News 72

[myphoneexplorer]Possible Infection?

Update time:2021-08-06 01:37Tag:

  sorry first post contained both reports :

  ?

  ?

  ====================Internet (Whitelisted)====================

  ?

  (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

  ?

  Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

  Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

  Tcpip\..\Interfaces\{274c4dcb-5359-4750-9c7d-43d161cc20b5}: [DhcpNameServer] 192.168.1.1

  ?

  Edge:?

  ======

  DownloadDir: F:\Downloads

  Edge DefaultProfile: Default

  Edge Profile: C:\Users\TwenTy20zOfHaze\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-19]

  Edge Extension: (Kaspersky Protection) – C:\Users\TwenTy20zOfHaze\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2020-11-19]

  ?

  FireFox:

  ========

  FF HKLM-x32\…\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] – F:\Adobe Acrobat XI Pro\Acrobat\Browser\WCFirefoxExtn

  FF Extension: (Adobe Acrobat – Create PDF) – F:\Adobe Acrobat XI Pro\Acrobat\Browser\WCFirefoxExtn [2019-08-23] [Legacy]

  FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2018-01-04] (Adobe Systems Incorporated -> )

  FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0

  pctrl.dll [2018-10-23] (Microsoft Corporation ->? Microsoft Corporation)

  FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

  FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities

  pAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)

  FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2018-01-04] (Adobe Systems Incorporated -> )

  FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins

  pmeetingjoinpluginoc.dll [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)

  FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0

  pctrl.dll [2018-10-23] (Microsoft Corporation ->? Microsoft Corporation)

  FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

  FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC

  pvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

  FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC

  pvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

  FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC

  pvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

  FF Plugin-x32: Adobe Acrobat -> F:\Adobe Acrobat XI Pro\Acrobat\Air

  ppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

  FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities

  pAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)

  FF Plugin ProgramFiles/Appdata: C:\Users\TwenTy20zOfHaze\AppData\Roaming\mozilla\plugins

  patgpc.dll [2018-08-30]

  ?

  Chrome:?

  =======

  CHR DefaultProfile: Default

  CHR Profile: C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default [2020-11-20]

  CHR Notifications: Default -> hxxps://aa-mg6.mail.yahoo.com; hxxps://badoo.com; hxxps://beta.meetme.com; hxxps://fitgirl-repacks.site; hxxps://mail.google.com; hxxps://mail.yahoo.com; hxxps://naijacrawl.com; hxxps://naijacrawlnews.os.tc; hxxps://onecognizantchat.cognizant.com; hxxps://store.ubi.com; hxxps://thepiratebay.org; hxxps://tomclancy-thedivision.ubisoft.com; hxxps://www.hotnewhiphop.com; hxxps://www.livejasmin.com; hxxps://www.mocospace.com; hxxps://www.youtube.com

  CHR HomePage: Default -> hxxp://tv.verizon.com/

  CHR StartupUrls: Default -> “hxxps://aa-mg5.mail.yahoo.com/neo/launch?.rand=0mprgjj3oh406#1258293624″,”hxxp://friends.meetme.com/locals”,”hxxp://www.mocospace.com/html/profile-search_results.jsp”,”hxxps://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&es_th=1&ie=UTF-8&q=espn%20360&oq=espn%20360&aqs=chrome..69i57j0l5.4647j1j7″,”hxxp://fiostrending.verizon.com/”

  CHR Extension: (Slides) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-11]

  CHR Extension: (Docs) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-11]

  CHR Extension: (Google Drive) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]

  CHR Extension: (YouTube) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-11]

  CHR Extension: (Honey) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-11-20]

  CHR Extension: (Might and Magic Heroes Online) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofmomibemibekfhdnbndompcedgimfl [2019-05-06]

  CHR Extension: (Avira Safe Shopping) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-10-28]

  CHR Extension: (Odell Catch) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpomieopcegfoocdannibcllkolamlai [2018-09-11]

  CHR Extension: (Adobe Acrobat) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-18]

  CHR Extension: (Video Downloader professional) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-24]

  CHR Extension: (Avast SafePrice | Comparison, deals, coupons) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-11-19]

  CHR Extension: (Google Play Music) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-11-20]

  CHR Extension: (Dashlane – Password Manager) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-11-20]

  CHR Extension: (Sheets) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-11]

  CHR Extension: (Google Docs Offline) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-20]

  CHR Extension: (AdBlock — best ad blocker) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-20]

  CHR Extension: (Avast Online Security) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-11-19]

  CHR Extension: (Screen Recorder) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden [2020-11-02]

  CHR Extension: (RetailMeNot Deal Finder) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2020-11-20]

  CHR Extension: (Cisco Webex Extension) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-06-16]

  CHR Extension: (Ad-Blocker) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\kacljcbejojnapnmiifgckbafkojcncf [2020-11-20]

  CHR Extension: (BB10 / PlayBook App Manager) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2018-09-11]

  CHR Extension: (Synctab – window & tab manager) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\miejmllodobdobgjbeonandkjhnhpjbn [2020-09-19]

  CHR Extension: (Chrome Web Store Payments) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions

  mmhkkegccagdldgiimedpiccmgmieda [2019-10-03]

  CHR Extension: (I’m Back: Возвращай кэшбэк с покупок!) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions

  nnknmdhancmmdmhfjekhdlekhennjna [2020-10-15]

  CHR Extension: (Coupons at Checkout) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\onbkopaoemachfglhlpomhbpofepfpom [2020-10-21]

  CHR Extension: (Amazon Assistant for Chrome) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2020-11-20]

  CHR Extension: (Gmail) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]

  CHR Extension: (Chrome Media Router) – C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]

  CHR Profile: C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-11-11]

  CHR Profile: C:\Users\TwenTy20zOfHaze\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-11]

  CHR HKLM\…\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

  CHR HKLM-x32\…\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

  CHR HKLM-x32\…\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] – F:\Adobe Acrobat XI Pro\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]

  CHR HKLM-x32\…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

  CHR HKLM-x32\…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

  ?

  ====================Services (Whitelisted)===================

  ?

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  ?

  R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)

  R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)

  R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8450976 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360408 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2748520 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-06-28] (BattlEye Innovations e.K. -> )

  R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1439424 2016-02-02] (Disc Soft Ltd -> Disc Soft Ltd)

  S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-03-15] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

  R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd -> Paramount Software UK Ltd)

  R2 MBAMService; F:\MalwareBytes\MBAMService.exe [7269976 2020-11-07] (Malwarebytes Inc -> Malwarebytes)

  R2 NMSAccess; C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe [71096 2009-01-12] (Numedia Soft, Inc. -> )

  S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2522424 2020-11-20] (Electronic Arts, Inc. -> Electronic Arts)

  R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3476800 2020-11-20] (Electronic Arts, Inc. -> Electronic Arts)

  R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1425912 2020-10-21] (Plex, Inc. -> Plex, Inc.)

  R3 Rockstar Service; F:\Rockstar Games Launcher\RockstarService.exe [1352832 2020-11-05] (Rockstar Games, Inc. -> Rockstar Games)

  S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)

  R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)

  R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13273104 2020-10-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

  R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

  ?

  =====================Drivers (Whitelisted)===================

  ?

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  ?

  R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

  S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2016-12-25] (CHENGDU AOMEI Tech Co., Ltd. -> )

  R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37152 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206408 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [236112 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [195664 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60496 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16824 2020-07-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)

  R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42784 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175720 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [518664 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109280 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84856 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851608 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [470912 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [217336 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326928 2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

  S3 cpuz143; C:\Users\TwenTy20zOfHaze\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2020-11-11] (CPUID -> CPUID) <====ATTENTION

  R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2020-09-25] (Disc Soft Ltd -> Disc Soft Ltd)

  S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34368 2018-01-16] (CHENGDU YIWO Tech Development Co., Ltd. -> )

  R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ? Codename Longhorn DDK provider)

  R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-11-07] (Malwarebytes Corporation -> Malwarebytes)

  R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73328 2018-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)

  R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53360 2018-05-15] (Microsoft Windows Hardware Compatibility Publisher -> )

  R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22640 2018-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)

  R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341104 2018-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)

  S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

  S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2018-08-26] (Echobit, LLC -> Echobit, LLC)

  S3 gdrv; C:\WINDOWS\gdrv.sys [26792 2018-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)

  S3 hidflt; C:\WINDOWS\system32\DRIVERS\ETDUSB.sys [58880 2010-06-18] (Microsoft Windows Hardware Compatibility Publisher -> ELAN Microelectronics Corp.)

  R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217600 2020-11-07] (Malwarebytes Inc -> Malwarebytes)

  S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

  R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-11-20] (Malwarebytes Inc -> Malwarebytes)

  R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-11-20] (Malwarebytes Inc -> Malwarebytes)

  R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-07] (Malwarebytes Inc -> Malwarebytes)

  R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [136352 2020-11-20] (Malwarebytes Inc -> Malwarebytes)

  S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

  R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )

  R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )

  S3 tap0901t; C:\WINDOWS\System32\drivers ap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH -> Tunngle.net GmbH)

  S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

  R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)

  R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)

  S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)

  ?

  ====================NetSvcs (Whitelisted)===================

  ?

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  ?

  ?

  ====================One month (created)===================

  ?

  (If an entry is included in the fixlist, the file/folder will be moved.)

  ?

  2020-11-20 18:05 – 2020-11-20 18:05 – 000019276 _____ C:\Users\TwenTy20zOfHaze\Desktop\FRST.txt

  2020-11-20 18:04 – 2020-11-20 18:05 – 000000000 ____D C:\FRST

  2020-11-20 18:04 – 2020-11-20 18:04 – 002294784 _____ (Farbar) C:\Users\TwenTy20zOfHaze\Desktop\FRST64.exe

  2020-11-20 18:00 – 2020-11-20 18:00 – 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

  2020-11-20 18:00 – 2020-11-20 18:00 – 000136352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

  2020-11-20 18:00 – 2020-11-20 18:00 – 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

  2020-11-20 17:56 – 2020-11-20 17:56 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\LocalLow\IGDump

  2020-11-19 20:18 – 2020-11-19 20:18 – 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin

  2020-11-19 20:18 – 2020-07-08 23:49 – 025076256 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 011919376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 003013648 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_mjpgvd_64.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 002439184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_mjpgvd_32.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 000146960 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 000137744 _____ C:\WINDOWS\SysWOW64\libEGL.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 000126480 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 000120848 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll

  2020-11-19 20:18 – 2020-07-08 23:49 – 000111632 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 021448784 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 020346704 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 003218248 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h265ve_64.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 003212424 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_vp9ve_64.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 003198824 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h264ve_64.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 002996072 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_encrypt_64.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 002606112 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h265ve_32.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 002600992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_vp9ve_32.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 002591904 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h264ve_32.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 002435360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_encrypt_32.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 000212480 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll

  2020-11-19 20:18 – 2020-07-08 23:48 – 000184160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll

  2020-11-19 20:18 – 2020-07-08 22:27 – 001376256 _____ C:\WINDOWS\system32\c_64.cpa

  2020-11-19 20:18 – 2020-07-08 22:27 – 001361159 _____ C:\WINDOWS\SysWOW64\c_32.cpa

  2020-11-19 20:18 – 2020-07-08 22:27 – 000072329 _____ C:\WINDOWS\SysWOW64\h265e_32.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000071888 _____ C:\WINDOWS\SysWOW64\vp9e_32.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000070661 _____ C:\WINDOWS\SysWOW64\he_32.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000066157 _____ C:\WINDOWS\SysWOW64\mj_32.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000057143 _____ C:\WINDOWS\SysWOW64\dev_32.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000056359 _____ C:\WINDOWS\system32\dev_64.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000014145 _____ C:\WINDOWS\system32\h265e_64.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000013996 _____ C:\WINDOWS\system32\vp9e_64.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000013581 _____ C:\WINDOWS\system32\he_64.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000013309 _____ C:\WINDOWS\system32\mj_64.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000001125 _____ C:\WINDOWS\SysWOW64\cpa_32.vp

  2020-11-19 20:18 – 2020-07-08 22:27 – 000001125 _____ C:\WINDOWS\system32\cpa_64.vp

  2020-11-19 20:16 – 2020-10-20 14:44 – 000339552 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

  2020-11-19 18:01 – 2020-11-19 18:01 – 000000000 ____D C:\ProgramData\Emsisoft

  2020-11-19 17:58 – 2020-11-19 17:58 – 000000000 ____D C:\Program Files\HitmanPro

  2020-11-19 17:57 – 2020-11-19 23:15 – 000000000 ____D C:\ProgramData\HitmanPro

  2020-11-19 17:31 – 2020-11-19 17:31 – 000000000 ____D C:\ProgramData\Kaspersky Lab

