}) (Version: - ) TP-LINK TL-WN727N Driver (HKLM-x32\...\{E796AA87-FE52-49A8-AD93-0236A9F87632}) (Version: 1.3.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK) Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version: - ) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Vikingr 0.84 (HKLM-x32\...\Vikingr) (Version: 0.84 - ) VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN) VMware Horizon Client (HKLM\...\{417E585F-77D0-4B0E-8C39-B1069491D56A}) (Version: 3.1.0.21879 - VMware, Inc.) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden VulkanSDK 1.2.154.1 (HKLM\...\VulkanSDK1.2.154.1) (Version: 1.2.154.1 - LunarG, Inc.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wondershare DVD Slideshow Builder Deluxe(Build 6.6.0.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.6.0.0 - Wondershare Software Co.,Ltd.) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1623833313-998961705-177475952-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll -> No File ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Microsoft Windows -> Intel Corporation) HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2009-07-14] (Microsoft Windows -> Intel Corporation) HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [839680 2009-07-14] (Microsoft Windows -> Intel Corporation) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:BC0B8090 [280] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Version 11) (Whitelisted) ========== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1623833313-998961705-177475952-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1623833313-998961705-177475952-1002 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030005_63.0.3239.108_u_ds_sp&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-16] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-16] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-25] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-25] (Oracle America, Inc. -> Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\sony.com -> sony.com IE restricted site: HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\kmpmedia.net -> hxxp://player.kmpmedia.net ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2016-11-03 16:52 - 000000830 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\VulkanSDK\1.2.154.1\Bin;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\; HKU\S-1-5-21-1623833313-998961705-177475952-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rysiu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: MBAMService => 2 MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Discord => C:\Users\Rysiu\AppData\Local\Discord\app-0.0.301\Discord.exe MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: DU Meter => "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart MSCONFIG\startupreg: GenieFloater => C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: IPLA! => C:\Program Files (x86)\ipla\ipla.exe /autorun MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C6708B29-2305-4C58-9A11-FD814474B058}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{B61AEEE0-F4DE-4651-89A1-D6B62BCADEF0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{F02E246E-97BA-4ED9-A376-51984ECD998A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Absolution\HMA.exe (Valve Corp. -> ) [File not signed] FirewallRules: [{779F23FD-054C-4464-82B8-C836E95973FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Absolution\HMA.exe (Valve Corp. -> ) [File not signed] FirewallRules: [TCP Query User{C3E3DF3C-2887-470E-94EA-A226CE948F70}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{15E0B852-DC3C-4247-9D67-3658CF3E8FB5}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9CBED5ED-2BE8-4557-B5D2-C1B33FC57429}] => (Block) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EFF4DFFF-6A15-43F6-A4B9-086FB9C0DF23}] => (Block) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{4CEBEB60-A930-4EEC-88BA-D8B4FD091FD2}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe () [File not signed] FirewallRules: [UDP Query User{729E20F1-209A-430F-9652-0B5CFC44E631}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe () [File not signed] FirewallRules: [{406A74CA-CBA6-4E07-A1EC-F1137C5DA1D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.) FirewallRules: [{56C9EEDC-7051-4FB3-B4AA-252D11C3E071}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.) FirewallRules: [{2287B303-4411-4E53-A666-CBC0EE186267}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe (Electronic Arts -> Electronic Arts, Inc.) FirewallRules: [{D809EC75-33DA-4B7D-BD15-A1108C3BC60A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Sims 3\Game\Bin\Sims3Launcher.exe (Electronic Arts -> Electronic Arts, Inc.) FirewallRules: [{EE77FCAB-E685-4CF0-B612-C973F48170BE}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{914A6D52-0D8C-4577-A69B-138860657B8F}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{9FA5F712-9EB2-4655-B900-CE6981B3C487}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{AD2B8FB8-828F-4F9F-B8DB-6EBF2A581FC8}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{86BF1FA5-DEC3-4D78-979C-FE46BEFE2898}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{1C3F20F3-4DFF-4DD1-AF64-C6D47377E030}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{E4574E04-1AAE-4752-B53A-677DEFC60B7D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{86F4A2DD-F867-4B6F-A0AE-0A905DFDF470}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{3D3ED50F-DE7B-44C8-B472-BCABCDC04E5D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{FF6377FF-F0E3-4907-BD3E-45AD82F98A74}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{C376BAE7-9284-430B-A58B-E11D1CE98674}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{E8DC91DB-50A9-486D-BC74-C9C2086AE113}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{5FA7DEA3-A68C-4183-B32D-7504CE211A13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40k.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{AE09F64F-1539-4B32-A297-3985A7E1D2AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40k.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{26D66202-75EB-42BC-8F44-10F3B43E5413}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40kWA.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{B9BC64EA-86F8-4129-A5D0-B0225CA6B91A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Gold\W40kWA.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{1BFAE3A0-C74D-4B4B-B725-CB712FE8D7EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{0E2C47F7-D209-4C0A-952D-BFDB016F2ABB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Dark Crusade\darkcrusade.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{9CF455E2-0794-471E-8DCD-4C69AF900A0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Blood Money\HitmanBloodMoney.exe () [File not signed] FirewallRules: [{F29F736B-A9D2-4483-94CE-BDD90227D5A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Blood Money\HitmanBloodMoney.exe () [File not signed] FirewallRules: [{F5FA24A8-1A0D-4BED-AB12-8A975297BE5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Blood Money\configure.exe () [File not signed] FirewallRules: [{A6466B05-CC75-4BC5-AF18-CC76F2B5CCDA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Blood Money\configure.exe () [File not signed] FirewallRules: [{7B60740D-59D8-4410-812A-2DB75348E259}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{18B06D6E-C605-4607-8912-FC7245798B51}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4D66088E-C513-47EA-88D8-481725AFCE02}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{67BEB9B5-38FA-4351-AFD6-525686AFCDD3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2BF5EBE7-0A91-424A-B641-E26B1BC639A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce\Broforce_beta.exe () [File not signed] FirewallRules: [{FF5BE0C9-3CE9-4C52-8C9A-635BF07B6F7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce\Broforce_beta.exe () [File not signed] FirewallRules: [{E6F860FC-F4E3-4559-811F-70376E44DE2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe () [File not signed] FirewallRules: [{2B94F7BC-1C38-4DBB-9CC6-911E6A8E5FCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe () [File not signed] FirewallRules: [{B89498FA-5DBF-4A7E-9ADB-4CCBF41CAF41}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{066F26F6-F38E-47CD-9F58-AC3FE1F6A420}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{947D0972-57F8-41C0-8416-2D4070B9DC8C}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{FDEFC5BA-2FC8-4B1C-9F36-F31B3FA4CBFC}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{B2C9B0CB-E985-4222-9484-1683B3A66AAA}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{6A002A53-1DAE-4EA6-B779-D602F965EF47}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C0A36250-2F97-4D19-9FC5-A5667CA72D5D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{03E8A8A6-B453-47EC-AAC4-3C47B9FCE6FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{9677DE21-DFA1-4C91-AB37-B66F5FF99031}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Sniper Challenge\HMSC.exe (Valve Corp. -> Square Enix Limited) [File not signed] FirewallRules: [{C1B6EA4B-E723-4E4A-8669-BAC28E82F5EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Sniper Challenge\HMSC.exe (Valve Corp. -> Square Enix Limited) [File not signed] FirewallRules: [{5A5B50C0-D774-420D-A40D-2EBA7AF65F9F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penarium\Penarium.exe () [File not signed] FirewallRules: [{195FB9CB-53C3-4BF8-9E7D-73C23C268827}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penarium\Penarium.exe () [File not signed] FirewallRules: [{2574E018-47C7-4221-87BF-4D0016B72582}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [{C97BE7DD-66AC-435C-8084-581DA3B45AF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [TCP