Solved Possible Malware Infection

[Will35]

Recently I have been experiencing strange occurences on my computer - files being moved around the desktop, sometimes deleted, windows search not working until a profile has been readded, graphics card stopping output and mouse and keyboard ceasing input, so I have decided to come to the wise people of the Techspot malware section for assistance. This is my first time in this section, so apologies if I get anything wrong but I have tried my best and will attach the requested logs in my replies. Thanks in advance for all of your hard work!

 

[Will35]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by mhick (administrator) on DESKTOP-13E56T6 (Micro-Star International Co., Ltd MS-7C02) (20-04-2020 10:29:27)
Running from C:\Users\mhick\Downloads
Loaded Profiles: mhick (Available Profiles: test3 & mhick)
Platform: Windows 10 Home Version 1909 18363.778 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atiesrxx.exe
(Discord Inc. -> Discord Inc.) C:\Users\mhick\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
(F.lux Software LLC -> f.lux Software LLC) C:\Users\mhick\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\mhick\AppData\Local\Microsoft\Teams\current\Teams.exe <6>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2020-02-22] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [RazerCortex] => "C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe" -autorun
HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\Run: [Discord] => C:\Users\mhick\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\Run: [f.lux] => C:\Users\mhick\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\Run: [com.squirrel.Teams.Teams] => C:\Users\mhick\AppData\Local\Microsoft\Teams\Update.exe [2339472 2020-04-20] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-07] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {060B93C6-D6F7-40B2-B3E3-9B26C6CBE2DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC)
Task: {1229617A-5CD9-478A-8D74-4A36510A9E44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B00DF57-3EF7-4F26-8424-777276D1A758} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {39BC6D43-497D-4FF0-BAAF-6C56D1379E43} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {39FA2510-506F-42FD-ABCF-1003ACB4D396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC)
Task: {49227488-63D4-4B10-8401-0E97A66136CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4DA0A56D-75E2-4E10-911D-6504DD5777C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CAB4C93-0FFA-4D9C-A0C3-949DBBE85AF0} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
Task: {70F1D318-3134-42A8-B2E5-FB9ADC66646C} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
Task: {720C4904-D456-4A38-AE79-3D5A11C6A1B0} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-03-17] (Advanced Micro Devices, Inc.) [File not signed]
Task: {79296C8E-7681-4720-ABE5-C11A0A0A86BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {80CCFAFC-D3E1-4D9C-948E-F77A22AC8978} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [126152 2020-04-10] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{13c6a99f-9d95-4eec-a5df-4c2688d728fb}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-03-01] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-03-01] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: hdqllh35.default
FF ProfilePath: C:\Users\mhick\AppData\Roaming\Mozilla\Firefox\Profiles\hdqllh35.default [2020-04-15]
FF ProfilePath: C:\Users\mhick\AppData\Roaming\Mozilla\Firefox\Profiles\au3lx6ff.default-release [2020-04-20]
FF Session Restore: Mozilla\Firefox\Profiles\au3lx6ff.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\au3lx6ff.default-release -> hxxps://teams.microsoft.com
FF Extension: (Privacy Badger) - C:\Users\mhick\AppData\Roaming\Mozilla\Firefox\Profiles\au3lx6ff.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-04-15]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\mhick\AppData\Roaming\Mozilla\Firefox\Profiles\au3lx6ff.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2020-04-15]
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-03-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-03-01] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default [2020-04-20]
CHR Extension: (Slides) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-15]
CHR Extension: (Docs) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-15]
CHR Extension: (Google Drive) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-15]
CHR Extension: (YouTube) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-15]
CHR Extension: (Sheets) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-15]
CHR Extension: (Google Docs Offline) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-15]
CHR Extension: (CJFallon) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kailnainkajeebejeigmmbphdbibdcko [2020-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-15]
CHR Extension: (Gmail) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\mhick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atiesrxx.exe [524712 2020-03-18] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8469592 2020-03-03] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-02-22] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-15] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atikmdag.sys [65752488 2020-03-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0353065.inf_amd64_2af28622e162cc90\B353014\atikmpag.sys [592296 2020-03-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103456 2020-02-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-26] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243048 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-11-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-03-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2020-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-04-17] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-04-17] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-04-17] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1160280 2020-02-18] (Realtek Semiconductor Corp. -> Realtek )
R3 SteamStreamingMicrophone; C:\Windows\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\Windows\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [44976 2020-01-15] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation -> Oracle Corporation)
S3 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-20 10:29 - 2020-04-20 10:29 - 000016260 _____ C:\Users\mhick\Downloads\FRST.txt
2020-04-20 10:28 - 2020-04-20 10:29 - 000000000 ____D C:\FRST
2020-04-20 10:28 - 2020-04-20 10:28 - 002281984 _____ (Farbar) C:\Users\mhick\Downloads\FRST64.exe
2020-04-20 10:15 - 2020-04-20 10:16 - 000000000 ____D C:\Users\mhick\AppData\Local\Steam
2020-04-20 08:46 - 2020-04-20 08:46 - 000002368 _____ C:\Users\mhick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-04-20 08:46 - 2020-04-20 08:46 - 000000000 ____D C:\Users\mhick\AppData\Roaming\Microsoft Teams
2020-04-19 09:53 - 2020-04-19 09:53 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 022636544 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 019850240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 019812864 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 018027520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 014818816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 008013824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 007756800 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 007017472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 006523048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 005910016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 005040640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 004611584 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 004538880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 004129624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 003753472 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 003742544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 003512320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 002951832 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 002800640 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 002800128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-04-19 09:53 - 