  2020-11-19 17:31 – 2020-11-19 17:31 – 000000000 ____D C:\Program Files (x86)\Kaspersky Lab

  2020-11-19 17:30 – 2020-11-19 17:30 – 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

  2020-11-14 14:44 – 2020-11-14 14:44 – 000000000 ____D C:\ProgramData\AMD

  2020-11-14 13:18 – 2020-11-19 23:15 – 000000000 ____D C:\Program Files\Intel

  2020-11-14 13:18 – 2020-11-14 13:27 – 000000000 ____D C:\Program Files (x86)\Intel

  2020-11-14 12:50 – 2020-11-14 13:18 – 000000000 ____D C:\ProgramData\Intel

  2020-11-14 12:48 – 2020-11-20 18:01 – 000000000 __SHD C:\Users\TwenTy20zOfHaze\IntelGraphicsProfiles

  2020-11-14 12:48 – 2020-11-14 13:19 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\Intel

  2020-11-14 12:48 – 2020-11-14 12:48 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\LocalLow\Intel

  2020-11-13 22:55 – 2020-11-20 17:59 – 100139008 _____ C:\WINDOWS\system32\config\software

  2020-11-13 22:52 – 2020-11-13 22:55 – 000000000 ____D C:\WINDOWS\Microsoft Antimalware

  2020-11-13 19:40 – 2020-11-20 17:57 – 000002206 _____ C:\WINDOWS\system32\Tasks\Core Temp Autostart TwenTy20zOfHaze

  2020-11-11 14:20 – 2020-11-11 14:20 – 000000722 _____ C:\Users\TwenTy20zOfHaze\Desktop\Core Temp.lnk

  2020-11-11 14:20 – 2020-11-11 14:20 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp

  2020-11-11 14:11 – 2020-11-20 18:01 – 000003114 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate

  2020-11-11 14:11 – 2020-11-20 17:57 – 000002374 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate

  2020-11-11 14:11 – 2020-09-28 11:26 – 000104200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys

  2020-11-11 14:10 – 2020-11-20 17:57 – 000002188 _____ C:\WINDOWS\system32\Tasks\StartCN

  2020-11-11 14:10 – 2020-11-20 17:57 – 000002108 _____ C:\WINDOWS\system32\Tasks\StartDVR

  2020-11-11 14:10 – 2020-11-19 23:15 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software

  2020-11-11 14:01 – 2020-09-28 11:28 – 001753712 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe

  2020-11-11 14:01 – 2020-09-28 11:28 – 001753712 _____ C:\WINDOWS\system32\vulkaninfo.exe

  2020-11-11 14:01 – 2020-09-28 11:28 – 001359472 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe

  2020-11-11 14:01 – 2020-09-28 11:28 – 001359472 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

  2020-11-11 14:01 – 2020-09-28 11:28 – 001047792 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 001047792 _____ C:\WINDOWS\system32\vulkan-1.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000910248 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000910248 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000736880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000621168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000496752 _____ C:\WINDOWS\system32\GameManager64.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000493168 _____ C:\WINDOWS\system32\dgtrayicon.exe

  2020-11-11 14:01 – 2020-09-28 11:28 – 000432752 _____ C:\WINDOWS\system32\EEURestart.exe

  2020-11-11 14:01 – 2020-09-28 11:28 – 000380016 _____ C:\WINDOWS\SysWOW64\GameManager32.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000186992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000166512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000156784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000142448 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000090736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000075376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000046704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000043632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000019784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll

  2020-11-11 14:01 – 2020-09-28 11:28 – 000019784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 072714352 _____ C:\WINDOWS\system32\amd_comgr.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 060127344 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 004631664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 004156016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 001783408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 001344624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 001344624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000941168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000768624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000761456 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe

  2020-11-11 14:01 – 2020-09-28 11:27 – 000553584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000468592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000456304 _____ C:\WINDOWS\system32\atieah64.exe

  2020-11-11 14:01 – 2020-09-28 11:27 – 000383600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000351856 _____ C:\WINDOWS\SysWOW64\atieah32.exe

  2020-11-11 14:01 – 2020-09-28 11:27 – 000339568 _____ C:\WINDOWS\system32\clinfo.exe

  2020-11-11 14:01 – 2020-09-28 11:27 – 000245360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000213104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000182400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000167024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000158648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000140912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000135792 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000125552 _____ C:\WINDOWS\system32\atidxx64.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000122480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000107632 _____ C:\WINDOWS\SysWOW64\atidxx32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000107120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll

  2020-11-11 14:01 – 2020-09-28 11:27 – 000070256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 071741552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 001686016 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 001365368 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000546800 _____ C:\WINDOWS\system32\amdmiracast.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000489584 _____ C:\WINDOWS\system32\amdgfxinfo64.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000466544 _____ C:\WINDOWS\system32\amdlogum.exe

  2020-11-11 14:01 – 2020-09-28 11:26 – 000380016 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000198832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000167912 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000135928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000130232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000130232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000120264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000108248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll

  2020-11-11 14:01 – 2020-09-28 11:26 – 000108248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll

  2020-11-11 14:01 – 2020-09-28 10:26 – 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap

  2020-11-11 14:01 – 2020-09-28 10:26 – 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap

  2020-11-11 14:01 – 2020-09-28 10:26 – 000548096 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb

  2020-11-11 14:01 – 2020-09-28 10:26 – 000548096 _____ C:\WINDOWS\system32\atiapfxx.blb

  2020-11-11 14:01 – 2020-09-28 10:26 – 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat

  2020-11-11 14:01 – 2020-09-28 10:26 – 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat

  2020-11-11 14:01 – 2020-09-28 10:26 – 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat

  2020-11-11 14:01 – 2020-09-28 10:26 – 000157144 _____ C:\WINDOWS\system32\ativvsva.dat

  2020-11-11 14:01 – 2020-09-28 10:26 – 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin

  2020-11-11 14:01 – 2020-09-28 10:26 – 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin

  2020-11-11 14:01 – 2020-09-28 10:26 – 000125488 _____ C:\WINDOWS\system32\kapp_ci.sbin

  2020-11-11 14:01 – 2020-09-28 10:26 – 000121168 _____ C:\WINDOWS\system32\kapp_si.sbin

  2020-11-11 14:01 – 2020-09-28 10:26 – 000069770 _____ C:\WINDOWS\system32\AMDKernelEvents.man

  2020-11-11 14:01 – 2020-09-23 09:43 – 000510368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdfendrsr.exe

  2020-11-11 14:01 – 2020-09-23 09:43 – 000088992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendr.sys

  2020-11-11 14:01 – 2020-07-27 02:41 – 000062056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdxe.sys

  2020-11-11 14:01 – 2020-06-08 20:57 – 000107936 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys

  2020-11-11 13:51 – 2020-11-11 13:51 – 000000000 ____D C:\WINDOWS\SysWOW64\directx

  2020-11-11 12:41 – 2020-11-11 12:41 – 000325844 _____ C:\Users\TwenTy20zOfHaze\Desktop\cc_20201111_124120.reg

  2020-11-11 12:39 – 2020-11-11 12:39 – 000000884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk

  2020-11-11 12:39 – 2020-11-11 12:39 – 000000000 ____D C:\Program Files (x86)\WinRAR

  2020-11-11 10:01 – 2020-11-11 10:01 – 026274304 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 024265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 023452160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 019870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 018083840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 010840904 _____ (Microsoft Corporation) C:\WINDOWS\system32

  toskrnl.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 010336904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 008895680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 008235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 008009872 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 007990232 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 007783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 007636448 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 007621632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 007107584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 006422016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 006368392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 006231040 _____ (Microsoft Corporation) C:\WINDOWS\system32 winui.pcshell.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 006196736 _____ (Microsoft Corporation) C:\WINDOWS\system32 winui.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 006001208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 005833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 005430992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004902400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004830720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004783840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004752896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64 winui.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004732928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004651032 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 004629328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 004281856 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 004069992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 004008448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003933696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003893248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003869184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003821064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003815936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 003811840 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003779392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 003750400 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003388928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003305984 _____ (Microsoft Corporation) C:\WINDOWS\system32 query.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003157816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003089920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 003070464 _____ (Microsoft Corporation) C:\WINDOWS\system32\FluencyDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002983736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers cpip.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 002979840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002942976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 002850616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers

  tfs.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 002809776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 002648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002607104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64 query.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002520056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002477384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002426168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002384696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002318848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002268456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002250240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002024248 _____ (Microsoft Corporation) C:\WINDOWS\system32

  tdll.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 002012672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001953792 _____ (Microsoft Corporation) C:\WINDOWS\system32?n.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001828352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001827648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001751944 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001715200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32?2.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001695728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

  tdll.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001683456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64?n.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001664160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64?2.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001649664 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001632056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001590784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001590584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001557816 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 001523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MoUsoCoreWorker.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001515520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001481216 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001478464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers

  dis.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 001449984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001414656 _____ (Microsoft Corporation) C:\WINDOWS\system32?reworker.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 001391616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001361920 _____ (Microsoft Corporation) C:\WINDOWS\system32 sf3gip.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001352240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001315328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001272320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 001255424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001245280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001239040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_IME.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001238528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001228800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001210136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 001192096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001128520 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001117328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32 askbarcpl.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001070392 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001025768 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 001017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000947712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000926720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000904008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000894776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000885248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000873272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000867328 _____ (Microsoft Corporation) C:\WINDOWS\system32

  etlogon.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000860672 _____ (Microsoft Corporation) C:\WINDOWS\system32

  etprofmsvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000859400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000857088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000828432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000805168 _____ (Microsoft Corporation) C:\WINDOWS\system32 cblaunch.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000802304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000781312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000763392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000763344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000756680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000732448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000716288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000712296 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000705008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000700376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

  etlogon.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000648712 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntimewindows.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000635840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntime.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000627200 _____ (Microsoft Corporation) C:\WINDOWS\system32?me.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.ConversationalAgent.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000603448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers

  etio.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_9.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000568632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32?c.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\IESettingSync.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000538952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000534536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000521088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000509792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000502584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

  2020-11-11 10:01 – 2020-11-11 10:01 – 000501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000495104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32

  tshrui.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000489128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000488056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000482120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtBopomofoDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000459264 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000454968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000453632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64?me.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000442168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000429712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000423224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DataModel.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000423224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000413208 _____ (Microsoft Corporation) C:\WINDOWS\system32 smf.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000410072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000409408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000382712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000380728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxDecoder.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

  tshrui.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64 smf.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AarSvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32

  etplwiz.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000303104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000288680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000286720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000260920 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000253016 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

  2020-11-11 10:01 – 2020-11-11 10:01 – 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32

  etprofm.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000228680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

  etplwiz.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000218936 _____ (Microsoft Corporation) C:\WINDOWS\system32 cbloader.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskpart.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000201536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000197632 _____ C:\WINDOWS\system32\IHDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000195144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_InkingTypingPrivacy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

  2020-11-11 10:01 – 2020-11-11 10:01 – 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000183808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskpart.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32

  etid.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000180040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32 rie.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPolEng.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdvancedEmojiDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.CredentialProvider.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000153912 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcl.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BrowserDeclutter.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32?i.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPolEng.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000133448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcl.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000132744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerApi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

  etid.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbnetlib.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000118600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000117064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000112640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HashtagDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbnetlib.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtAdvancedDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000104760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PktMon.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFAppServiceDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000098120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000095048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000092960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64?i.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32

  cobjapi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32 sgqec.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000070968 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInput.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000061760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInput.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amsi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

  cobjapi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64 sgqec.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32

  pmproxy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000042824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\gmsaclient.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gmsaclient.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys

  2020-11-11 10:01 – 2020-11-11 10:01 – 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32

  lmproxy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32

  si.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregtask.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000021320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32

  lmsprep.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000020280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe

  2020-11-11 10:01 – 2020-11-11 10:01 – 000020144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64

  si.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsregtask.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsiproxy.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

  2020-11-11 10:01 – 2020-11-11 10:01 – 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64 zres.dll

  2020-11-11 10:01 – 2020-11-11 10:01 – 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32 zres.dll

  2020-11-11 10:00 – 2020-11-11 10:00 – 003851776 _____ (Microsoft Corporation) C:\WINDOWS\system32 ellib.dll

  2020-11-11 10:00 – 2020-11-11 10:00 – 001819640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll

  2020-11-11 10:00 – 2020-11-11 10:00 – 000820552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll

  2020-11-11 10:00 – 2020-11-11 10:00 – 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000305472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000298808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000250176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers

  etvsc.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000195400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys

  2020-11-11 10:00 – 2020-11-11 10:00 – 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll

  2020-11-11 10:00 – 2020-11-11 10:00 – 000016136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys

  2020-11-11 09:53 – 2020-10-14 22:22 – 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

  2020-11-11 09:53 – 2020-10-14 22:14 – 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

  2020-11-07 08:56 – 2020-11-07 08:56 – 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

  2020-11-07 08:56 – 2020-11-07 08:56 – 000217600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

  2020-11-07 08:56 – 2020-11-07 08:56 – 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

  2020-11-07 08:56 – 2020-11-07 08:56 – 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

  2020-11-07 08:56 – 2020-11-07 08:56 – 000000648 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

  2020-11-07 08:56 – 2020-11-07 08:56 – 000000648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

  2020-11-07 08:56 – 2020-11-07 08:56 – 000000648 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

  2020-11-06 16:25 – 2020-11-06 16:25 – 003001283 _____ C:\WINDOWS\gethelp_audiotroubleshooter_latestpackage.zip

  2020-11-05 20:58 – 2020-11-05 20:58 – 000000020 ___SH C:\Users\( ACT UP IT GWAN )

  tuser.ini

  2020-11-05 20:58 – 2020-11-05 20:58 – 000000000 ____D C:\Users\( ACT UP IT GWAN )\AppData\Roaming\TeamViewer

  2020-10-30 21:46 – 2020-10-30 21:46 – 000000000 ____D C:\ProgramData\GOG.com

  2020-10-30 17:46 – 2020-10-30 17:46 – 000000871 _____ C:\Users\TwenTy20zOfHaze\Desktop\Phoenix Point.lnk

  2020-10-26 16:51 – 2020-10-26 16:51 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\Vortex

  2020-10-25 08:48 – 2020-10-25 08:48 – 000000577 _____ C:\Users\Public\Desktop\Total War – Shogun 2 – Gold Edition.lnk

  2020-10-25 08:48 – 2020-10-25 08:48 – 000000577 _____ C:\ProgramData\Desktop\Total War – Shogun 2 – Gold Edition.lnk

  2020-10-25 08:48 – 2020-10-25 08:48 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War – Shogun 2 – Gold Edition

  2020-10-23 16:57 – 2020-10-23 16:57 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server

  2020-10-23 16:57 – 2020-10-23 16:57 – 000000000 ____D C:\Program Files (x86)\Plex

  2020-10-21 21:40 – 2020-10-30 17:46 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game

  2020-10-21 21:40 – 2020-10-29 20:16 – 000000837 _____ C:\Users\TwenTy20zOfHaze\Desktop\Baldurs Gate 3.lnk

  2020-10-21 20:12 – 2020-10-21 20:12 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\IE

  ?

  ====================One month (modified)==================

  ?

  (If an entry is included in the fixlist, the file/folder will be moved.)

  ?

  2020-11-20 18:02 – 2019-06-01 14:15 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\Discord

  2020-11-20 18:02 – 2017-07-23 21:47 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\Azureus

  2020-11-20 18:01 – 2020-09-25 16:35 – 000000000 ____D C:\Users\TwenTy20zOfHaze

  2020-11-20 18:01 – 2020-06-24 15:49 – 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

  2020-11-20 18:01 – 2020-06-24 15:49 – 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

  2020-11-20 18:01 – 2020-06-24 15:49 – 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk

  2020-11-20 18:01 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\AppReadiness

  2020-11-20 18:01 – 2019-02-08 10:48 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\Origin

  2020-11-20 18:01 – 2019-02-08 10:48 – 000000000 ____D C:\ProgramData\Origin

  2020-11-20 18:01 – 2017-07-24 19:04 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server

  2020-11-20 18:01 – 2017-07-23 21:01 – 000000000 ____D C:\Program Files (x86)\Steam

  2020-11-20 18:01 – 2017-07-23 20:59 – 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

  2020-11-20 18:01 – 2017-07-23 20:59 – 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

  2020-11-20 18:01 – 2017-07-23 20:59 – 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk

  2020-11-20 18:00 – 2020-09-25 16:49 – 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

  2020-11-20 18:00 – 2020-09-25 16:34 – 000008192 ___SH C:\DumpStack.log.tmp

  2020-11-20 18:00 – 2019-12-07 04:14 – 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

  2020-11-20 18:00 – 2017-07-23 18:07 – 000000000 ____D C:\Program Files (x86)\TeamViewer

  2020-11-20 17:59 – 2020-09-25 16:34 – 000000000 ____D C:\WINDOWS\system32\SleepStudy

  2020-11-20 17:59 – 2019-12-27 18:25 – 000065536 _____ C:\WINDOWS\system32\spu_storage.bin

  2020-11-20 17:59 – 2019-12-07 04:03 – 000786432 _____ C:\WINDOWS\system32\config\BBI

  2020-11-20 17:59 – 2017-07-24 19:10 – 000000000 ____D C:\ProgramData\AVAST Software

  2020-11-20 17:57 – 2020-09-25 16:49 – 000003764 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier

  2020-11-20 17:57 – 2020-09-25 16:49 – 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

  2020-11-20 17:57 – 2020-09-25 16:49 – 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

  2020-11-20 17:57 – 2020-09-25 16:49 – 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

  2020-11-20 17:57 – 2020-09-25 16:49 – 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

  2020-11-20 17:57 – 2020-09-25 16:49 – 000002942 _____ C:\WINDOWS\system32\Tasks\CCleaner Update

  2020-11-20 17:57 – 2020-09-25 16:49 – 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3845270027-3515829751-4170900611-1010

  2020-11-20 17:57 – 2020-09-25 16:49 – 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3845270027-3515829751-4170900611-1000

  2020-11-20 17:57 – 2020-09-25 16:49 – 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0

  2020-11-20 17:57 – 2020-09-25 16:49 – 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask

  2020-11-20 17:57 – 2020-09-25 16:49 – 000002192 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC

  2020-11-20 17:57 – 2017-07-23 18:02 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\CrashDumps

  2020-11-20 17:42 – 2020-09-25 16:49 – 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software

  2020-11-20 17:30 – 2019-12-07 04:14 – 000000000 ___HD C:\Program Files\WindowsApps

  2020-11-20 17:30 – 2019-12-07 04:13 – 000000000 ____D C:\WINDOWS\INF

  2020-11-20 17:30 – 2019-02-08 10:49 – 000000000 ____D C:\Program Files (x86)\Origin

  2020-11-20 16:39 – 2020-09-25 16:45 – 000006034 _____ C:\WINDOWS\system32\PerfStringBackup.INI

  2020-11-20 16:37 – 2019-12-07 04:03 – 000000000 ____D C:\WINDOWS\CbsTemp

  2020-11-19 23:15 – 2020-10-14 15:38 – 000000000 ____D C:\WINDOWS\system32\AMD

  2020-11-19 23:15 – 2020-10-14 15:38 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool

  2020-11-19 23:15 – 2020-09-25 16:35 – 000000000 ____D C:\Users\Administrator

  2020-11-19 23:15 – 2020-09-25 16:35 – 000000000 ____D C:\Users\( ACT UP IT GWAN )

  2020-11-19 23:15 – 2019-12-27 18:22 – 000000000 ____D C:\Program Files\AMD

  2020-11-19 23:15 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\system32\Sysprep

  2020-11-19 23:15 – 2018-06-24 22:45 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE

  2020-11-19 23:15 – 2017-07-24 18:23 – 000000000 ____D C:\Program Files\Common Files\AV

  2020-11-19 23:15 – 2017-07-24 15:18 – 000000000 ____D C:\ProgramData\Package Cache

  2020-11-19 23:15 – 2017-07-23 21:01 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

  2020-11-19 23:13 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\registration

  2020-11-19 23:12 – 2017-07-23 20:58 – 000000000 ____D C:\Program Files (x86)\Google

  2020-11-19 20:22 – 2020-04-15 14:48 – 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll

  2020-11-19 20:22 – 2019-12-27 18:53 – 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll

  2020-11-19 20:22 – 2019-12-27 18:53 – 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll

  2020-11-19 20:22 – 2019-12-27 18:53 – 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll

  2020-11-19 20:22 – 2019-12-27 18:53 – 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll

  2020-11-19 20:22 – 2019-12-27 18:53 – 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe

  2020-11-19 20:18 – 2012-10-14 16:49 – 000000000 ____D C:\Intel

  2020-11-19 20:17 – 2020-09-25 16:49 – 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update

  2020-11-19 20:17 – 2017-07-24 19:13 – 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk

  2020-11-19 20:17 – 2017-07-24 19:13 – 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

  2020-11-19 20:17 – 2017-07-24 19:13 – 000002083 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk

  2020-11-19 20:16 – 2019-12-07 04:14 – 000000000 ___HD C:\WINDOWS\ELAMBKUP

  2020-11-19 20:16 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\ServiceState

  2020-11-19 18:08 – 2019-12-07 04:03 – 000032768 _____ C:\WINDOWS\system32\config\ELAM

  2020-11-19 17:59 – 2014-12-23 22:29 – 000000000 ____D C:\AdwCleaner

  2020-11-18 16:33 – 2018-06-21 23:37 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\D3DSCache

  2020-11-14 15:24 – 2018-04-15 12:57 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\PlaceholderTileLogoFolder

  2020-11-14 15:24 – 2018-01-19 14:25 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\Packages

  2020-11-14 14:51 – 2019-12-27 18:25 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\AMD

  2020-11-14 12:48 – 2018-07-03 04:55 – 000000000 ____D C:\ProgramData\Packages

  2020-11-11 14:02 – 2017-08-08 18:30 – 000000000 ____D C:\WINDOWS\system32\MRT

  2020-11-11 14:00 – 2020-03-22 13:06 – 000000000 ____D C:\AMD

  2020-11-11 13:57 – 2017-07-23 19:03 – 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

  2020-11-11 12:39 – 2020-09-13 16:18 – 000000000 ___DC C:\WINDOWS\Panther

  2020-11-11 12:39 – 2018-07-09 04:12 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\MPC-HC

  2020-11-11 12:39 – 2018-03-28 08:46 – 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk

  2020-11-11 12:39 – 2018-03-28 08:46 – 000000844 _____ C:\ProgramData\Desktop\Speccy.lnk

  2020-11-11 12:39 – 2017-07-25 12:46 – 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk

  2020-11-11 12:39 – 2017-07-25 12:46 – 000001150 _____ C:\ProgramData\Desktop\VLC media player.lnk

  2020-11-11 12:39 – 2017-07-23 21:02 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

  2020-11-11 12:39 – 2017-07-23 21:02 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

  2020-11-11 12:39 – 2017-07-23 20:58 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\Notepad++

  2020-11-11 12:39 – 2017-07-23 20:58 – 000000000 ____D C:\Program Files\Notepad++

  2020-11-11 12:38 – 2019-08-24 02:43 – 000000481 _____ C:\Users\Public\Desktop\CCleaner.lnk

  2020-11-11 12:38 – 2019-08-24 02:43 – 000000481 _____ C:\ProgramData\Desktop\CCleaner.lnk

  2020-11-11 12:29 – 2020-09-25 16:34 – 000442160 _____ C:\WINDOWS\system32\FNTCACHE.DAT

  2020-11-11 12:28 – 2019-12-07 04:54 – 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\SysWOW64\setup

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\SystemResources

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\system32\setup

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\system32\oobe

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\system32\migwiz

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\ShellExperiences

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\PolicyDefinitions

  2020-11-11 12:28 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\bcastdvr

  2020-11-11 10:01 – 2012-10-14 18:00 – 000413704 __RSH C:\bootmgr

  2020-11-11 10:00 – 2020-09-25 16:38 – 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

  2020-11-10 17:37 – 2019-02-12 11:11 – 000000000 _____ C:\Users\TwenTy20zOfHaze\AppData\LocalLow\rightsCheck_1.txt

  2020-11-10 17:12 – 2017-07-23 19:40 – 000000167 _____ C:\WINDOWS\win.ini

  2020-11-09 19:54 – 2018-06-19 10:34 – 002859457 _____ C:\Users\TwenTy20zOfHaze\AppData\Local\census.cache

  2020-11-09 19:52 – 2018-06-19 10:33 – 000476934 _____ C:\Users\TwenTy20zOfHaze\AppData\Local\ars.cache

  2020-11-08 09:55 – 2019-12-27 18:27 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\LocalLow\AMD

  2020-11-06 16:29 – 2018-03-10 09:59 – 000000000 ____D C:\WINDOWS\system32\Drivers\wd

  2020-11-06 16:19 – 2019-08-20 20:03 – 000000000 ____D C:\Users\( ACT UP IT GWAN )\AppData\Local\Origin