Query User{A8593113-4524-4365-AA01-198D43DCC6E7}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [UDP Query User{07051765-0072-4F63-B960-4F85CC6DB934}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [{04A79945-2641-454B-88F0-A2193931B77D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd) FirewallRules: [{0488D462-EABB-4664-85F1-9C2F12C36721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd) FirewallRules: [TCP Query User{E0BEB994-1592-459F-9627-1382F9747DD4}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd) FirewallRules: [UDP Query User{A3B7B3AD-A52F-4257-B685-E747EC61FA60}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd) FirewallRules: [{F0FD0366-C375-4CD7-8CD8-47ADEC8DCBD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed] FirewallRules: [{46DB6ABA-E68A-45D8-BC45-1903E970ADAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed] FirewallRules: [{B6F3CC75-957B-432E-B874-3B0246A7E4C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spellsworn\Spellsworn.exe () [File not signed] FirewallRules: [{F9978EE4-DBFC-4D77-BF57-DE07788E0ED2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spellsworn\Spellsworn.exe () [File not signed] FirewallRules: [TCP Query User{1C3D9873-07D4-4D8E-9E81-ABF091E1B8E9}C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe (Epic Games, Inc.) [File not signed] FirewallRules: [UDP Query User{2C33BE14-82B0-437B-B310-FAC3C446EEA1}C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\spellsworn\spellsworn\binaries\win64\spellsworn-win64-test.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{32FC8F86-DCE1-4FEE-9BE2-87489F2B07E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BombTag\BombTag.exe () [File not signed] FirewallRules: [{917643ED-76F9-4247-9F20-37A3DEE255E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BombTag\BombTag.exe () [File not signed] FirewallRules: [{9D59BBB8-FD0F-4873-9889-6935AA476558}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jack Orlando\JackStart.exe () [File not signed] FirewallRules: [{914FDF91-27D4-4952-A639-10126F1D9A80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jack Orlando\JackStart.exe () [File not signed] FirewallRules: [TCP Query User{B0472FE3-5F7C-48EC-ABF3-8024B4695F16}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [UDP Query User{629858BD-5F32-4F13-A9E5-6F5CEDD9D054}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [{4F7E4767-CBC3-4186-8C58-D62FA6B5D9B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{E15B4831-B496-42E3-86A9-DCC61064454C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{92CE0824-30D9-446E-AEFA-2E27260ED5C8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{CB96AF64-4923-4CF5-826D-728F5A32E315}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{A3D12E45-7031-4A04-AC20-A17D456AEC70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HITMAN2\Launcher.exe (IO INTERACTIVE A/S -> ) FirewallRules: [{32E7E00B-D234-4A64-83EB-40A6AA0173AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HITMAN2\Launcher.exe (IO INTERACTIVE A/S -> ) FirewallRules: [{B59A8E82-D87E-4741-949E-B8CB41803F48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman 2 Silent Assassin\hitman2.exe (IO Interactive) [File not signed] FirewallRules: [{DD47A2A7-D171-46D6-9088-1AD215089ED3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman 2 Silent Assassin\hitman2.exe (IO Interactive) [File not signed] FirewallRules: [{839A8125-48DD-4931-87B9-CEBC93EFD96F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman 2 Silent Assassin\config.exe () [File not signed] FirewallRules: [{94074474-8F2F-48C0-9043-F2C6025E04B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman 2 Silent Assassin\config.exe () [File not signed] FirewallRules: [{109EBD52-899F-49F4-96EC-D06761789632}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Contracts\HitmanContracts.exe (IO Interactive) [File not signed] FirewallRules: [{CF00E0B1-4AB3-4736-ABC8-ED496F7244D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Contracts\HitmanContracts.exe (IO Interactive) [File not signed] FirewallRules: [TCP Query User{C0D9611F-BA1D-4470-8CA5-485BE45DD548}C:\program files (x86)\steam\steamapps\common\hitman2\retail\hitman2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hitman2\retail\hitman2.exe (IO INTERACTIVE A/S -> ) FirewallRules: [UDP Query User{2834DA31-3838-437C-86BC-7E6D58771892}C:\program files (x86)\steam\steamapps\common\hitman2\retail\hitman2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hitman2\retail\hitman2.exe (IO INTERACTIVE A/S -> ) FirewallRules: [{C14FB0A9-80F7-4EC8-A4C6-8B09340733B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator\ss2013.exe () [File not signed] FirewallRules: [{0CCECEEB-D761-4AED-8C3A-68A51E523966}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator\ss2013.exe () [File not signed] FirewallRules: [{315269A5-4FB6-4F9C-8E79-79FB199199FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mordhau\Mordhau.