2020-04-19 09:53 - 002494744 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 002180408 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001870408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001835008 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001729024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001665216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001646048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001587712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 001484384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001477112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001458688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001413840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001397576 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001264640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 001245184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001077064 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 001055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001013000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001009152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 001008128 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000993280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000983040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000912896 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000865280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000785920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000783480 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000775696 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000768528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FlightSettings.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BTAGService.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000673704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000673464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000668672 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000632832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000628616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2020-04-19 09:53 - 2020-04-19 09:53 - 000538160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000507152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000491008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000487784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000456192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2020-04-19 09:53 - 2020-04-19 09:53 - 000452096 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000420152 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000415760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000410112 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000406480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-04-19 09:53 - 2020-04-19 09:53 - 000321536 _____ (Microsoft Corporation) C:\Windows\system32\wbadmin.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000277864 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000268008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000214528 _____ (Microsoft Corporation) C:\Windows\system32\srumsvc.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000203264 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000190048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000185952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.XamlHost.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumsvc.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.XamlHost.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000123952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000105472 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000093712 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000089336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000084280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2020-04-19 09:53 - 2020-04-19 09:53 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000066624 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\srumapi.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumapi.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000050544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudNotifications.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iaspolcy.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\ias.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmintegrator.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ias.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000021520 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\icsunattend.exe
2020-04-19 09:53 - 2020-04-19 09:53 - 000015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\DMAlertListener.ProxyStub.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-04-19 09:53 - 2020-04-19 09:53 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-04-19 09:52 - 2020-04-19 09:52 - 017790464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 009930552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 007849216 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 006168064 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 004563200 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 003802624 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 003729408 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 003708928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 003587384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 003547648 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 003109376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 002986808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 002871608 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 002767928 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 002717184 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 002453504 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 002131456 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 002126144 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 002114560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 002086656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001999960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001960448 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001945600 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001918976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001764336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001762816 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001757096 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-04-19 09:52 - 2020-04-19 09:52 - 001726264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001719808 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001656904 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001612800 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001603584 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001512832 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 001497600 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 001427456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001378528 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001318912 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001300280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 001263856 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 001261808 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001243648 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001153024 _____ (Microsoft Corporation) C:\Windows\system32\windowsperformancerecordercontrol.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001136128 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001127424 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001083904 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001071616 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 001011200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000982840 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000974336 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000924672 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000915192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000840704 _____ (Microsoft Corporation)