  2020-11-06 16:19 – 2019-03-23 12:54 – 000000000 ____D C:\Users\( ACT UP IT GWAN )\AppData\Local\D3DSCache

  2020-11-05 21:30 – 2019-06-21 23:49 – 000000000 ____D C:\Users\( ACT UP IT GWAN )\AppData\Local\NVIDIA Corporation

  2020-11-05 21:15 – 2019-06-21 23:49 – 000000000 ____D C:\Users\( ACT UP IT GWAN )\AppData\Local\Packages

  2020-11-05 20:58 – 2018-03-30 20:34 – 000000000 ___RD C:\Users\( ACT UP IT GWAN )\3D Objects

  2020-11-05 20:58 – 2016-11-20 13:54 – 000000000 __RHD C:\Users\Public\AccountPictures

  2020-11-05 16:18 – 2019-11-12 09:23 – 000000000 ____D C:\Program Files\Rockstar Games

  2020-11-05 16:18 – 2019-11-12 09:23 – 000000000 ____D C:\Program Files (x86)\Rockstar Games

  2020-10-30 14:42 – 2017-08-03 18:01 – 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

  2020-10-29 16:04 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\LiveKernelReports

  2020-10-29 14:53 – 2020-09-25 16:35 – 000002448 _____ C:\Users\TwenTy20zOfHaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

  2020-10-29 14:53 – 2015-10-20 11:01 – 000000000 ___RD C:\Users\TwenTy20zOfHaze\OneDrive

  2020-10-27 16:42 – 2020-06-13 12:56 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\Vortex

  2020-10-25 17:06 – 2017-07-26 18:43 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\MyPhoneExplorer

  2020-10-25 15:27 – 2019-08-27 17:49 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Roaming\Mp3tag

  2020-10-23 19:03 – 2019-12-07 04:14 – 000000000 ____D C:\WINDOWS\system32\NDF

  2020-10-23 18:06 – 2017-11-19 10:50 – 000000000 ____D C:\Users\TwenTy20zOfHaze\AppData\Local\ElevatedDiagnostics

  2020-10-21 20:19 – 2020-10-11 14:54 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baldurs Gate 3

  ?

  ====================Files in the root of some directories========

  ?

  2004-10-27 20:26 – 2012-08-31 05:34 – 004980736 ____H () C:\Users\Administrator

  tuser (1).dat

  2011-05-28 12:44 – 2012-10-12 17:25 – 015728640 _____ () C:\Users\TwenTy20zOfHaze\NTUSER (1).DAT

  2020-06-12 17:21 – 2020-06-19 08:01 – 000028672 _____ () C:\Users\TwenTy20zOfHaze\AppData\Roaming\crash.bin

  2017-07-23 21:10 – 2017-07-23 21:10 – 000225280 ____T (MultiMedia Soft) C:\Users\TwenTy20zOfHaze\AppData\Roaming\Microsoft\AdjMmsVista.dll

  2018-06-19 10:33 – 2020-11-09 19:52 – 000476934 _____ () C:\Users\TwenTy20zOfHaze\AppData\Local\ars.cache

  2018-06-19 10:34 – 2020-11-09 19:54 – 002859457 _____ () C:\Users\TwenTy20zOfHaze\AppData\Local\census.cache

  2018-06-19 10:10 – 2018-06-19 10:10 – 000000036 _____ () C:\Users\TwenTy20zOfHaze\AppData\Local\housecall.guid.cache

  2018-09-26 10:42 – 2018-09-26 10:42 – 000000000 _____ () C:\Users\TwenTy20zOfHaze\AppData\Local\oobelibMkey.log

  2018-06-14 03:13 – 2018-06-14 03:13 – 000007606 _____ () C:\Users\TwenTy20zOfHaze\AppData\Local\Resmon.ResmonCfg

  2018-06-19 10:19 – 2018-12-07 16:16 – 000000010 _____ () C:\Users\TwenTy20zOfHaze\AppData\Local\sponge.last.runtime.cache

  ?

  ====================FCheck================================

  ?

  (If an entry is included in the fixlist, the file/folder will be moved.)

  ?

  FCheck: C:\WINDOWS\system32\eac_usermode_1706514347614474.dll [2019-06-18] <====ATTENTION (zero byte File/Folder)

  ?

  ====================SigCheck============================

  ?

  (There is no automatic fix for files that do not pass verification.)

  ?

  ====================End of FRST.txt========================

  Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2020

  Ran by TwenTy20zOfHaze (20-11-2020 18:06:31)

  Running from C:\Users\TwenTy20zOfHaze\Desktop

  Windows 10 Pro Version 2009 19042.630 (X64) (2020-09-25 21:49:19)

  Boot Mode: Normal

  ==========================================================

  ?

  ?

  ====================Accounts:=============================

  ?

  Acit Up It Uh Gwan (S-1-5-21-3845270027-3515829751-4170900611-1018 – Limited – Enabled)

  ACT UP IT GWAN (S-1-5-21-3845270027-3515829751-4170900611-1010 – Limited – Enabled)=> C:\Users\( ACT UP IT GWAN )

  Administrator (S-1-5-21-3845270027-3515829751-4170900611-500 – Administrator – Enabled)=> C:\Users\Administrator

  ASPNET (S-1-5-21-3845270027-3515829751-4170900611-1015 – Limited – Enabled)

  DefaultAccount (S-1-5-21-3845270027-3515829751-4170900611-503 – Limited – Disabled)

  Guest (S-1-5-21-3845270027-3515829751-4170900611-501 – Administrator – Disabled)

  HomeGroupUser$ (S-1-5-21-3845270027-3515829751-4170900611-1014 – Limited – Enabled)

  TwenTy20zOfHaze (S-1-5-21-3845270027-3515829751-4170900611-1000 – Administrator – Enabled)=> C:\Users\TwenTy20zOfHaze

  WDAGUtilityAccount (S-1-5-21-3845270027-3515829751-4170900611-504 – Limited – Disabled)

  ?

  ====================Security Center========================

  ?

  (If an entry is included in the fixlist, it will be removed.)

  ?

  AV: Avast Antivirus (Enabled – Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

  AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  AV: Avast Antivirus (Enabled – Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

  AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

  AS: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  AS: Avast Antivirus (Enabled – Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

  ?

  ====================Installed Programs======================

  ?

  (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

  ?

  Adobe Acrobat XI Pro (HKLM-x32\…\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 – Adobe Systems)

  Adobe Flash Player 28 NPAPI (HKLM-x32\…\Adobe Flash Player NPAPI) (Version: 28.0.0.126 – Adobe Systems Incorporated)

  Adobe Flash Player 32 PPAPI (HKLM-x32\…\Adobe Flash Player PPAPI) (Version: 32.0.0.445 – Adobe)

  AMD Software (HKLM\…\AMD Catalyst Install Manager) (Version: 20.9.1 – Advanced Micro Devices, Inc.)

  AOMEI Partition Assistant Standard Edition 7.0 (HKLM-x32\…\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:? – AOMEI Technology Co., Ltd.)

  AORUS ENGINE (HKLM-x32\…\AORUS ENGINE_is1) (Version: 1.3.5 – GIGABYTE Technology Co.,Inc.)

  ASRPGT v1.0.2 (HKLM-x32\…\ASRock Phantom Gaming_is1) (Version: 1.0.2 – ASRock Inc.)

  Avast Free Antivirus (HKLM-x32\…\Avast Antivirus) (Version: 20.8.2432 – Avast Software)

  Baldurs Gate 3 [v4.1.84.2021 (41970)] (HKLM-x32\…\{188CE843-2CDE-4ED8-BFDC-8DA81DCAADED}_RePack_Ba~84B63155_is1) (Version:? – Larian Studios)

  Baldurs Gate 3 v.? 4.1.83.5246 (HKLM-x32\…\Baldurs Gate 3_is1) (Version:? – )

  Blaze Media Pro (HKLM-x32\…\{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}) (Version: 9.0 – Mystik Media) Hidden

  Blaze Media Pro (HKLM-x32\…\Blaze Media Pro) (Version: 9.0 – Mystik Media)

  Branding64 (HKLM\…\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 – Advanced Micro Devices, Inc.) Hidden

  Call to Arms (HKLM-x32\…\Call to Arms_is1) (Version:? – )

  Canon Easy-WebPrint EX (HKLM-x32\…\Easy-WebPrint EX) (Version: 1.7.0.0 – Canon Inc.)

  Canon IJ Network Scanner Selector EX (HKLM-x32\…\Canon_IJ_Network_Scanner_Selector_EX) (Version:? – ?Canon Inc.?)

  Canon IJ Network Tool (HKLM-x32\…\Canon_IJ_Network_UTILITY) (Version: 3.1.0 – Canon Inc.)

  Canon IJ Scan Utility (HKLM-x32\…\Canon_IJ_Scan_Utility) (Version:? – ?Canon Inc.?)

  Canon MG3200 series MP Drivers (HKLM\…\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 – Canon Inc.)

  Canon MG3200 series On-screen Manual (HKLM-x32\…\Canon MG3200 series On-screen Manual) (Version: 7.5.0 – Canon Inc.)

  Canon MG3200 series User Registration (HKLM-x32\…\Canon MG3200 series User Registration) (Version:? – Canon Inc.?)

  Canon My Printer (HKLM-x32\…\CanonMyPrinter) (Version: 3.0.0 – Canon Inc.)

  Canon Quick Menu (HKLM-x32\…\CanonQuickMenu) (Version: 2.0.0 – Canon Inc.)

  CCleaner (HKLM\…\CCleaner) (Version: 5.74 – Piriform)

  Cisco Webex Meetings (HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\…\ActiveTouchMeetingClient) (Version:? – Cisco Webex LLC)

  Core Temp 1.16 (HKLM\…\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 – ALCPU)

  DAEMON Tools Ultra (HKLM\…\DAEMON Tools Ultra) (Version: 4.1.0.0489 – Disc Soft Ltd)

  Dashlane (HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\…\Dashlane) (Version: 6.1923.0.20934 – Dashlane, Inc.)

  Discord (HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\…\Discord) (Version: 0.0.308 – Discord Inc.)

  Divinity: Original Sin 2 (HKLM-x32\…\Divinity: Original Sin 2_is1) (Version:? – )

  EaseUS Partition Master 12.9 (HKLM-x32\…\EaseUS Partition Master_is1) (Version:? – EaseUS)

  EaseUS Todo Backup Free 11.0 (HKLM-x32\…\EaseUS Todo Backup_is1) (Version: 11.0 – CHENGDU YIWO Tech Development Co., Ltd)

  Epic Games Launcher (HKLM-x32\…\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 – Epic Games, Inc.)

  Epic Games Launcher Prerequisites (x64) (HKLM\…\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

  Fallout 4 (HKLM-x32\…\Fallout 4_is1) (Version:? – )

  GameInput Redistributable (HKLM-x32\…\{5FAD63E8-8F1C-6687-0325-3BBF64B4FD89}) (Version: 10.1.19041.3918 – Microsoft Corporation)

  Ghost Recon Breakpoint (HKLM-x32\…\Uplay Install 11903) (Version:? – Ubisoft)

  Google Chrome (HKLM-x32\…\Google Chrome) (Version: 87.0.4280.66 – Google LLC)

  Google Update Helper (HKLM-x32\…\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 – Google LLC) Hidden

  Herramientas de corrección de Microsoft Office 2016: espa?ol (HKLM\…\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 – Microsoft Corporation) Hidden

  HxD Hex Editor version 1.7.7.0 (HKLM-x32\…\HxD Hex Editor_is1) (Version: 1.7.7.0 – Ma?l H?rz)

  Kingo ROOT version 1.5.8.3353 (HKLM-x32\…\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.8.3353 – )

  K-Lite Mega Codec Pack 14.5.2 (HKLM-x32\…\KLiteCodecPack_is1) (Version: 14.5.2 – KLCP)

  Launcher Prerequisites (x64) (HKLM-x32\…\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

  Logitech Unifying Software 2.50 (HKLM\…\Logitech Unifying) (Version: 2.50.25 – Logitech)

  LOOT version 0.12.5 (HKLM-x32\…\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.12.5 – LOOT Team)

  Macrium Reflect Free Edition (HKLM\…\{BEB683B6-371A-4A4A-BBFB-B145CA4FC7AA}) (Version: 7.1.3196 – Paramount Software (UK) Ltd.) Hidden

  Mafia 3 (HKLM-x32\…\Mafia 3_is1) (Version:? – )

  Malwarebytes version 4.2.3.96 (HKLM\…\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 – Malwarebytes)

  Medieval II Total War (HKLM-x32\…\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 – SEGA)

  Medieval II Total War : Kingdoms : Americas (HKLM-x32\…\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 – SEGA)