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{BDDA0E6C-8975-41D5-B9E5-83CD71E12F30}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mordhau\Mordhau.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{1E534F52-7DE6-4828-94B1-377053F9F247}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{DA75CF4F-D6E2-4D71-AA4A-222630690158}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{73816343-8505-425F-9AFB-936BF2FE9B7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House) FirewallRules: [{32914A73-A20B-464A-B03E-24C8A94AF952}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House) FirewallRules: [{ABA409FC-B8AB-46FA-99B6-C401DEE56016}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2CBB2FBA-2243-40C1-9AA5-F25D2B43B943}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2899CFF6-2D02-471A-8FCD-C0AC24A994AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed] FirewallRules: [{2DB78DA2-9079-4F82-ACFB-FCA979E8FFF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed] FirewallRules: [{7B15D6E2-DC05-47AE-A9FB-4709E9F13542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe (Unity Technologies SF -> ) [File not signed] FirewallRules: [{A452B892-4582-4FC4-A711-2947611CA85E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe (Unity Technologies SF -> ) [File not signed] FirewallRules: [{CE754D07-FB12-4E96-AAAB-890D34A6961B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed] FirewallRules: [{E98BF928-41DB-4F1E-82EE-D190B620B1D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed] FirewallRules: [{D19DD84C-1456-4EF5-968A-10F4B147C879}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed] FirewallRules: [{FFECFB0F-BCD3-4BCA-AB21-1BAA39399A56}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed] FirewallRules: [{BB9AB2A7-3481-40B9-BF45-1A4349AFEDAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe (CD Projekt RED) [File not signed] FirewallRules: [{AD8F4380-D905-4A22-8E7A-06A20CEEBE2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe (CD Projekt RED) [File not signed] FirewallRules: [{5F48D6AA-DDC6-4B5E-B833-54B2A9DB598F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\nmrih.exe () [File not signed] FirewallRules: [{F4F69B4B-CA2C-4B85-96A2-B49AEF23BDB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\nmrih.exe () [File not signed] FirewallRules: [TCP Query User{F78E1C8E-E650-4F46-8B9D-E3B823ADDD1B}C:\users\rysiu\downloads\witcher 3 overhaul mods\script merger\tools\wcc_lite\bin\x64\wcc_lite.exe] => (Allow) C:\users\rysiu\downloads\witcher 3 overhaul mods\script merger\tools\wcc_lite\bin\x64\wcc_lite.exe () [File not signed] FirewallRules: [UDP Query User{D8AE408F-384B-423F-B1B8-7E51183C50C8}C:\users\rysiu\downloads\witcher 3 overhaul mods\script merger\tools\wcc_lite\bin\x64\wcc_lite.exe] => (Allow) C:\users\rysiu\downloads\witcher 3 overhaul mods\script merger\tools\wcc_lite\bin\x64\wcc_lite.exe () [File not signed] FirewallRules: [{2F140AF0-23BC-4398-A3C6-401FEBEF5EB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm Reactive Drop\reactivedrop.exe () [File not signed] FirewallRules: [{9B7B534E-58C0-462E-B7EB-E158E46D9E9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm Reactive Drop\reactivedrop.exe () [File not signed] FirewallRules: [{E76B4F03-5E30-45CF-90EB-ECAD0EECD566}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DIDE\DeadIslandGame.exe (Techland Sp. z o.o. -> Techland) FirewallRules: [{B22AE513-D1C7-417C-A2F8-F1293AA66B18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DIDE\DeadIslandGame.exe (Techland Sp. z o.o. -> Techland) FirewallRules: [{F512584A-450E-48FF-B46A-D90E5BD6A883}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\L.A.Noire\LANLauncher.exe (Take-Two Interactive Software, Inc. -> Rockstar Games) FirewallRules: [{672B6306-869A-4F4B-A649-BA9DE4AE234E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\L.A.Noire\LANLauncher.exe (Take-Two Interactive Software, Inc. -> Rockstar Games) FirewallRules: [{07DDFBDA-D9C7-45ED-BA2C-B6F6A06C4914}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\aceofspades\aos.exe () [File not signed] FirewallRules: [{37A9D3D6-BF87-4A32-96FF-7F3A5A3B0390}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\aceofspades\aos.exe () [File not signed] FirewallRules: [{094DAEA4-2315-4EE5-B569-674514E8CC1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Codename 47\Hitman.Exe () [File not signed] FirewallRules: [{F9779A4B-16C2-40CA-8893-16E14A712D99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Codename 47\Hitman.Exe () [File not signed] FirewallRules: [{449D3F67-EA7C-46EF-A117-10A9FF8E269E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Codename 47\Setup.exe () [File not signed] FirewallRules: [{6189AA55-11B9-45C7-B41C-2DDD13F0BD8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Codename 47\Setup.exe () [File not signed] FirewallRules: [{4D1CA333-B933-4664-ACF2-AE2DE25E5D35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Detroit Become Human\DetroitBecomeHuman.exe () [File not signed] FirewallRules: [{8C9A27C4-B841-4B47-8149-612E52465C60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Detroit Become Human\DetroitBecomeHuman.exe () [File not signed] FirewallRules: [{E68DBD1A-F516-4E58-BE36-9A88DA64B617}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{8A88488F-EB4C-447C-AF6A-C927E4FE2E8F}C:\program files (x86)\steam\steamapps\common\awayout\haze1\binaries\win64\awayout.