 

[Will35]

C:\Windows\system32\SettingsHandlers_Language.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000822208 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000811320 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000759272 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000747320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000684560 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000654912 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000638480 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000637240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000618296 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000589384 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000561464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000524264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000515600 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000513576 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000510792 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000498688 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000477496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-04-19 09:52 - 2020-04-19 09:52 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000465208 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000459688 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000456504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000437560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000416016 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000408064 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\WpcApi.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\wpr.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000339304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000297272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000278016 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000259776 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000251704 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000231912 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000193848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000178192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000164368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000152408 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000151352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scmbus.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000147696 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000142544 _____ (Microsoft Corporation) C:\Windows\system32\LicensingUI.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\UtcDecoderHost.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000127280 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000115120 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000102216 _____ (Microsoft Corporation) C:\Windows\system32\changepk.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000089912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000088352 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000071480 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\CloudNotifications.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000059192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000058880 _____ C:\Windows\system32\runexehelper.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000047000 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\UpgradeResultsUI.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\WpcProxyStubs.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000033080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\KNetPwrDepBroker.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.ps.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\sbservicetrigger.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys
2020-04-19 09:52 - 2020-04-19 09:52 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2020-04-19 09:52 - 2020-04-19 09:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2020-04-19 09:52 - 2020-04-19 09:52 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-04-19 09:47 - 2020-03-17 04:57 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-04-19 09:47 - 2020-03-17 04:56 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-04-18 17:39 - 2020-04-18 17:39 - 002598821 _____ C:\Users\mhick\Downloads\OptiFine_1.12.2_HD_U_F5.jar
2020-04-18 17:13 - 2020-04-18 17:13 - 000000000 ____D C:\Users\mhick\AppData\Local\ElevatedDiagnostics
2020-04-18 17:11 - 2020-04-18 17:11 - 000000000 ____D C:\Users\mhick\AppData\Local\CrashDumps
2020-04-17 09:34 - 2020-04-17 09:34 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-04-17 09:34 - 2020-04-17 09:34 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-04-17 09:34 - 2020-04-17 09:34 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-04-17 09:34 - 2020-04-17 09:34 - 000000000 ____D C:\Users\mhick\AppData\Local\mbamtray
2020-04-17 09:34 - 2020-04-17 09:34 - 000000000 ____D C:\Users\mhick\AppData\Local\mbam
2020-04-16 11:22 - 2020-04-20 09:51 - 000000000 ____D C:\Users\mhick\AppData\Roaming\.minecraft
2020-04-16 11:22 - 2020-04-16 11:22 - 000000000 ____D C:\Users\mhick\AppData\Local\CEF
2020-04-15 12:45 - 2020-04-17 15:45 - 000000000 ____D C:\Users\mhick\AppData\Local\PlaceholderTileLogoFolder
2020-04-15 11:46 - 2020-04-15 11:46 - 000002160 _____ C:\Users\mhick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2020-04-15 11:46 - 2020-04-15 11:46 - 000000000 ____D C:\Users\mhick\AppData\Local\FluxSoftware
2020-04-15 11:43 - 2020-04-20 10:31 - 000000000 ____D C:\Users\mhick\AppData\Roaming\discord
2020-04-15 11:43 - 2020-04-20 08:46 - 000000000 ____D C:\Users\mhick\AppData\Local\SquirrelTemp
2020-04-15 11:43 - 2020-04-15 11:43 - 000654152 _____ C:\Users\mhick\Downloads\flux-setup.exe
2020-04-15 11:43 - 2020-04-15 11:43 - 000000000 ____D C:\Users\mhick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-04-15 11:43 - 2020-04-15 11:43 - 000000000 ____D C:\Users\mhick\AppData\Local\Discord
2020-04-15 11:41 - 2020-04-15 12:27 - 000000000 ____D C:\Users\mhick\OneDrive\Documents\Assassin's Creed Odyssey
2020-04-15 11:41 - 2020-04-15 11:41 - 062620472 _____ (Discord Inc.) C:\Users\mhick\Downloads\DiscordSetup.exe
2020-04-15 11:41 - 2020-04-15 11:41 - 000000000 ____D C:\Users\mhick\AppData\Roaming\uplay_emu