  Medieval II Total War : Kingdoms : Britannia (HKLM-x32\…\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 – SEGA)

  Medieval II Total War : Kingdoms : Crusades (HKLM-x32\…\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 – SEGA)

  Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\…\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 – SEGA)

  Microsoft .NET Framework 1.1 (HKLM-x32\…\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 – Microsoft)

  Microsoft Edge (HKLM-x32\…\Microsoft Edge) (Version: 86.0.622.69 – Microsoft Corporation)

  Microsoft Edge Update (HKLM-x32\…\Microsoft Edge Update) (Version: 1.3.137.99 – )

  Microsoft Office Professional Plus 2016 (HKLM\…\Office16.PROPLUS) (Version: 16.0.4266.1001 – Microsoft Corporation)

  Microsoft OneDrive (HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\…\OneDriveSetup.exe) (Version: 20.169.0823.0008 – Microsoft Corporation)

  Microsoft Silverlight (HKLM\…\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 – Microsoft Corporation)

  Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)

  Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 – Microsoft Corporation)

  Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 – Microsoft Corporation)

  Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\…\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 – Microsoft Corporation)

  Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\…\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 – Microsoft Corporation)

  Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)

  Microsoft Visual C++ 2010? x64 Redistributable – 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

  Microsoft Visual C++ 2010? x86 Redistributable – 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

  Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32\…\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

  Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32\…\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

  Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32\…\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)

  Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32\…\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)

  Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.25.28508 (HKLM-x32\…\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 – Microsoft Corporation)

  Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32\…\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)

  Microsoft Visual C++ 2017 Redistributable (x64) – 14.10.25008 (HKLM-x32\…\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 – Microsoft Corporation)

  Microsoft Visual C++ 2017 Redistributable (x86) – 14.10.25008 (HKLM-x32\…\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 – Microsoft Corporation)

  Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\…\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 – Microsoft)

  Microsoft Windows Desktop Runtime – 3.1.8 (x64) (HKLM-x32\…\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 – Microsoft Corporation)

  mp3Tag Pro 12 (HKLM-x32\…\mp3Tag Pro_is1) (Version:? – ManiacTools.com)

  Mp3tag v2.97 (HKLM-x32\…\Mp3tag) (Version: 2.97 – Florian Heidenreich)

  multibootusb (remove only) (HKLM-x32\…\multibootusb) (Version:? – )

  MyPhoneExplorer (HKLM-x32\…\MPE) (Version: 1.8.12 – F.J. Wechselberger)

  Neverwinter Nights 2 Complete (HKLM-x32\…\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 – GOG.com)

  Nexus Mod Manager (HKLM\…\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 – Black Tree Gaming)

  Notepad++ (64-bit x64) (HKLM\…\Notepad++) (Version: 7.9.1 – Notepad++ Team)

  NVIDIA PhysX (HKLM-x32\…\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 – NVIDIA Corporation)

  OpenAL (HKLM-x32\…\OpenAL) (Version:? – )

  Operation Flashpoint ?: Red River (HKLM-x32\…\{434D083E-7E9A-4D3A-914B-121000008100}) (Version: 1.0.0000.129 – Codemasters) Hidden

  Operation Flashpoint ?: Red River (HKLM-x32\…\GFWL_{434D083E-7E9A-4D3A-914B-121000008100}) (Version: 1.0.0000.129 – Codemasters)

  Origin (HKLM-x32\…\Origin) (Version: 10.5.88.45577 – Electronic Arts, Inc.)

  Outils de vérification linguistique 2016 de Microsoft Office – Fran?ais (HKLM\…\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 – Microsoft Corporation) Hidden

  PeerBlock 1.2 (r693) (HKLM\…\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 – PeerBlock, LLC)

  Phoenix Point [v1.7.62880] (HKLM-x32\…\{188CE843-2CDE-4ED8-BFDC-8DA81DCAADED}_RePack_Ph~E0F6C703_is1) (Version:? – Snapshot Games)

  Plex Media Server (HKLM-x32\…\{51bae955-d4ad-4b52-a4bf-20412a1561db}) (Version: 1.20.3.3483 – Plex, Inc.)

  Plex Media Server (HKLM-x32\…\{9203fc01-57c0-4cc8-858d-92911b5142de}) (Version: 1.15.3.876 – Plex, Inc.)

  Plex Media Server (HKLM-x32\…\{B1A3A437-AD8B-4E36-9112-8F6F6C436792}) (Version: 1.20.3483 – Plex, Inc.) Hidden

  Red Dead Redemption 2 (HKLM-x32\…\Red Dead Redemption 2) (Version: 1.0.1311.27 – Rockstar Games)

  Rockstar Games Launcher (HKLM-x32\…\Rockstar Games Launcher) (Version: 1.0.31.304 – Rockstar Games)

  Rockstar Games Social Club (HKLM-x32\…\Rockstar Games Social Club) (Version: 2.0.7.4 – Rockstar Games)

  Samsung USB Driver for Mobile Phones (HKLM\…\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 – Samsung Electronics Co., Ltd.)

  SmartPad SoftWare 2.0.0.1_X08(x64) (HKLM\…\Elan) (Version: 2.0.0.1 – ELAN Microelectronics Corp.)

  Speccy (HKLM\…\Speccy) (Version: 1.32 – Piriform)

  Steam (HKLM-x32\…\Steam) (Version: 2.10.91.91 – Valve Corporation)

  Stopping Plex (HKLM-x32\…\{CC031ED4-8572-49F7-B497-138176CEC5FB}) (Version: 1.20.3483 – Plex, Inc.) Hidden

  TeamViewer (HKLM-x32\…\TeamViewer) (Version: 15.11.6 – TeamViewer)

  The Sims 4 (HKLM-x32\…\The Sims 4_is1) (Version:? – )

  The Sims? 4 (HKLM-x32\…\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.64.84.1020 – Electronic Arts Inc.)

  Third Age – Total War 3.0 (Part 1of2) (HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\…\Third Age – Total War 3.0 (Part 1of2)) (Version:? – )

  Third Age – Total War 3.0 (Part 2of2) (HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\…\Third Age – Total War 3.0 (Part 2of2)) (Version:? – )

  Tom Clancy’s The Division 2 (HKLM-x32\…\Uplay Install 4932) (Version:? – Ubisoft)

  Total War – WARHAMMER II v. 1.8.2 (HKLM-x32\…\Total War – WARHAMMER II_is1) (Version:? – )

  Total War: Shogun 2 – Gold Edition (HKLM-x32\…\Total War: Shogun 2 – Gold Edition_is1) (Version:? – )

  Update for Skype for Business 2016 (KB4486710) 64-Bit Edition (HKLM\…\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1998D5DD-00AD-417C-9118-5274F24CB09E}) (Version:? – Microsoft)

  Update for Skype for Business 2016 (KB4486710) 64-Bit Edition (HKLM\…\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1998D5DD-00AD-417C-9118-5274F24CB09E}) (Version:? – Microsoft)

  Update for Skype for Business 2016 (KB4486710) 64-Bit Edition (HKLM\…\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1998D5DD-00AD-417C-9118-5274F24CB09E}) (Version:? – Microsoft)

  Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\…\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 – Microsoft Corporation)

  Uplay (HKLM-x32\…\Uplay) (Version: 84.0 – Ubisoft)

  VLC media player (HKLM-x32\…\VLC media player) (Version: 3.0.11 – VideoLAN)

  Vortex (HKLM\…\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.2.16 – Black Tree Gaming Ltd.)

  Vulkan Run Time Libraries 1.1.70.0 (HKLM\…\VulkanRT1.1.70.0) (Version: 1.1.70.0 – LunarG, Inc.) Hidden

  Vuze (HKLM\…\8461-7759-5462-8226) (Version: 5.7.6.0 – Azureus Software, Inc.)

  Winamp (HKLM-x32\…\Winamp) (Version: 5.8? – Winamp SA)

  WinRAR 5.70 (64-bit) (HKLM\…\WinRAR archiver) (Version: 5.70.0 – win.rar GmbH)

  WinRAR 5.91 (32-bit) (HKLM-x32\…\WinRAR archiver) (Version: 5.91.0 – win.rar GmbH)

  WinWay Resume Deluxe (HKLM-x32\…\{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}) (Version: 12.00.019 – WinWay Corporation)

  ?

  Packages:

  =========

  Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-11-19] (Autodesk Inc.)

  Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-11-19] (Canon Inc.)

  HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-19] (HP Inc.)

  Intel? Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.2970.0_x64__8j3eq9eme6ctt [2020-11-19] (INTEL CORP) [Startup Task]

  Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-19] (Microsoft Corporation) [MS Ad]

  Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-19] (Microsoft Corporation) [MS Ad]

  Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-19] (Microsoft Studios) [MS Ad]

  Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-11-19] (Netflix, Inc.)

  Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-19] (Microsoft Corporation)

  Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2020-11-19] (Realtek Semiconductor Corp)

  Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-11-19] (Twitter Inc.)

  ?

  ====================Custom CLSID (Whitelisted):==============

  ?

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  ?

  ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24}=> C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7}=>? -> No File

  ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593}=> C:\Program Files\Notepad++\NppShell_06.dll [2020-11-01] (Notepad++ -> )

  ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24}=> C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12}=> F:\MP3Tag\Mp3tagShell64.dll [2019-07-15] (Florian Heidenreich) [File not signed]

  ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF}=> C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]

  ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}=>? -> No File

  ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55}=>? -> No File

  ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA}=> C:\Program Files (x86)\WinRAR\rarext64.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

  ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}=> C:\Program Files (x86)\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

  ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12}=> F:\MP3Tag\Mp3tagShell64.dll [2019-07-15] (Florian Heidenreich) [File not signed]

  ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}=>? -> No File

  ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55}=>? -> No File

  ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24}=> C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3}=> F:\MalwareBytes\mbshlext.dll [2020-11-07] (Malwarebytes Corporation -> Malwarebytes)

  ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12}=> F:\MP3Tag\Mp3tagShell64.dll [2019-07-15] (Florian Heidenreich) [File not signed]

  ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55}=>? -> No File

  ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000}=> F:\AMD Radeon\CNext\CNext\atiacm64.dll [2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

  ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7}=>? -> No File

  ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24}=> C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-20] (Avast Software s.r.o. -> AVAST Software)

  ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3}=> F:\MalwareBytes\mbshlext.dll [2020-11-07] (Malwarebytes Corporation -> Malwarebytes)

  ContextMenuHandlers6-x32: [SxContextMenuPro] -> {AE0FB986-4A9D-45B5-B434-112DB79BF518}=> F:\MP3Tag Pro ag_menu.dll [2008-12-23] () [File not signed]

  ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA}=> C:\Program Files (x86)\WinRAR\rarext64.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

  ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}=> C:\Program Files (x86)\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

  ?

  ====================Codecs (Whitelisted)====================

  ?

  (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

  ?

  HKLM\…\Drivers32: [VIDC.X264]=> C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]

  HKLM\…\Drivers32: [VIDC.LAGS]=> C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed]

  HKLM\…\Drivers32: [VIDC.XVID]=> C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]

  HKLM\…\Drivers32: [msacm.ac3acm]=> C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]

  HKLM\…\Drivers32: [VIDC.X264]=> C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]

  HKLM\…\Drivers32: [VIDC.LAGS]=> C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]

  HKLM\…\Drivers32: [VIDC.XVID]=> C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]

  HKLM\…\Drivers32: [msacm.ac3acm]=> C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

  HKLM\…\Drivers32: [VIDC.FFDS]=> C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

  ?

  ====================Shortcuts & WMI========================

  ?

  (The entries could be listed to be restored or removed.)

  ?

  Shortcut: C:\Users\TwenTy20zOfHaze\Desktop\Divide & Conquer.lnk -> F:\Sega\Medieval II Total War\mods\Divide_and_Conquer\DaC.bat ()

  Shortcut: C:\Users\TwenTy20zOfHaze\Desktop\Third Age – Total War.lnk -> F:\Sega\Medieval II Total War\mods\Third_Age_3\Third Age.bat ()

  Shortcut: C:\Users\TwenTy20zOfHaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age – Total War 3.0 (Part 2of2)\Third Age – Total War.lnk -> F:\Sega\Medieval II Total War\mods\Third_Age_3\Third Age.bat ()

  ShortcutWithArgument: C:\Users\TwenTy20zOfHaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\__MSG_b’2714752802779336020’__.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->? –profile-directory=Default –app-id=fahmaaghhglfmonjliepjlchgpgfmobi

  ?

  ====================Loaded Modules (Whitelisted)=============

  ?