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awayout\haze1\binaries\win64\awayout.exe (Hazelight Studios AB -> Hazelight Studios AB) FirewallRules: [UDP Query User{5E0006EB-7B81-4FC6-8562-E8603D5979D4}C:\program files (x86)\steam\steamapps\common\awayout\haze1\binaries\win64\awayout.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awayout\haze1\binaries\win64\awayout.exe (Hazelight Studios AB -> Hazelight Studios AB) FirewallRules: [{11F08B71-845E-4124-92A0-4BB8433550BD}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{DD0B0D1F-CD0A-4F17-9034-734065F9E54B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{03B4E817-9111-4DCF-B119-6D2D09FD94B1}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{9A18EF1A-266E-4F22-BF6A-2A0CB03C011A}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C08C937F-733B-4009-89CC-2C7C1E9CA9B7}] => (Allow) C:\Users\Rysiu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) ==================== Restore Points ========================= 31-10-2020 17:59:38 Windows Update 31-10-2020 19:19:04 Windows Update ==================== Faulty Device Manager Devices ============ Name: AODDriver4.2.0 Description: AODDriver4.2.0 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2.0 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: tencent QMUdisk Description: tencent QMUdisk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: QMUdisk Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (11/01/2020 01:27:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/01/2020 01:14:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/01/2020 12:31:43 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2020-11-01T02:25:43Z. Error Code: 0x80041321. Error: (11/01/2020 12:21:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (11/01/2020 12:11:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/31/2020 07:04:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/31/2020 07:04:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.RegularExpressions, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . Error: (10/31/2020 07:04:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed. . System errors: ============= Error: (11/01/2020 01:28:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Wondershare Application Framework Service service to connect. Error: (11/01/2020 01:27:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (11/01/2020 01:27:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (11/01/2020 01:26:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: The system cannot find the path specified. Error: (11/01/2020 01:24:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/01/2020 01:24:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (11/01/2020 01:24:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Wondershare Driver Install Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/01/2020 01:24:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Genuine Monitor Service service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== BIOS: American Megatrends Inc. 1503 11/14/2012 Motherboard: ASUSTeK Computer INC. M5A78L-M/USB3 Processor: AMD FX(tm)-6350 Six-Core Processor Percentage of memory in use: 53% Total physical RAM: 8174.12 MB Available physical RAM: 3787 MB Total Virtual: 16346.42 MB Available Virtual: 11679.25 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:931.41 GB) (Free:84.54 GB) NTFS \\?\Volume{55654edc-b320-11e2-b4d0-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 15AFCC6E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2020 ID:1417749 Share Posted November 1, 2020 Hiya mr47steam, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me see those logs in your reply... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