2020-04-15 11:37 - 2020-04-20 08:21 - 000000000 ____D C:\Users\mhick\AppData\LocalLow\Mozilla
2020-04-15 11:37 - 2020-04-15 11:37 - 000000000 ____D C:\Users\mhick\AppData\Roaming\Mozilla
2020-04-15 11:37 - 2020-04-15 11:37 - 000000000 ____D C:\Users\mhick\AppData\Local\Mozilla
2020-04-15 11:01 - 2020-04-15 11:01 - 000000000 ____D C:\Users\mhick\AppData\Local\Comms
2020-04-15 10:51 - 2020-04-15 10:51 - 000000000 ____D C:\Users\mhick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2020-04-15 10:51 - 2020-04-15 10:51 - 000000000 ____D C:\Users\mhick\AppData\Roaming\com.yudu.ReaderAIR3355817
2020-04-15 10:51 - 2020-04-15 10:51 - 000000000 ____D C:\Users\mhick\AppData\LocalLow\AMD
2020-04-15 10:51 - 2020-04-15 10:51 - 000000000 ____D C:\Users\mhick\AppData\Local\Adobe
2020-04-15 10:50 - 2020-04-17 09:34 - 000000000 ____D C:\Users\mhick\AppData\Local\cache
2020-04-15 10:48 - 2020-04-15 10:48 - 000000000 ___HD C:\OneDriveTemp
2020-04-15 10:47 - 2020-04-15 11:42 - 000000000 ____D C:\Users\mhick\AppData\Local\D3DSCache
2020-04-15 10:47 - 2020-04-15 10:47 - 000000000 ___HD C:\Users\mhick\MicrosoftEdgeBackups
2020-04-15 10:46 - 2020-04-18 14:34 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1617416004-2811918536-4117151059-1008
2020-04-15 10:46 - 2020-04-18 14:34 - 000000000 ___RD C:\Users\mhick\OneDrive
2020-04-15 10:46 - 2020-04-15 10:46 - 000000000 ____D C:\Users\mhick\AppData\Local\OneDrive
2020-04-15 10:45 - 2020-04-20 10:15 - 000000000 ____D C:\Users\mhick\AppData\Local\Google
2020-04-15 10:45 - 2020-04-20 08:47 - 000000000 ____D C:\Users\mhick\AppData\Local\ConnectedDevicesPlatform
2020-04-15 10:45 - 2020-04-15 12:45 - 000000000 ____D C:\Users\mhick\AppData\Local\Packages
2020-04-15 10:45 - 2020-04-15 11:01 - 000000000 ____D C:\Users\mhick\AppData\Local\PackageStaging
2020-04-15 10:45 - 2020-04-15 10:51 - 000000000 ____D C:\Users\mhick\AppData\Roaming\Adobe
2020-04-15 10:45 - 2020-04-15 10:50 - 000000000 ____D C:\Users\mhick\AppData\Local\AMD
2020-04-15 10:45 - 2020-04-15 10:45 - 000000000 ___RD C:\Users\mhick\3D Objects
2020-04-15 10:45 - 2020-04-15 10:45 - 000000000 ____D C:\Users\mhick\AppData\Local\VirtualStore
2020-04-15 10:45 - 2020-04-15 10:45 - 000000000 ____D C:\Users\mhick\AppData\Local\Publishers
2020-04-15 10:45 - 2020-04-15 10:45 - 000000000 ____D C:\Users\mhick\AppData\Local\MicrosoftEdge
2020-04-15 10:44 - 2020-04-19 20:42 - 000000000 ____D C:\Users\mhick
2020-04-15 10:44 - 2020-04-18 14:34 - 000002367 _____ C:\Users\mhick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 10:44 - 2020-04-15 10:45 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\ConnectedDevicesPlatform
2020-04-15 10:44 - 2020-04-15 10:45 - 000000000 ____D C:\Users\defaultuser100000
2020-04-15 10:44 - 2020-04-15 10:44 - 000000020 ___SH C:\Users\mhick\ntuser.ini
2020-04-15 10:44 - 2020-03-11 15:11 - 000000000 ____D C:\Users\mhick\AppData\Roaming\Macromedia
2020-04-15 09:39 - 2020-04-15 09:39 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1617416004-2811918536-4117151059-1006
2020-04-15 09:36 - 2020-04-15 09:36 - 000000000 ____D C:\Users\test3\AppData\Local\Comms
2020-04-15 09:35 - 2020-04-15 09:35 - 000000000 ____D C:\Users\test3\AppData\Local\PlaceholderTileLogoFolder
2020-04-15 09:26 - 2020-04-15 09:26 - 000000000 ____D C:\Users\test3\AppData\Local\cache
2020-04-15 09:23 - 2020-04-15 09:23 - 000000000 ___HD C:\Users\test3\MicrosoftEdgeBackups
2020-04-15 09:22 - 2020-04-15 10:43 - 000000000 ___RD C:\Users\test3\OneDrive
2020-04-15 09:22 - 2020-04-15 09:23 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1617416004-2811918536-4117151059-1003
2020-04-15 09:22 - 2020-04-15 09:22 - 000001450 _____ C:\Users\test3\Desktop\Microsoft Edge.lnk
2020-04-15 09:22 - 2020-04-15 09:22 - 000000000 ____D C:\Users\test3\AppData\Local\MicrosoftEdge
2020-04-15 09:21 - 2020-04-15 10:35 - 000000000 ___RD C:\Users\test3\3D Objects
2020-04-15 09:21 - 2020-04-15 10:35 - 000000000 ____D C:\Users\test3\AppData\Local\ConnectedDevicesPlatform
2020-04-15 09:21 - 2020-04-15 09:36 - 000000000 ____D C:\Users\test3\AppData\Local\Packages
2020-04-15 09:21 - 2020-04-15 09:26 - 000000000 ____D C:\Users\test3\AppData\Local\AMD
2020-04-15 09:21 - 2020-04-15 09:21 - 000000000 ____D C:\Users\test3\AppData\Roaming\Adobe
2020-04-15 09:21 - 2020-04-15 09:21 - 000000000 ____D C:\Users\test3\AppData\Local\VirtualStore
2020-04-15 09:21 - 2020-04-15 09:21 - 000000000 ____D C:\Users\test3\AppData\Local\Publishers
2020-04-15 09:21 - 2020-04-15 09:21 - 000000000 ____D C:\Users\test3\AppData\Local\Google
2020-04-15 09:20 - 2020-04-15 10:37 - 000000000 ____D C:\Users\test3
2020-04-15 09:20 - 2020-04-15 10:32 - 000000000 ____D C:\Users\test3\AppData\Roaming\Macromedia
2020-04-15 09:20 - 2020-04-15 09:23 - 000002367 _____ C:\Users\test3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 09:20 - 2020-04-15 09:20 - 000000020 ___SH C:\Users\test3\ntuser.ini
2020-04-10 08:51 - 2020-04-10 08:51 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-04-10 07:51 - 2020-04-11 16:42 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-04 18:51 - 2020-04-04 18:51 - 000000631 _____ C:\Users\Public\Desktop\Assassin's Creed - Odyssey.lnk
2020-04-04 18:51 - 2020-04-04 18:51 - 000000631 _____ C:\ProgramData\Desktop\Assassin's Creed - Odyssey.lnk
2020-04-03 15:38 - 2020-04-03 15:41 - 000000000 ____D C:\Program Files\Parsec
2020-04-01 13:05 - 2020-04-15 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2020-04-01 13:05 - 2020-04-03 10:49 - 000000000 ____D C:\Program Files (x86)\Windscribe
2020-04-01 13:05 - 2020-04-01 13:05 - 000001144 _____ C:\Users\Public\Desktop\Windscribe.lnk
2020-04-01 13:05 - 2020-04-01 13:05 - 000001144 _____ C:\ProgramData\Desktop\Windscribe.lnk
2020-04-01 13:05 - 2018-07-06 17:22 - 000054896 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2020-04-01 12:20 - 2020-04-15 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2020-04-01 12:20 - 2020-04-01 12:20 - 000000000 ____D C:\Program Files\qBittorrent
2020-03-26 19:24 - 2020-03-26 19:27 - 000000000 ____D C:\Program Files (x86)\AnyToISO
2020-03-25 15:25 - 2020-04-15 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2020-03-25 15:25 - 2020-03-25 15:25 - 000000617 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2020-03-25 15:25 - 2020-03-25 15:25 - 000000617 _____ C:\ProgramData\Desktop\Oracle VM VirtualBox.lnk