  2020-10-23 16:57 – 2020-10-23 16:57 – 000629760 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\aac_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000336384 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\ac3_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000394752 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\ac3_encoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000608256 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\dca_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 001559040 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\h264_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000818688 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\hevc_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 001800704 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\libx264_encoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000579072 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\mp3_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000561152 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\mpeg2video_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 001268224 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\mpeg4_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 001497600 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\msmpeg4v3_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 001794048 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\rv40_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000287232 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86 heora_decoder.dll

  2020-10-23 16:57 – 2020-10-23 16:57 – 000290816 _____ () [File not signed] \\?\C:\Users\TwenTy20zOfHaze\AppData\Local\Plex Media Server\Codecs\02cff92-3522-windows-x86\wmav2_decoder.dll

  2019-02-08 10:49 – 2020-10-29 14:50 – 000015360 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL.DLL

  2019-02-08 10:49 – 2020-10-29 14:50 – 003090944 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2.dll

  2018-06-13 23:08 – 2014-02-13 14:27 – 000113166 _____ () [File not signed] D:\EaseUS Partition Master 12.9\bin\TrayPopupE\zlib1.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000017920 _____ () [File not signed] F:\AMD Radeon\CNext\CNext\libEGL.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 003567616 _____ () [File not signed] F:\AMD Radeon\CNext\CNext\libGLESv2.dll

  2020-11-04 21:25 – 2020-11-04 21:25 – 001583104 _____ (Advanced Micro Devices, Inc.) [File not signed] F:\AMD Radeon\WVR\OpenVR\bin\win64\driver_amdwvr.dll

  2017-10-12 17:08 – 2012-03-26 16:32 – 000312320 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL

  2017-10-12 16:57 – 2012-03-28 12:01 – 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL

  2018-06-13 23:08 – 2014-02-13 14:27 – 000275528 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] D:\EaseUS Partition Master 12.9\bin\TrayPopupE\libcurl.dll

  2018-06-13 23:08 – 2014-02-13 14:27 – 000222792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] D:\EaseUS Partition Master 12.9\bin\TrayPopupE raynet.dll

  2018-06-13 23:08 – 2014-02-13 14:27 – 000249928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] D:\EaseUS Partition Master 12.9\bin\TrayPopupE?r.dll

  2017-03-19 08:34 – 2017-03-19 08:34 – 000097280 _____ (Eclipse Foundation) [File not signed] C:\Users\TwenTy20zOfHaze\.swt\lib\win32\x86_64\swt-gdip-win32-4716.dll

  2017-03-19 08:34 – 2017-03-19 08:34 – 000638976 _____ (Eclipse Foundation) [File not signed] C:\Users\TwenTy20zOfHaze\.swt\lib\win32\x86_64\swt-win32-4716.dll

  2019-07-15 04:24 – 2019-07-15 04:24 – 000424448 _____ (Florian Heidenreich) [File not signed] F:\MP3Tag\Mp3tagShell64.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll

  2019-02-08 10:49 – 2020-10-29 14:50 – 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll

  2019-02-08 10:49 – 2020-10-29 14:50 – 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qgif.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qico.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000256512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qjpeg.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtga.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000305152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtiff.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

  2019-02-08 10:49 – 2020-10-29 14:50 – 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 003513344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 054071296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll

  2020-11-20 17:30 – 2020-10-29 14:50 – 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000031744 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qgif.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000039424 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qicns.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000031744 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qico.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000413696 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qjpeg.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000025088 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qsvg.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000025088 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qtga.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000023552 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qwbmp.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000519168 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\imageformats\qwebp.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 001431040 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\platforms\qwindows.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 001180672 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\sqldrivers\qsqlite.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000135680 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\plugins\styles\qwindowsvistastyle.dll

  2020-11-04 21:33 – 2020-11-04 21:33 – 006010880 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Core.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 006345216 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Gui.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 001078272 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Network.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000313856 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Positioning.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 004000256 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Qml.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 003802624 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Quick.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000171008 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5QuickControls2.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 001083904 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5QuickTemplates2.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000205312 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Sql.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000329728 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Svg.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000113152 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5WebChannel.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000376320 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5WebEngine.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 092323328 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5WebEngineCore.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 005560832 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Widgets.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000463360 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5WinExtras.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000188416 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5Xml.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 002888704 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\Qt5XmlPatterns.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000053760 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000059392 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000017408 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtQuick.2\qtquick2plugin.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000287232 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000329216 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000136192 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000089088 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000312320 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll

  2020-07-27 10:18 – 2020-07-27 10:18 – 000017920 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtQuick\Window.2\windowplugin.dll

  2020-11-04 21:33 – 2020-11-04 21:33 – 000085504 _____ (The Qt Company Ltd.) [File not signed] F:\AMD Radeon\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

  ?

  ====================Alternate Data Streams (Whitelisted)========

  ?

  ====================Safe Mode (Whitelisted)==================

  ?

  (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

  ?

  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService=> “”=”Service”

  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService=> “”=”Service”

  ?

  ====================Association (Whitelisted)=================

  ?

  ====================Internet Explorer (Whitelisted)==========

  ?

  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=about:blank

  HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\Software\Microsoft\Internet Explorer\Main,Start Page=hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP

  BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2020-10-13] (Microsoft Corporation -> Microsoft Corporation)

  BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)

  BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)

  BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2020-10-13] (Microsoft Corporation -> Microsoft Corporation)

  BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)

  BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\TwenTy20zOfHaze\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2019-06-04] (Dashlane USA, Inc. -> Dashlane, Inc.)

  BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)

  BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  Toolbar: HKLM – Canon Easy-WebPrint EX – {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} – C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

  Toolbar: HKLM – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  Toolbar: HKLM-x32 – Canon Easy-WebPrint EX – {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} – C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

  Toolbar: HKLM-x32 – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  Toolbar: HKLM-x32 – Dashlane Toolbar – {669695BC-A811-4A9D-8CDF-BA8C795F261C} – C:\Users\TwenTy20zOfHaze\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2019-06-04] (Dashlane USA, Inc. -> Dashlane, Inc.)

  Toolbar: HKU\S-1-5-21-3845270027-3515829751-4170900611-1000 -> Canon Easy-WebPrint EX – {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} – C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

  Handler: mso-minsb.16 – {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} – C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

  Handler-x32: mso-minsb.16 – {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} – C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

  Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

  Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

  ?

  ====================Hosts content:=========================

  ?

  (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

  ?

  2017-07-23 19:41 – 2020-06-19 12:46 – 000001766 _____ C:\WINDOWS\system32\drivers\etc\hosts

  109.94.209.70? ? ? fitgirlrepacks.co? ? ? ? ? ? ? ?# Fake FitGirl site

  109.94.209.70? ? ? fitgirl-repacks.cc? ? ? ? ? ? ? # Fake FitGirl site

  109.94.209.70? ? ? fitgirl-repack.com? ? ? ? ? ? ? # Fake FitGirl site

  109.94.209.70? ? ? fitgirl-repacks.website? ? ? ? ?# Fake FitGirl site

  109.94.209.70? ? ? www.fitgirlrepacks.co? ? ? ? ? ?# Fake FitGirl site

  109.94.209.70? ? ? www.fitgirl-repacks.cc? ? ? ? ? # Fake FitGirl site

  109.94.209.70? ? ? www.fitgirl-repack.com? ? ? ? ? # Fake FitGirl site

  109.94.209.70? ? ? www.fitgirl-repacks.website? ? ?# Fake FitGirl site

  109.94.209.70? ? ? ww9.fitgirl-repacks.xyz? ? ? ? ?# Fake FitGirl site

  109.94.209.70? ? ? *.fitgirl-repacks.xyz? ? ? ? ? ?# Fake FitGirl site

  109.94.209.70? ? ? fitgirl-repacks.xyz? ? ? ? ? ? ?# Fake FitGirl site

  109.94.209.70? ? ? fitgirl-repack.net? ? ? ? ? ? ? # Fake FitGirl site

  109.94.209.70? ? ? www.fitgirl-repack.net? ? ? ? ? # Fake FitGirl site

  ?

  ====================Other Areas===========================

  ?

  (Currently there is no automatic fix for this section.)

  ?

  HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\

  HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TwenTy20zOfHaze\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

  DNS Servers: 192.168.1.1

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System=> (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer=> (SmartScreenEnabled: Off)

  Windows Firewall is enabled.

  ?

  ====================MSCONFIG/TASK MANAGER disabled items==

  ?

  (If an entry is included in the fixlist, it will be removed.)

  ?

  HKLM\…\StartupApproved\Run32:=> “Acrobat Assistant 8.0”

  HKLM\…\StartupApproved\Run32:=> “CanonQuickMenu”

  HKU\S-1-5-21-3845270027-3515829751-4170900611-1000\…\StartupApproved\Run:=> “OneDrive”

  ?

  ====================FirewallRules (Whitelisted)================

  ?

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  ?

  FirewallRules: [{E985BAF4-58F0-4C65-BDD9-84F9D71107CF}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [{E206D62D-FD03-4917-92BC-769C95C0EC5D}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [{E99A36DC-1517-4EA6-ADA1-49C733D98096}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [{70BE65B4-BEBC-42B0-AF3B-3582EC7D4064}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [UDP Query User{9364BF9B-2841-4329-B17A-6915A2A3ED23}F:\sega otalwarsagatroy roy.exe]=> (Allow) F:\sega otalwarsagatroy roy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)

  FirewallRules: [TCP Query User{B75A2D44-0C64-49DD-8C18-1002DBF24078}F:\sega otalwarsagatroy roy.exe]=> (Allow) F:\sega otalwarsagatroy roy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)

  FirewallRules: [{D34ACD18-57A2-4410-8863-D97FD4ACDBFD}]=> (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call to Arms\binaries\x64\call_to_arms.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [{91092498-589F-4E25-AFC7-DB5FA6D79C5A}]=> (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call to Arms\binaries\x64\call_to_arms.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [{5DB70232-36A6-4CA5-A3A4-4E13B2F32981}]=> (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call to Arms\binaries\x64\call_to_arms_ed.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [{DE606563-703A-44B0-993F-C796C95594D0}]=> (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call to Arms\binaries\x64\call_to_arms_ed.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [{0FFEEC5B-4E86-4A83-AEC0-3CC9D551B639}]=> (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

  FirewallRules: [{52888DE3-CDB3-464C-95F5-1B7084E2E22F}]=> (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

  FirewallRules: [{38DEEBFF-D7BF-4068-BB6A-39E484310EE9}]=> (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

  FirewallRules: [{D66B9977-1CE0-4DD5-A5ED-65A84ACD95D0}]=> (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

  FirewallRules: [UDP Query User{F31804C1-D0F2-47E5-816F-AC2E28938C5F}F:\divinity – original sin 2\defed\bin\eocapp.exe]=> (Allow) F:\divinity – original sin 2\defed\bin\eocapp.exe (Larian Studios -> )

  FirewallRules: [TCP Query User{21F0EE58-17A9-49BC-9893-2B8314BEED0A}F:\divinity – original sin 2\defed\bin\eocapp.exe]=> (Allow) F:\divinity – original sin 2\defed\bin\eocapp.exe (Larian Studios -> )

  FirewallRules: [UDP Query User{F8ACCA3D-ED98-49EC-ABA2-D8BEFBFDFE78}F: otal war – warhammer ii\warhammer2.exe]=> (Allow) F: otal war – warhammer ii\warhammer2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) [File not signed]

  FirewallRules: [TCP Query User{233313B6-F8D2-43E3-A199-6951AD7C0872}F: otal war – warhammer ii\warhammer2.exe]=> (Allow) F: otal war – warhammer ii\warhammer2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) [File not signed]

  FirewallRules: [UDP Query User{EDF6CC79-ECE1-4D3B-9301-DBF1790FB22D}F:\gtav\gta5.exe]=> (Allow) F:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

  FirewallRules: [TCP Query User{58B5ED56-17D7-41C9-BEFF-57B16432F7BF}F:\gtav\gta5.exe]=> (Allow) F:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)

  FirewallRules: [UDP Query User{BBBF8497-6DCC-48D1-8558-554E32ABF4A5}F:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe]=> (Allow) F:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe (Saber Interactive) [File not signed]

  FirewallRules: [TCP Query User{28BB3D5E-D51E-495F-8060-C5F8AAF323FF}F:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe]=> (Allow) F:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe (Saber Interactive) [File not signed]

  FirewallRules: [UDP Query User{4E87A92E-2ADB-4241-A2DD-9A5F92FC6E93}C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe]=> (Block) C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe (Electronic Arts Inc.) [File not signed]

  FirewallRules: [TCP Query User{3EFC3FB2-1F94-4FF3-A898-5FA9F512713C}C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe]=> (Block) C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe (Electronic Arts Inc.) [File not signed]