mr47steam Posted November 1, 2020 Author ID:1417783 Share Posted November 1, 2020 Hello, I have run the game before even running the frst fix and the stuttering and high memory usage seems to have disappeared temporarily, in that before it occured instantly while now it took some 15 minutes for it to appear. So I'm not sure if it is fixed but at least there seems to be a change. I thought I will give you an update seeing as the sophos scan is still underway and although running for some 2 hours already the progress bar doesnt seem to be making much... progress. I read that it will take many many hours so if you have any tips to speed up the process or if you think the scan is no longer necessary, let me know. I would love to avoid such a long wait time. Here are the logs from FRSTFixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2020 ID:1417784 Share Posted November 1, 2020 Hello mr47steam, The only way to speed up the scan is to leave your PC totally idle during the scan. I do not recommend stopping the scan when underway. The scan time is totally variable depending on the amount of data being scanned. I never ask users how long it takes, but when used personally on other users machines at my home anywhere from 2 to 15 hours is not unusual... Thank you, Kevin... Link to post Share on other sites More sharing options...
mr47steam Posted November 1, 2020 Author ID:1417789 Share Posted November 1, 2020 Hello, thanks for the reply, I did leave the computer completely idle for the first two hours and the screenshot above shows how little the progress bar moved. Now some, despite being nearly two hours later, the progress bar remains exactly as it was. That's why I was worried something might not be right, or there are ways to make it faster, even though I did follow all your instructions from the previous post. I'll leave it idle again and see if any progress is made. Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2020 ID:1417792 Share Posted November 1, 2020 I would still recommend letting the scan continue, I believe Sophos AV is the best tool for the job in your situation... Link to post Share on other sites More sharing options...
mr47steam Posted November 1, 2020 Author ID:1417798 Share Posted November 1, 2020 yeah the scan was sitting at around 2% progress for 4 hours and jumped to around 30% in a few minutes. I'll send you the logs once it's done Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2020 ID:1417801 Share Posted November 1, 2020 Thanks for the update... Link to post Share on other sites More sharing options...
mr47steam Posted November 1, 2020 Author ID:1417808 Share Posted November 1, 2020 Hello, the scan is complete, however no threats were detected. I couldnt find any log files in C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs I assume the lack of threats is the reason for that. I will await your reply. Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2020 ID:1417810 Share Posted November 1, 2020 Yes if nothing found there is no log. Can I see the log from FRST fix "fixlog.txt" Link to post Share on other sites More sharing options...
mr47steam Posted November 1, 2020 Author ID:1417814 Share Posted November 1, 2020 Yes, I included it earlier in a post, but here it is again: Fixlog.txt Fix result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020 Ran by Rysiu (01-11-2020 14:35:06) Run:1 Running from C:\Users\Rysiu\Downloads Loaded Profiles: Rysiu Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Run: [] => [X] HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Policies\system: [shell] explorer.exe <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {60891CC4-9EDB-42E0-B244-D1D10C6B13DA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9EADF39D-03ED-41BA-AB52-B2E2878417D3} - \DNSUMBARGER -> No File <==== ATTENTION Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{77EC785D-E222-42AE-89B8-AB615EDFD573}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{AE397CBB-ECE5-4121-AB0C-17D2604FCC89}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{AE397CBB-ECE5-4121-AB0C-17D2604FCC89}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{F64ADBCA-3657-401E-91A8-433F97F5E2BD}: [NameServer] 8.8.8.8 FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 => not found FF HKU\S-1-5-21-1623833313-998961705-177475952-1002\...\Firefox\Extensions: [{30b2f2f3-2f94-48b2-b3a4-5244f212bbd3}] - C:\Program Files (x86)\ViewPassword\150.xpi => not found S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 GPU-Z; \??