2020-03-25 15:25 - 2017-01-16 18:38 - 000959720 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2020-03-25 15:24 - 2017-01-16 18:38 - 000149304 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2020-03-24 12:19 - 2020-04-15 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-03-24 12:19 - 2020-03-24 12:19 - 000000000 ____D C:\Program Files (x86)\AMD
2020-03-24 12:11 - 2020-03-18 20:16 - 062867880 _____ C:\Windows\system32\amd_comgr.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 052403624 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 004585920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 004095400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 001784744 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 001784744 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 001375144 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 001375144 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 001086184 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 001086184 _____ C:\Windows\system32\vulkan-1.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000945032 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000945032 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000761256 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 000574888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000493992 _____ C:\Windows\system32\dgtrayicon.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 000491944 _____ C:\Windows\system32\GameManager64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000485800 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000469416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000452008 _____ C:\Windows\system32\atieah64.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 000428992 _____ C:\Windows\system32\EEURestart.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 000374696 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000346024 _____ C:\Windows\SysWOW64\atieah32.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 000345000 _____ C:\Windows\system32\clinfo.exe
2020-03-24 12:11 - 2020-03-18 20:16 - 000242088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000209320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000184744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000179080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000163240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000159680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000158432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000153512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000138664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000136616 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000136616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000135592 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000124840 _____ C:\Windows\system32\atidxx64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000121768 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000121256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000107432 _____ C:\Windows\SysWOW64\atidxx32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000106408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000091560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000076200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000071104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000047528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000044456 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000020632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-03-24 12:11 - 2020-03-18 20:16 - 000020608 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 078651304 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 001686840 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 001366192 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000941992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000769448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000554408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000546568 _____ C:\Windows\system32\amdmiracast.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000484776 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000467368 _____ C:\Windows\system32\amdlogum.exe
2020-03-24 12:11 - 2020-03-18 20:15 - 000384424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000374184 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000167720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000135160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000128976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000128952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000120064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000108056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-03-24 12:11 - 2020-03-18 20:15 - 000108048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-03-24 12:11 - 2020-03-17 22:03 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-03-24 12:11 - 2020-03-17 22:03 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-03-24 12:11 - 2020-03-17 21:59 - 000543136 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-03-24 12:11 - 2020-03-17 21:59 - 000543136 _____ C:\Windows\system32\atiapfxx.blb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-20 10:19 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-20 10:16 - 2020-02-22 19:30 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-20 08:18 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-04-20 08:14 - 2020-02-22 19:53 - 000003126 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-04-20 08:14 - 2020-02-22 19:53 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-04-19 19:42 - 2020-02-22 19:13 - 000841376 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-19 19:37 - 2020-02-22 19:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-19 19:37 - 2020-02-22 19:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-19 19:21 - 2020-02-22 19:07 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-19 12:53 - 2020-02-22 19:53 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-04-19 12:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2020-04-19 12:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2020-04-19 12:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\migwiz
2020-04-19 12:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-04-19 12:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Provisioning
2020-04-19 12:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2020-04-19 12:53 - 2019-03-19 05:37 - 001572864 _____ C:\Windows\system32\config\BBI
2020-04-19 09:55 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2020-04-18 18:39 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2020-04-16 17:01 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-15 10:45 - 2020-02-22 19:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-04-15 10:38 - 2020-03-15 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\DDFs
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\L2Schemas
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\IdentityCRL
2020-04-15 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\DiagTrack
2020-04-15 10:35 - 2020-03-05 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-15 10:35 - 2020-03-01 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-04-15 10:35 - 2020-02-29 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCProxy
2020-04-15 10:35 - 2020-02-24 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-04-15 10:35 - 2020-02-22 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2020-04-15 10:35 - 2020-02-22 19:52 - 000000000 ____D C:\Program Files\AMD
2020-04-15 10:35 - 2020-02-22 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-04-15 10:35 - 2020-02-22 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-04-15 10:35 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\appcompat
2020-04-15 10:34 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\registration
2020-04-15 10:23 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-04-11 16:42 - 2020-02-22 19:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-10 08:51 - 2020-02-22 19:30 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-07 20:22 - 2020-03-11 14:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-07 20:22 - 2020-03-11 14:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-07 20:22 - 2020-03-11 14:54 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-04 21:46 - 2020-03-11 17:47 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-04-03 10:53 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\NDF
2020-04-03 10:40 - 2020-03-14 19:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-04-02 08:41 - 2020-02-22 19:52 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-02 08:15 - 2020-02-22 21:39 - 000744808 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-03-30 12:45 - 2020-02-22 19:51 - 000000000 ____D C:\ProgramData\Origin
2020-03-25 15:32 - 2020-02-22 19:07 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-25 15:02 - 2020-02-24 09:12 - 000000000 ____D C:\ProgramData\VirtualBox
2020-03-25 11:37 - 2020-03-11 17:46 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2020-03-25 11:37 - 2020-03-11 17:46 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2020-03-25 11:37 - 2020-03-11 17:46 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2020-03-25 11:37 - 2020-03-11 17:46 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2020-03-24 12:11 - 2020-02-22 19:51 - 000000000 ____D C:\AMD
2020-03-21 22:05 - 2020-02-22 19:19 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1617416004-2811918536-4117151059-1001
2020-03-21 10:21 - 2020-03-16 15:12 - 000000000 ____D C:\Program Files (x86)\Razer
2020-03-21 10:14 - 2020-03-11 14:53 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 10:14 - 2020-03-11 14:53 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[Will35]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by mhick (20-04-2020 10:31:17)
Running from C:\Users\mhick\Downloads
Windows 10 Home Version 1909 18363.778 (X64) (2020-02-22 18:09:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1617416004-2811918536-4117151059-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1617416004-2811918536-4117151059-503 - Limited - Disabled)
Guest (S-1-5-21-1617416004-2811918536-4117151059-501 - Limited - Disabled)
mhick (S-1-5-21-1617416004-2811918536-4117151059-1008 - Administrator - Enabled) => C:\Users\mhick
test3 (S-1-5-21-1617416004-2811918536-4117151059-1003 - Administrator - Enabled) => C:\Users\test3
WDAGUtilityAccount (S-1-5-21-1617416004-2811918536-4117151059-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.3.1 - Advanced Micro Devices, Inc.)
Assassin's Creed: Odyssey (HKLM-x32\...\Assassin's Creed: Odyssey_is1) (Version: - )
AutoHotkey 1.1.32.00 (HKLM\...\AutoHotkey) (Version: 1.1.32.00 - Lexikos)
Blender (HKLM\...\{892913E7-EB3C-43F8-ABDE-9333ABBF959A}) (Version: 2.82.0 - Blender Foundation)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
CCProxy 8.0 (HKLM\...\CCProxy_is1) (Version: - Youngzsoft, Inc.)
Discord (HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\Discord) (Version: 0.0.306 - Discord Inc.)
Educate.ie (HKLM-x32\...\{2449A2FB-924F-0D26-7ADF-D6FA2940A79B}) (Version: 4.30.1 - UNKNOWN) Hidden
Educate.ie (HKLM-x32\...\com.yudu.ReaderAIR3355817) (Version: 4.30.1 - UNKNOWN)
Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\Teams) (Version: 1.3.00.8663 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 75.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 75.0 (x64 en-GB)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 5.1.14 (HKLM\...\{6AE61854-0F78-49E3-ABCC-586FB43CE709}) (Version: 5.1.14 - Oracle Corporation)
qBittorrent 4.2.2 (HKLM-x32\...\qBittorrent) (Version: 4.2.2 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WinRAR 5.90 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.2 - win.rar GmbH)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1617416004-2811918536-4117151059-1008_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mhick\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1617416004-2811918536-4117151059-1008_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\mhick\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-03-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\mhick\OneDrive\Desktop\Books\CJFallon - Text and Tests.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kailnainkajeebejeigmmbphdbibdcko
ShortcutWithArgument: C:\Users\mhick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CJFallon.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kailnainkajeebejeigmmbphdbibdcko

==================== Loaded Modules (Whitelisted) =============

2019-07-18 13:11 - 2019-07-18 13:11 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-17 18:01 - 2020-03-17 18:01 - 001518592 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-03-17 18:10 - 2020-03-17 18:10 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000724992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 13:11 - 2019-07-18 13:11 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-03-17 18:10 - 2020-03-17 18:10 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-04-11 16:52 - 2020-04-11 16:52 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\mhick\OneDrive\Desktop\Wallpapers\yeet.jfif
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-1617416004-2811918536-4117151059-1008\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1C5AC646-1175-40D5-8E1D-F5E231FD5C29}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1E54797-D5BA-4031-B4BE-D0F1AABF6EA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9044BF3-B3C9-413C-BD64-366B0D9E8534}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C770BF1C-D95B-4C0E-B580-B3AB2B65AF20}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{087F5F90-84D5-43E1-B416-66E016AFB979}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe No File
FirewallRules: [{64DC1D6B-98BC-4967-BCE0-D058ABD5F50D}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe No File
FirewallRules: [{9FFE3BF5-7A18-4F3D-83AA-03E88B687C21}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DEA54F5C-F5FA-41D4-A70C-D4B430F8DC92}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{A3B9408C-9BFB-4930-A56D-9D47C23429A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Flipper\HouseFlipper.exe () [File not signed]
FirewallRules: [{6CBF4221-47D1-42F9-8262-36E2E1FCA362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Flipper\HouseFlipper.exe () [File not signed]
FirewallRules: [TCP Query User{F5B3F652-E727-47F0-ACEC-978A722B334B}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe (Youngzsoft Co., Ltd. -> Youngzsoft)
FirewallRules: [UDP Query User{80B5E7A4-C44B-4C71-9AA9-9DCC21B18FAF}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe (Youngzsoft Co., Ltd. -> Youngzsoft)
FirewallRules: [TCP Query User{071774A5-4518-4CA8-A1A5-9ABC3ACC29D0}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{BDB3023B-62A3-4890-8D59-D72DEFB40AD1}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{C9E20990-BF75-4851-8B0F-0BD25AF3AC95}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{13A66D93-5E72-4CBD-9630-7648C21D3DE1}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{3AC1784C-E6C7-482C-B386-0CB5EADEE390}C:\users\mhick\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\mhick\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe No File
FirewallRules: [UDP Query User{5F8A5A0D-02E3-428D-8F43-FEC686ADAD19}C:\users\mhick\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe] => (Allow) C:\users\mhick\appdata\local\nvidia corporation\geforcenow\cef\geforcenowstreamer.exe No File
FirewallRules: [{C072E806-F9B4-437A-B0A3-F84A8FA9444F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{B5D1E40B-B6EB-4FFF-A625-A37AD4EDCF3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{438BF3FD-EEB4-4479-9AAB-8402538258C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{9CFE304E-5ADB-4BE4-89E5-45F7E17D42D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [TCP Query User{C554E14D-5BD9-4E6B-8A81-4D9D5590C9E5}C:\users\mhick\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\mhick\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{33DAA59B-1E06-487F-BEAC-536AC8349F7E}C:\users\mhick\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\mhick\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2D95D79-D8C6-4B1D-8F50-91F62815B181}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6D4050E9-D78E-4007-BD99-657AE1C35D1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{08945CD5-3626-4EDA-98EE-B83CBA833EAF}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{3024F986-D03B-4636-9E5A-FFE802280DD8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{DAB6CA79-96CB-43DB-865C-19FAC9BB8A94}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{CAB96651-EC53-4906-9422-092E420E3D23}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{7E82FC65-7428-4F2A-AA4D-0B450284E0A1}D:\games\ark - survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) D:\games\ark - survival evolved\shootergame\binaries\win64\shootergame.exe No File
FirewallRules: [UDP Query User{64BC72FC-9F88-44A2-BE1B-D0339658C409}D:\games\ark - survival evolved\shootergame\binaries\win64\shootergame.exe] => (Allow) D:\games\ark - survival evolved\shootergame\binaries\win64\shootergame.exe No File
FirewallRules: [TCP Query User{D70C1EBA-4A22-457F-A3F3-C0F060E18F7E}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{4C70858E-E47C-4688-A8DF-E765756BD603}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{3347E07B-3BF2-4701-8F1D-CB2D5BE0C62B}D:\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) D:\games\divinity - original sin 2\defed\bin\eocapp.exe No File
FirewallRules: [UDP Query User{D3121808-B486-4119-B4BB-CEFF1C20BFD8}D:\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) D:\games\divinity - original sin 2\defed\bin\eocapp.exe No File
FirewallRules: [TCP Query User{29898BAC-7C2B-4A58-A2EC-815925EF0B89}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{03813A48-5B6F-4BA8-9911-09239EAFBBC4}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{C20BF56E-6E68-4B14-967B-24461C87A0A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-04-2020 12:16:44 Installed ProtonVPN
10-04-2020 18:25:09 Scheduled Checkpoint
15-04-2020 10:09:06 Restore Operation
19-04-2020 09:46:51 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/19/2020 07:37:54 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (5724,R,98) WebCacheLocal: Database recovery/restore failed with unexpected error -501.

Error: (04/19/2020 07:37:54 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhostw (5724,R,98) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\mhick\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 27 reason CorruptAfterEmptySegment. This logfile has been damaged and is unusable.

Error: (04/19/2020 07:37:54 PM) (Source: ESENT) (EventID: 552) (User: )
Description: taskhostw (5724,R,98) WebCacheLocal: The log file at "C:\Users\mhick\AppData\Local\Microsoft\Windows\WebCache\V01.log" is corrupt with reason 'CorruptAfterEmptySegment'. Last valid segment was 7, current segment is 27. The expected checksum was 0 (0x0) and the actual checksum was 118273073939 (0x1b899fe313). The read completed with error-code 0 (0x00000000). If this condition persists then please restore the logfile from a previous backup.

Error: (04/19/2020 07:37:54 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhostw (5724,R,98) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\mhick\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 27 reason CorruptAfterEmptySegment. This logfile has been damaged and is unusable.

Error: (04/19/2020 07:37:54 PM) (Source: ESENT) (EventID: 552) (User: )
Description: taskhostw (5724,R,98) WebCacheLocal: The log file at "C:\Users\mhick\AppData\Local\Microsoft\Windows\WebCache\V01.log" is corrupt with reason 'CorruptAfterEmptySegment'. Last valid segment was 7, current segment is 27. The expected checksum was 0 (0x0) and the actual checksum was 118273073939 (0x1b899fe313). The read completed with error-code 0 (0x00000000). If this condition persists then please restore the logfile from a previous backup.

Error: (04/19/2020 10:04:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2450

Start Time: 01d616294174a06c

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: e37620a9-ca89-4402-b701-f73f12c01f64

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Cross-process

Error: (04/19/2020 10:01:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ddc

Start Time: 01d616291b34f7e7

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 3fd75d2d-1964-4455-a18a-1d6fdcf0570e

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (04/18/2020 05:11:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.18362.387, time stamp: 0x5d89c449
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.18362.657, time stamp: 0xda02d3eb
Exception code: 0xc000027b
Fault offset: 0x0000000000712ec0
Faulting process ID: 0x2f64
Faulting application start time: 0x01d61585a9d96792
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: 78ed0aed-e1b3-488f-8de3-1c37a1b108fb
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App


System errors:
=============
Error: (04/19/2020 07:37:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 19:36:29 on ‎19/‎04/‎2020 was unexpected.

Error: (04/19/2020 12:53:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a pre-shutdown control.

Error: (04/17/2020 09:02:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 08:59:09 on ‎17/‎04/‎2020 was unexpected.

Error: (04/15/2020 10:30:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The UserDataSvc_2916a service terminated with the following error:
Class not registered

Error: (04/15/2020 10:25:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_767f3 service terminated with the following error:
Access is denied.

Error: (04/15/2020 10:25:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_767f3 service terminated with the following error:
Access is denied.

Error: (04/15/2020 10:24:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_767f3 service terminated with the following error:
Access is denied.

Error: (04/15/2020 10:24:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_767f3 service terminated with the following error:
Access is denied.


Windows Defender:
===================================
Date: 2020-04-15 10:31:37.984
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D1C54525-F9B0-4154-959B-9444E239CB3B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-11 17:00:07.591
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {26BBF5D2-01E2-4427-AE42-2B22D409A378}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-25 10:37:05.161
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Generic!rfn threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Generic!rfn
ID: 2147744279
Severity: Severe
Category: Trojan
Path: file:_C:\Users\mhick\Desktop\SUPERHOT.v2.1.01\SH_Data\Plugins\steam_api.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\mhick\Desktop\SUPERHOT.v2.1.01\SH.exe
Security intelligence Version: AV: 1.311.1893.0, AS: 1.311.1893.0, NIS: 1.311.1893.0
Engine Version: AM: 1.1.16800.2, NIS: 1.1.16800.2

Date: 2020-03-25 10:37:02.389
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Generic!rfn threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Generic!rfn
ID: 2147744279
Severity: Severe
Category: Trojan
Path: file:_C:\Users\mhick\Desktop\SUPERHOT.v2.1.01\SH_Data\Plugins\steam_api.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\mhick\Desktop\SUPERHOT.v2.1.01\SH.exe
Security intelligence Version: AV: 1.311.1893.0, AS: 1.311.1893.0, NIS: 1.311.1893.0
Engine Version: AM: 1.1.16800.2, NIS: 1.1.16800.2

Date: 2020-03-25 10:36:49.915
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Generic!rfn threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Generic!rfn
ID: 2147744279
Severity: Severe
Category: Trojan
Path: file:_C:\Users\mhick\Desktop\SUPERHOT.v2.1.01\SH_Data\Plugins\steam_api.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\mhick\Desktop\SUPERHOT.v2.1.01\SH.exe
Security intelligence Version: AV: 1.311.1893.0, AS: 1.311.1893.0, NIS: 1.311.1893.0
Engine Version: AM: 1.1.16800.2, NIS: 1.1.16800.2

Date: 2020-04-15 10:38:25.147
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2020-04-15 10:12:22.787
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

CodeIntegrity:
===================================

Date: 2020-04-19 19:23:33.058
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-19 19:23:33.039
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3.40 10/25/2019
Motherboard: Micro-Star International Co., Ltd B450 TOMAHAWK MAX (MS-7C02)
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 37%
Total physical RAM: 16335.13 MB
Available physical RAM: 10196.51 MB
Total Virtual: 18767.13 MB
Available Virtual: 8345.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.56 GB) (Free:298.22 GB) NTFS
Drive d: (HDD) (Fixed) (Total:464.69 GB) (Free:371.5 GB) NTFS

\\?\Volume{25cd5205-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS
\\?\Volume{621c5f39-2ffa-44a3-a466-99d43f43dec0}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{828b77bc-5f18-4e40-b3c3-145740d3ce00}\ () (Fixed) (Total:0.56 GB) (Free:0.08 GB) NTFS
\\?\Volume{0378c474-d1a6-46f4-8809-6b01c1b2ece3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 25CD5205)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: CA33B57D)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

I don't see much so far...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[Will35]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-21-2020
# Duration: 00:00:13
# OS: Windows 10 Home
# Scanned: 31802
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[Will35]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 21/04/2020
Scan Time: 08:38
Log File: 11b27c48-83a3-11ea-a491-00d861d59cc1.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.848
Update Package Version: 1.0.22728
Licence: Premium

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 317244
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Will35]

RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr 1 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Normal mode
User : mhick [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200420_091106, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/04/21 08:29:49 (Duration : 00:04:40)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

[Broni]

Nothing there. All clean.
Good luck and stay safe