  FirewallRules: [UDP Query User{168DA3B5-E56A-4DCF-A6DE-4F656176EEE5}C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe]=> (Allow) C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe (Electronic Arts Inc.) [File not signed]

  FirewallRules: [TCP Query User{4397FAD8-E91D-41F2-A38C-880C5CCB7BF7}C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe]=> (Allow) C:\program files (x86) he sims 4\game-cracked\bin s4_x64.exe (Electronic Arts Inc.) [File not signed]

  FirewallRules: [UDP Query User{445B6478-AA13-4733-A383-F2FA50B4A79C}F:\ghost recon breakpoint\grb.exe]=> (Allow) F:\ghost recon breakpoint\grb.exe (UBISOFT ENTERTAINMENT INC. -> )

  FirewallRules: [TCP Query User{27C5847C-6AF9-4885-93C3-6F54FCB0BA2E}F:\ghost recon breakpoint\grb.exe]=> (Allow) F:\ghost recon breakpoint\grb.exe (UBISOFT ENTERTAINMENT INC. -> )

  FirewallRules: [{BA8BE59D-F072-4B13-8743-DE60BCE673E3}]=> (Allow) F:\Ghost Recon Breakpoint\GRB_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

  FirewallRules: [{1BDF2A03-BCC3-4228-80DB-752CEDD51280}]=> (Allow) F:\Ghost Recon Breakpoint\GRB_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

  FirewallRules: [UDP Query User{D152E3AC-5037-40E0-A12F-AA0C8962644B}F:\rockstar games launcher\red dead redemption 2\rdr2.exe]=> (Allow) F:\rockstar games launcher\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)

  FirewallRules: [TCP Query User{6574EFE0-3BC4-4C0C-A114-E36004308951}F:\rockstar games launcher\red dead redemption 2\rdr2.exe]=> (Allow) F:\rockstar games launcher\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)

  FirewallRules: [UDP Query User{424A2095-1D3A-4074-B2BF-8372FF9655BB}C:\program files (x86)\steam\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe]=> (Allow) C:\program files (x86)\steam\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [TCP Query User{0DB20444-1686-46B1-94CA-CFC0B90BF0BE}C:\program files (x86)\steam\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe]=> (Allow) C:\program files (x86)\steam\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [UDP Query User{1EB1319C-0EC1-4175-8F96-B4C5B27A80B0}F:\ghost recon breakpoint\grb_upp.exe]=> (Allow) F:\ghost recon breakpoint\grb_upp.exe (UBISOFT ENTERTAINMENT INC. -> )

  FirewallRules: [TCP Query User{9EA753C9-5ECA-401B-BD09-03806CB332A6}F:\ghost recon breakpoint\grb_upp.exe]=> (Allow) F:\ghost recon breakpoint\grb_upp.exe (UBISOFT ENTERTAINMENT INC. -> )

  FirewallRules: [{B1F55793-D3DA-41CC-BAB3-46C97EAD941F}]=> (Allow) F:\Winamp\winamp.exe (Winamp SA -> Winamp SA)

  FirewallRules: [{29EC3B0D-11B7-42D4-B069-000E086AA84D}]=> (Allow) F:\Winamp\winamp.exe (Winamp SA -> Winamp SA)

  FirewallRules: [{728589AD-2A20-41A1-9381-E84E7B0C83BE}]=> (Allow) F:\EaseUs\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

  FirewallRules: [{5FD61806-9730-4FC9-9ED2-630B1A6E534A}]=> (Allow) F:\EaseUs\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

  FirewallRules: [{491A2A85-3E05-4E3D-A270-674777E92631}]=> (Allow) F:\EaseUs\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

  FirewallRules: [{6FD7AFF4-74AC-4632-8DE8-EB33EAF7809F}]=> (Allow) F:\EaseUs\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

  FirewallRules: [UDP Query User{38BFF239-FD74-4576-945A-0335A4D11779}D: otal war – shogun 2 – gold edition\shogun2.exe]=> (Allow) D: otal war – shogun 2 – gold edition\shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd) [File not signed]

  FirewallRules: [TCP Query User{5B9FF235-DABF-4C53-AB20-77516CFA47C9}D: otal war – shogun 2 – gold edition\shogun2.exe]=> (Allow) D: otal war – shogun 2 – gold edition\shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd) [File not signed]

  FirewallRules: [{4E7C498F-3082-49CC-B6D4-5CB25A70A116}]=> (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

  FirewallRules: [{FE9A6985-BFB9-46E2-834C-3DFE742A42C5}]=> (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

  FirewallRules: [TCP Query User{6DAAC90F-C02A-4DAF-B9CF-73C186011E55}C:\program files\vuze\azureus.exe]=> (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)

  FirewallRules: [UDP Query User{3A784CC4-44A4-496E-949E-FB63CA4F4953}C:\program files\vuze\azureus.exe]=> (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)

  FirewallRules: [TCP Query User{3B1D244B-B4AD-4C70-82A3-9D1F436D8D74}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe]=> (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)

  FirewallRules: [UDP Query User{479A415E-1A33-4182-8947-ADF5FBBAE823}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe]=> (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)

  FirewallRules: [TCP Query User{F6CC1839-ADA6-40AD-8D4F-1DDBF7CBC099}D:\men of war assault squad 2 – men of war origins\mowas_2.exe]=> (Allow) D:\men of war assault squad 2 – men of war origins\mowas_2.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [UDP Query User{9C3D16BC-07EB-41B8-B41B-B744273D7DFC}D:\men of war assault squad 2 – men of war origins\mowas_2.exe]=> (Allow) D:\men of war assault squad 2 – men of war origins\mowas_2.exe (Digitalmindsoft) [File not signed]

  FirewallRules: [{9B3BF7AC-B18D-46AC-B531-8CB4C0474DD8}]=> (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)

  FirewallRules: [{D01E223F-33BC-4B02-92E4-FD13170B1D89}]=> (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)

  FirewallRules: [TCP Query User{22FEF661-CD34-40F9-B136-B217E1812DE2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe]=> (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)

  FirewallRules: [UDP Query User{BA9CFED6-F394-4CBF-AF14-38EE844681D5}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe]=> (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)

  FirewallRules: [TCP Query User{7CA49837-85E2-4B6E-B8B6-E77F29F2BC1F}D:\fallout 4\fallout4.exe]=> (Allow) D:\fallout 4\fallout4.exe (Bethesda Softworks) [File not signed]

  FirewallRules: [UDP Query User{F4D24638-DF62-44C4-91F1-2C826F01AC91}D:\fallout 4\fallout4.exe]=> (Allow) D:\fallout 4\fallout4.exe (Bethesda Softworks) [File not signed]

  FirewallRules: [{794DC8F8-4938-4261-AB61-6F5F940C4089}]=> (Block) D:\fallout 4\fallout4.exe (Bethesda Softworks) [File not signed]

  FirewallRules: [{EC6FEB05-7224-4ECE-87A2-02FF4236551A}]=> (Block) D:\fallout 4\fallout4.exe (Bethesda Softworks) [File not signed]

  FirewallRules: [TCP Query User{3374682E-634F-438B-83D5-87D18A5735AE}F:\aorus engine\aorus.exe]=> (Allow) F:\aorus engine\aorus.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)

  FirewallRules: [UDP Query User{5E2CF56D-D655-4E71-B3E7-4556E45A8EB6}F:\aorus engine\aorus.exe]=> (Allow) F:\aorus engine\aorus.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)

  FirewallRules: [{38C05886-735A-469C-A869-F1BB8B66C299}]=> (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{FBE3A45E-874C-4444-837A-0BA61A8AA010}]=> (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{69158D5D-BAC4-458A-8312-958DF5EC76BE}]=> (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{61A54331-BACA-4CF7-8648-53999E1DBD66}]=> (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{68A0B46E-5B93-4637-8016-2B0E38FF16A7}]=> (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

  FirewallRules: [{C9DC1AA0-1036-420F-B4AF-24B6808F78C7}]=> (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

  FirewallRules: [{5B0ACD00-26E5-4715-B923-1BB5E35D45EF}]=> (Allow) C:\Program Files (x86)\Codemasters\Operation Flashpoint Red River\RedRiver.exe (Codemasters Software Company Limited -> Codemasters Software Company Limited)

  FirewallRules: [{F1CB55BF-5B86-469F-93EE-553290E3FE53}]=> (Allow) C:\Program Files (x86)\Codemasters\Operation Flashpoint Red River\RedRiver.exe (Codemasters Software Company Limited -> Codemasters Software Company Limited)

  FirewallRules: [{29B24920-9A76-4169-9BC9-0896BD5FC043}]=> (Allow) C:\Program Files (x86)\Codemasters\Operation Flashpoint Red River\RedRiverLauncher.exe (Sony DADC Austria AG -> Sony DADC Austria AG)

  FirewallRules: [{1A7E7C54-192D-4207-A359-FE758BD97C63}]=> (Allow) C:\Program Files (x86)\Codemasters\Operation Flashpoint Red River\RedRiverLauncher.exe (Sony DADC Austria AG -> Sony DADC Austria AG)

  FirewallRules: [{5E7CA0D2-7D67-41B1-A1C4-C445A9573A10}]=> (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)

  FirewallRules: [{C8D4F1D1-45FA-4DF0-9D3A-1B90A91EACA0}]=> (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)

  FirewallRules: [TCP Query User{3111F2C8-F27F-4882-8EC5-94881A0104D7}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe]=> (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)

  FirewallRules: [UDP Query User{386824AE-C245-4473-90A4-F8EC683A5E6A}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe]=> (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)

  FirewallRules: [TCP Query User{E3ECACEA-C953-4E26-8A20-3D414A7AC393}F:\baldurs gate 3\bin\bg3.exe]=> (Block) F:\baldurs gate 3\bin\bg3.exe=> No File

  FirewallRules: [UDP Query User{784DDEA2-8C66-430E-AA65-9B22D8FD737D}F:\baldurs gate 3\bin\bg3.exe]=> (Block) F:\baldurs gate 3\bin\bg3.exe=> No File

  FirewallRules: [TCP Query User{7A73BF30-70C3-4536-9FEC-8D49276D74C2}F:\baldurs gate 3\bin\bg3_dx11.exe]=> (Block) F:\baldurs gate 3\bin\bg3_dx11.exe=> No File

  FirewallRules: [UDP Query User{F8629D72-D906-4F41-9355-A8DE8540BEC2}F:\baldurs gate 3\bin\bg3_dx11.exe]=> (Block) F:\baldurs gate 3\bin\bg3_dx11.exe=> No File

  FirewallRules: [{ABA048A6-322F-41D3-A5D1-FA2AE4775D58}]=> (Allow) F:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]

  FirewallRules: [{FCCC79A5-A82E-4B06-9063-37FFB9637526}]=> (Allow) F:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]

  FirewallRules: [{C81DCE20-D175-4187-B27D-24A3D2A80E34}]=> (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)

  FirewallRules: [{9E344F7B-F07D-44EF-8561-669B27CFC58A}]=> (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)

  FirewallRules: [{C076AA66-70D7-4BF2-A505-FC7AE19D84CC}]=> (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)

  FirewallRules: [{432E630B-CCD3-4DD2-A239-A6168550E77C}]=> (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )

  FirewallRules: [TCP Query User{33B97282-B07C-408C-80F5-94984FFCCC9D}D: otal war – shogun 2 – gold edition\shogun2.exe]=> (Allow) D: otal war – shogun 2 – gold edition\shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd) [File not signed]

  FirewallRules: [UDP Query User{765026B0-05F1-4E76-B598-53F93EE68D65}D: otal war – shogun 2 – gold edition\shogun2.exe]=> (Allow) D: otal war – shogun 2 – gold edition\shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd) [File not signed]

  FirewallRules: [{C4CC56B6-EABC-48E8-A120-E31D90115A3C}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [{A11EC316-8A4A-4419-AFD4-9860008CD10F}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [{5B9712A3-BC57-49CD-BAA7-6E15AA9D7CD6}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [{9C7DB9CE-01E6-4C03-8DDD-9C8BF6DBACAD}]=> (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

  FirewallRules: [TCP Query User{EDFAEB9E-4193-4CF7-BAFC-F3C6EDF34CD1}F:\baldurs gate 3\bin\bg3_dx11.exe]=> (Block) F:\baldurs gate 3\bin\bg3_dx11.exe=> No File

  FirewallRules: [UDP Query User{6073D440-E05E-4E0E-8C6C-B5555D00E3DE}F:\baldurs gate 3\bin\bg3_dx11.exe]=> (Block) F:\baldurs gate 3\bin\bg3_dx11.exe=> No File

  FirewallRules: [TCP Query User{D8ADE621-D863-4BE6-86C5-38E4A181A9B3}F:\phoenix point\phoenixpoint\phoenixpointwin64.exe]=> (Block) F:\phoenix point\phoenixpoint\phoenixpointwin64.exe (Snapshot Games Inc. -> )

  FirewallRules: [UDP Query User{383EB334-2C6E-4322-AE34-802094E53B19}F:\phoenix point\phoenixpoint\phoenixpointwin64.exe]=> (Block) F:\phoenix point\phoenixpoint\phoenixpointwin64.exe (Snapshot Games Inc. -> )

  FirewallRules: [{5398740A-BCAE-4B11-90CC-A55A5CFDC7C8}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{3E1D2CD7-BF34-4325-9E70-B1A62B24998D}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{557F84AF-502A-4BF7-9D3C-BA8E04E1F171}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{F0492F5F-226E-484A-9A19-A7EBAC3D3748}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{33D3A988-2761-4747-852A-CE56591CFA45}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{73F61995-C3F3-4490-9173-2186B952F846}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{BCDDC4FF-51B1-473B-AC53-6F4177FD5EB8}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{666B2869-F3CE-4CC0-8D6B-0E221ABE548C}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.10002.53004.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{069E2A04-ADE9-488A-9BAA-964F73C70374}]=> (Allow) F:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]

  FirewallRules: [{0BF7E54A-0329-49F2-B2CB-E4B148403737}]=> (Allow) F:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]

  FirewallRules: [{26CBC013-6EBE-4610-A011-B0010D29DB88}]=> (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{EDE06244-5ABE-4E02-A72C-89CBB2741CEB}]=> (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{18D9274D-5CA1-473B-9A7C-A385B00A987E}]=> (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{E82E91C6-C80B-452D-997C-C86DFD832545}]=> (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [TCP Query User{7BED7F00-427A-4771-899F-23392682F57E}F:\core temp\core temp.exe]=> (Allow) F:\core temp\core temp.exe (ALCPU -> ALCPU)

  FirewallRules: [UDP Query User{AC7C812E-6AAF-4A69-AB7F-7F0EFFABBB09}F:\core temp\core temp.exe]=> (Allow) F:\core temp\core temp.exe (ALCPU -> ALCPU)

  FirewallRules: [{004BC042-6765-4957-A874-71C4B8DD87E2}]=> (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

  FirewallRules: [{83CAA4CC-1044-4C58-8374-FBA5A7106B8A}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{5AD1EACF-6845-4AD0-AC55-E4B700EE6F72}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{5FCE90F0-CCC3-4EC1-8D0D-B8F2D8E0BB88}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{69CBD6C3-F80F-4816-849B-3823C155ED7B}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{8EC3A10A-6701-472A-B332-228E38CC0159}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{ED606766-E5E0-4082-A734-C32C32887C81}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{19865BBF-A2D5-4340-B633-0F2A3A894BA7}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{D9620854-EE44-42E0-BF88-0CFC3DFC7DDB}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{2263B16D-9DD2-4B1E-92E5-644DA1C2341F}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{68F0EAD9-2356-4F84-9296-503114FB1520}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{14A8B3D2-5150-4F52-A219-6B27B572529B}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{5F83D325-FFF0-4E7B-B52C-8432662B81A4}]=> (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

  ?

  ====================Restore Points=========================

  ?

  29-10-2020 15:52:56 Scheduled Checkpoint

  06-11-2020 17:38:56 Scheduled Checkpoint

  08-11-2020 09:14:34 Radeon Installer

  11-11-2020 09:52:46 Windows Modules Installer

  13-11-2020 20:01:02 Windows Modules Installer

  19-11-2020 20:18:15 Windows Update

  ?

  ====================Faulty Device Manager Devices============

  ?

  ?

  ====================Event log errors:========================

  ?

  Application errors:

  ==================

  Error: (11/20/2020 06:07:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

  Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

  ?

  Error: (11/20/2020 06:07:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

  Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

  ?

  Error: (11/20/2020 05:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )

  Description: Faulting application name: PhoenixPointWin64.exe, version: 2019.4.10.4531, time stamp: 0x5f4fdaf4

  Faulting module name: UnityPlayer.dll, version: 2019.4.10.4531, time stamp: 0x5f4fdc4e

  Exception code: 0xc000041d

  Fault offset: 0x0000000000dbb9fb

  Faulting process id: 0x3f28

  Faulting application start time: 0x01d6bf8d55949ea0

  Faulting application path: F:\Phoenix Point\PhoenixPoint\PhoenixPointWin64.exe

  Faulting module path: F:\Phoenix Point\PhoenixPoint\UnityPlayer.dll

  Report Id: 953fd3db-60b6-471e-8789-70a28712dee3

  Faulting package full name:?

  Faulting package-relative application ID:

  ?

  Error: (11/20/2020 05:57:43 PM) (Source: Application Error) (EventID: 1000) (User: )

  Description: Faulting application name: PhoenixPointWin64.exe, version: 2019.4.10.4531, time stamp: 0x5f4fdaf4

  Faulting module name: UnityPlayer.dll, version: 2019.4.10.4531, time stamp: 0x5f4fdc4e

  Exception code: 0x80000003

  Fault offset: 0x0000000000dbb9fb

  Faulting process id: 0x3f28

  Faulting application start time: 0x01d6bf8d55949ea0

  Faulting application path: F:\Phoenix Point\PhoenixPoint\PhoenixPointWin64.exe

  Faulting module path: F:\Phoenix Point\PhoenixPoint\UnityPlayer.dll

  Report Id: 189f197b-1478-4c8a-8a1a-ce5ad79c979d

  Faulting package full name:?

  Faulting package-relative application ID:

  ?

  Error: (11/20/2020 05:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )

  Description: Faulting application name: Radeonsoftware.exe, version: 10.1.2.1808, time stamp: 0x5fa36480

  Faulting module name: ntdll.dll, version: 10.0.19041.610, time stamp: 0xe5d7ed5c

  Exception code: 0xc0000374

  Fault offset: 0x00000000000fed29

  Faulting process id: 0x200

  Faulting application start time: 0x01d6bf8ca4af6eb7

  Faulting application path: F:\AMD Radeon\CNext\CNext\Radeonsoftware.exe

  Faulting module path: C:\WINDOWS\SYSTEM32

  tdll.dll

  Report Id: 98bdf17c-b542-4187-a0b3-67bccba344cf

  Faulting package full name:?

  Faulting package-relative application ID:

  ?

  Error: (11/20/2020 05:57:32 PM) (Source: Application Error) (EventID: 1000) (User: )

  Description: Faulting application name: GameBar.exe, version: 5.420.11102.0, time stamp: 0x5faaa7cb

  Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x1183946c

  Exception code: 0xc0000409

  Fault offset: 0x000000000010b65c

  Faulting process id: 0x100c

  Faulting application start time: 0x01d6bf8c9e30c89b

  Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe

  Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

  Report Id: e899db99-1c0b-4c0f-836d-5a586912db6c

  Faulting package full name: Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe

  Faulting package-relative application ID: App

  ?

  Error: (11/20/2020 04:44:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

  Description: The storage optimizer couldn’t complete retrim on Secondary (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

  ?

  Error: (11/20/2020 04:43:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

  Description: The storage optimizer couldn’t complete retrim on Da’ Dropp Off (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

  ?

  ?

  System errors:

  =============

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  Error: (11/20/2020 05:59:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

  Description: DCOM got error “1115” attempting to start the service wuauserv with arguments “Unavailable” in order to run the server:

  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  ?

  ?

  Windows Defender:

  ===================================

  Date: 2020-11-18 17:24:49.5490000Z

  Description:?

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan ID: {4EEE02AB-2FB5-4E6D-AEB3-86199C30EA8D}

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  ?

  Date: 2020-11-11 06:40:02.1770000Z

  Description:?

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan ID: {61E0F3D9-AE4D-4B9D-A4A4-F99BA20972D3}

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  ?

  Date: 2020-11-10 17:19:18.2740000Z

  Description:?

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan ID: {5AE86141-A463-4B48-99CC-EE2DD2224161}

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  ?

  Date: 2020-11-09 16:56:14.8250000Z

  Description:?

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan ID: {B25466F6-69A1-4AFC-98B5-EB731E7D7AE5}

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  ?

  Date: 2020-11-04 16:59:23.8990000Z

  Description:?

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan ID: {F7782965-ABA5-42BB-B5E9-65005C630D9E}

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  ?

  Date: 2020-11-19 20:16:44.6100000Z

  Description:?

  Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.

  Security intelligence Attempted: Current

  Error Code: 0x80070003

  Error description: The system cannot find the path specified.?

  Security intelligence version: 0.0.0.0;0.0.0.0

  Engine version: 0.0.0.0

  ?

  Date: 2020-10-23 19:59:29.2560000Z

  Description:?

  Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

  New security intelligence Version:?

  Previous security intelligence Version: 1.325.1242.0

  Update Source: Microsoft Update Server

  Security intelligence Type: AntiVirus

  Update Type: Full

  Current Engine Version:?

  Previous Engine Version: 1.1.17500.4

  Error code: 0x8024402c

  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.?

  ?

  Date: 2020-10-23 19:25:17.5100000Z

  Description:?

  Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

  New security intelligence Version:?

  Previous security intelligence Version: 1.325.1242.0

  Update Source: Microsoft Update Server

  Security intelligence Type: AntiVirus

  Update Type: Full

  Current Engine Version:?

  Previous Engine Version: 1.1.17500.4

  Error code: 0x8024402c

  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.?

  ?

  Date: 2020-10-23 16:21:27.5990000Z

  Description:?

  Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

  New security intelligence Version:?

  Previous security intelligence Version: 1.325.1242.0

  Update Source: Microsoft Update Server

  Security intelligence Type: AntiVirus

  Update Type: Full

  Current Engine Version:?

  Previous Engine Version: 1.1.17500.4

  Error code: 0x8024402c

  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.?

  ?

  CodeIntegrity:

  ===================================

  ?

  Date: 2020-11-20 18:05:41.8380000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  Date: 2020-11-20 18:04:50.3730000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  Date: 2020-11-20 18:04:39.2940000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  Date: 2020-11-20 18:04:18.7540000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  Date: 2020-11-20 18:03:20.7570000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  Date: 2020-11-20 18:03:20.5210000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  Date: 2020-11-20 18:03:20.4560000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  Date: 2020-11-20 18:03:10.9080000Z

  Description:?

  Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

  ?

  ====================Memory info===========================?

  ?

  BIOS: American Megatrends Inc. F5 10/30/2017

  Motherboard: Gigabyte Technology Co., Ltd. Z370 HD3-CF

  Processor: Intel? Core? i7-8700K CPU @ 3.70GHz

  Percentage of memory in use: 16%

  Total physical RAM: 49031.2 MB

  Available physical RAM: 40892.93 MB

  Total Virtual: 56199.2 MB

  Available Virtual: 44629.93 MB

  ?

  ====================Drives================================

  ?

  Drive c: (Primary) (Fixed) (Total:464.95 GB) (Free:41.21 GB) NTFS==>[drive with boot components (obtained from BCD)]

  Drive d: (Da’ Dropp Off) (Fixed) (Total:465.76 GB) (Free:4.93 GB) NTFS

  Drive e: (GIGABYTE) (CDROM) (Total:4.08 GB) (Free:0 GB) CDFS

  Drive f: (Secondary) (Fixed) (Total:1863.01 GB) (Free:1147.48 GB) NTFS

  Drive h: (Da’ OutLet) (Fixed) (Total:931.48 GB) (Free:929.95 GB) NTFS

  Drive i: (Da’ OutLet II) (Fixed) (Total:931.48 GB) (Free:714.18 GB) NTFS

  ?

  \\?\Volume{7be3c8fd-0000-0000-0060-003d74000000}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS

  ?

  ====================MBR & Partition Table====================

  ?

  ==========================================================

  Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D5FA7B91)

  Partition 1: (Not Active) – (Size=465.8 GB) – (Type=07 NTFS)

  ?

  ==========================================================

  Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7BE3C8FD)

  Partition 1: (Active) – (Size=464.9 GB) – (Type=07 NTFS)

  Partition 2: (Not Active) – (Size=826 MB) – (Type=27)

  ?

  ==========================================================

  Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 6474FEB8)

  Partition 1: (Not Active) – (Size=1863 GB) – (Type=07 NTFS)

  ?

  ==========================================================

  Disk: 3 (Size: 931.5 GB) (Disk ID: 16F2A91F)

  ?

  Partition: GPT.

  ?

  ==========================================================

  Disk: 4 (Size: 931.5 GB) (Disk ID: 16F2A91F)

  ?

  Partition: GPT.

  ?

  ====================End of Addition.txt=======================