\C:\Users\Rysiu\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\QMUdisk64.sys [X] S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\TS888x64.sys [X] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll -> No File AlternateDataStreams: C:\ProgramData\TEMP:BC0B8090 [280] FirewallRules: [{11F08B71-845E-4124-92A0-4BB8433550BD}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{DD0B0D1F-CD0A-4F17-9034-734065F9E54B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File FirewallRules: [{03B4E817-9111-4DCF-B119-6D2D09FD94B1}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File CMD: winmgmt /verifyrepository cmd: sfc /scannow Hosts: EmptyTemp: ***************** SystemRestore: On => Error -> 9% Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKU\S-1-5-21-1623833313-998961705-177475952-1002\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKU\S-1-5-21-1623833313-998961705-177475952-1002\Software\Microsoft\Windows\CurrentVersion\Policies\system\\shell" => removed successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60891CC4-9EDB-42E0-B244-D1D10C6B13DA}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60891CC4-9EDB-42E0-B244-D1D10C6B13DA}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9EADF39D-03ED-41BA-AB52-B2E2878417D3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EADF39D-03ED-41BA-AB52-B2E2878417D3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSUMBARGER" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77EC785D-E222-42AE-89B8-AB615EDFD573}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE397CBB-ECE5-4121-AB0C-17D2604FCC89}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE397CBB-ECE5-4121-AB0C-17D2604FCC89}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F64ADBCA-3657-401E-91A8-433F97F5E2BD}\\NameServer" => removed successfully "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar" => removed successfully "HKU\S-1-5-21-1623833313-998961705-177475952-1002\Software\Mozilla\Firefox\Extensions\\{30b2f2f3-2f94-48b2-b3a4-5244f212bbd3}" => removed successfully HKLM\System\CurrentControlSet\Services\AODDriver4.2.0 => removed successfully AODDriver4.2.0 => service removed successfully HKLM\System\CurrentControlSet\Services\GPU-Z => removed successfully GPU-Z => service removed successfully HKLM\System\CurrentControlSet\Services\QMUdisk => removed successfully QMUdisk => service removed successfully HKLM\System\CurrentControlSet\Services\TS888x64 => removed successfully TS888x64 => service removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully C:\ProgramData\TEMP => ":BC0B8090" ADS removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11F08B71-845E-4124-92A0-4BB8433550BD}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD0B0D1F-CD0A-4F17-9034-734065F9E54B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03B4E817-9111-4DCF-B119-6D2D09FD94B1}" => removed successfully ========= winmgmt /verifyrepository ========= WMI repository is consistent ========= End of CMD: ========= ========= sfc /scannow ========= Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 73% complete.Verification 73% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete. Windows Resource Protection did not find any integrity violations. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13064816 B Java, Flash, Steam htmlcache => 1017963998 B Windows/system/drivers => 52605842 B Edge => 0 B Chrome => 395601016 B Firefox => 0 B Opera => 140021 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 159918004 B LocalService => 159918004 B NetworkService => 159940612 B Rysiu => 170085715 B Administrator => 170109216 B RecycleBin => 0 B EmptyTemp: => 2.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:09:21 ==== Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2020 ID:1417816 Share Posted November 1, 2020 Yes I missed it, thanks for including again. What is the current status of your system, any issues or concerns... Link to post Share on other sites More sharing options...
mr47steam Posted November 1, 2020 Author ID:1417826 Share Posted November 1, 2020 I run the game and it run without problems for 30 minutes in demanding areas and situations, so I think whatever it was, the problem has been fixed. If you have any further suggestions for scans or something else I would happily go through with them as well. If not, thank you for helping me through this! If such problems return I will know who to turn to Link to post Share on other sites More sharing options...
Solution kevinf80 Posted November 1, 2020 Solution ID:1417827 Share Posted November 1, 2020 Hello mr47steam, Thanks for the update, good to hear your system is ok for you, just need to clean up: Uninstall the following programs:Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. When the tool opens, ensure all boxes are checked, and select Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please copy and paste its contents in your next reply. Next, 1. How to create strong Passwords - https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/ 2. How to keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download 3. Keep your Operating upto date and current - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 4. Answers to Security Questions and Best Pratices - https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/ 5. Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ 6. Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted November 3, 2020 ID:1418290 Share Posted November 3, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts