Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2020
Ran by Alexander (administrator) on ALEXANDER-PC (16-04-2020 16:14:25)
Running from C:\Users\Alexander\Desktop
Loaded Profiles: Alexander (Available Profiles: Alexander)
Platform: Windows 10 Pro Version 1909 18363.778 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe <3>
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\94.4.384\QtWebEngineProcess.exe <4>
(Electronic Arts, Inc. -> Electronic Arts) E:\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Alexander\AppData\Local\FluxSoftware\Flux\flux.exe
(Focusrite Audio Engineering, Ltd.) [File not signed] E:\FocusriteUSB\Focusrite Notifier.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Alexander\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) [File not signed]
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Focusrite Notifier] => E:\FocusriteUSB\Focusrite Notifier.exe [3949568 2019-08-02] (Focusrite Audio Engineering, Ltd.) [File not signed]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-01-07] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1976160 2020-01-07] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Run: [f.lux] => C:\Users\Alexander\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Run: [com.squirrel.splice.Splice] => C:\Users\Alexander\AppData\Local\splice\app-3.6.21\Splice.exe [83322768 2020-01-29] (DISTRIBUTED CREATION INC. -> Splice)
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3371296 2020-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Run: [Dropbox Update] => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [221184 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-06] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2020-04-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2189435C-0A7D-4985-B865-C1B844F8519A} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {2D7923DF-17A8-45F2-9070-E9CDD5C308A4} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {320E1CD7-F311-40C4-B283-CF715A70D53F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {32EE1212-C661-44B4-820B-D73853C7E40D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {340746DB-452E-497B-BBEC-1C76DD579AF9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {353C7E9C-3F63-46B8-89DD-1891CA685CA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3B893DD7-DF1F-4994-A4DB-7CD2A016ECBD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40FD1485-8D43-44DE-AB02-1E7C304ADA20} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {43937386-B0EE-40C3-9757-57F10FB5A9AF} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {458C2DC3-BF1D-42C2-94D9-A24B66AACDA9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {45AD32D9-2A11-4428-BEBA-5DDC76D9D46B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {47FCC291-39DF-42E0-8A2E-21FCA14DD32F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4BC142E7-E589-478A-B3E2-3CFDBED6BF44} - System32\Tasks\AdobeAAMUpdater-1.0-Alexander-PC-Alexander => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4DEA8677-4AB3-4AC3-8B7D-25D5DD56947F} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3660232 2020-02-17] (Easeware Technology Limited -> Easeware)
Task: {4EEA6F14-7A16-419C-911A-94B07E31415A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {50671B7E-6FCC-4D7F-B5E0-B8FB101403D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-10] (Google Inc -> Google Inc.)
Task: {52C51E19-7A8E-476C-AE7E-407349EAF15A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-10] (Google Inc -> Google Inc.)
Task: {553220CE-B6BA-4CF9-8CE9-8EB3557CFAF9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {55EAA84C-0CEE-4B35-B914-18E249037DE7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D7E3ABD-2266-4BE1-BA59-0BC0007CBF8D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {64690FC5-BA3C-4CAD-A6E9-3EA2B8B07B67} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {66C715DB-1447-4DF1-BC27-0A1843E4AC6A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {6DF67090-6F98-473E-BBBA-4EE3057A514D} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {71F0CFC3-693A-42A6-A3E6-A14895455F03} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7393EE10-1178-421F-ACE6-18965A6EA092} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {75C14D44-4AA4-40B8-817E-A5B71FDDC86B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77D56FF1-6D8E-47ED-B923-F7FAEEDD065B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2329418928-3044193561-448838019-1000Core1d5d63bcb1ea346 => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {77F0CEAB-4DB5-4AE7-AA53-363E35B443C5} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {79D64B7E-9F4F-458F-9A7D-FF8D2FA2F9A8} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {7E9CAFDB-21BC-4ED0-90ED-0687A5D4E5A9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {81133E62-05DA-44DA-B2D8-74BDD77D7C43} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2329418928-3044193561-448838019-1000UA1d5d63bcb261b59 => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {852A5AAE-580A-4F81-8ABF-8B2E2BAADEAF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {89E45BEF-DB4D-4AE1-AD92-750B403E08EB} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {8A6E8DA8-77DD-449C-AD67-2574B34FBC9F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D474FA0-9648-4303-9DA6-5CF4A3652DAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {8E7634E5-CD83-4629-AA5F-C855D6E4E384} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {90BDFB21-29E9-4B3E-B3D2-E3509D81E517} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A171F603-3AC5-4B10-8345-6627B1ED281A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A35AC52B-C7E0-4373-BF10-68A221A22698} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A539D505-0333-4B33-BE38-F4EEFDBD1275} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {A64A4C3D-4E76-4DEA-A101-ACB52D05F9D1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ACD3CB03-82B9-405C-B6DB-544774647B94} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ACE60D4E-030A-436C-8369-7AD3AA795327} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD7DE1BB-F6CE-42E4-984E-4C9C40EDAECA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {C40D8307-AD2E-490E-9DDB-D9A05BDB84BD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C4BFDD40-8F23-4430-9901-DCAE0AF16D11} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {CB26332E-06CB-46B3-90DB-EADBBFE10F9B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1597DA5-C869-42CD-A53A-A90D17753D92} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E3621C24-45AD-422C-A534-2F668C2A2F26} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4A1B904-C9D8-4239-8B23-52288D44B964} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EDC25B32-28C4-4A68-A1AA-4BB1A62E1F43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF3D3FB8-9697-4290-BD6B-D4D730BD58B8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F5F762AA-94A5-409B-8303-125C5A0B10C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC5674C0-3592-4138-973C-2A20D144E6DD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2329418928-3044193561-448838019-1000Core1d5d63bcb1ea346.job => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2329418928-3044193561-448838019-1000UA1d5d63bcb261b59.job => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.99.1
Tcpip\..\Interfaces\{0E5FCD7A-80C0-439B-8D1E-57DA19145446}: [DhcpNameServer] 192.168.99.1
Tcpip\..\Interfaces\{200169AE-1FE9-4BD9-9166-25FC8F6219A3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{200169AE-1FE9-4BD9-9166-25FC8F6219A3}: [DhcpNameServer] 192.168.99.1
Tcpip\..\Interfaces\{5E5E18D1-5475-43F2-8CAA-B375BCFE4249}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A1055CDA-96C3-4400-ADBE-341EC8F50D73}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C9929FBD-4BB8-41FD-AB36-F0651742D144}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\oiOjsTAE.default [2020-01-12]
FF Extension: (Avira Password Manager) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\oiOjsTAE.default\Extensions\passwordmanager@avira.com [2020-01-08]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default [2020-04-16]
CHR Extension: (Docs) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-03]
CHR Extension: (Block Site - Website Blocker for Chrome™) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2020-03-26]
CHR Extension: (Sheets) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-29]
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-29]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GalaxyClientService; E:\GalaxyClient\GalaxyClientService.exe [1208392 2020-01-12] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6617160 2020-01-12] (GOG Sp. z o.o. -> GOG.com)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [332640 2020-01-07] (Pro Softnet Corporation -> Prosoftnet)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-15] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Origin Client Service; E:\Origin\OriginClientService.exe [2495792 2020-04-08] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3447608 2020-04-08] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-04] (Even Balance, Inc. -> )
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2018-05-16] (Realtek Semiconductor Corp -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
S3 E62631D5; C:\Windows\system32\drivers\E62631D5.sys [255928 2020-01-17] (Malwarebytes Corporation -> Malwarebytes)
R3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [112624 2019-08-02] (WDKTestCert builds,131886954661028733 -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [92048 2019-08-02] (WDKTestCert builds,131886954661028733 -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUSB_AUDIO; C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys [53944 2019-08-02] (WDKTestCert builds,131886954661028733 -> Focusrite Audio Engineering Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc -> Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-08-18] (Logitech -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-16] (Malwarebytes Inc -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce13a81bcfac4a48\nvlddmkm.sys [23251968 2019-12-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-22] (NVIDIA Corporation -> NVIDIA Corporation)
S3 phantomtap; C:\WINDOWS\System32\DRIVERS\phantomtap.sys [35664 2019-12-17] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 UcmCxUcsiNvppc; C:\WINDOWS\system32\DRIVERS\UcmCxUcsiNvppc.sys [715224 2019-12-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-16 16:14 - 2020-04-16 16:15 - 000032793 _____ C:\Users\Alexander\Desktop\FRST.txt
2020-04-16 16:14 - 2020-04-16 16:14 - 000000000 ____D C:\FRST
2020-04-16 16:13 - 2020-04-16 16:13 - 002281472 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2020-04-16 16:06 - 2020-04-16 16:06 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-04-16 15:10 - 2020-04-16 15:10 - 000000000 ____D C:\Users\Alexander\Documents\PositiveGrid
2020-04-16 15:10 - 2020-04-16 15:10 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\PositiveGrid
2020-04-16 15:09 - 2020-04-16 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIAS FX 2 Application
2020-04-16 15:09 - 2020-04-16 15:09 - 000000000 ____D C:\Program Files\Common Files\PositiveGrid
2020-04-16 15:09 - 2020-04-16 15:09 - 000000000 ____D C:\Program Files\BIAS FX 2 Application (64bit)
2020-04-16 11:28 - 2020-04-16 11:30 - 000000000 ____D C:\Program Files (x86)\App Deploy
2020-04-16 09:36 - 2020-04-16 12:43 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-04-16 00:35 - 2020-04-16 00:35 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-16 00:35 - 2020-04-16 00:35 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-16 00:35 - 2020-04-16 00:35 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 00:34 - 2020-04-16 00:35 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-16 00:34 - 2020-04-16 00:34 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-16 00:34 - 2020-04-16 00:34 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-16 00:34 - 2020-04-16 00:34 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-16 00:34 - 2020-04-16 00:34 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-16 00:34 - 2020-04-16 00:34 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 00:34 - 2020-04-16 00:34 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 00:34 - 2020-04-16 00:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-16 00:33 - 2020-04-16 00:34 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-16 00:33 - 2020-04-16 00:33 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-16 00:33 - 2020-04-16 00:33 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-16 00:33 - 2020-04-16 00:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-15 23:08 - 2020-04-15 23:15 - 1213666988 _____ C:\Users\Alexander\Desktop\decadentdreams_v2.mov
2020-04-15 12:22 - 2020-04-15 12:22 - 185288169 _____ C:\Users\Alexander\Desktop\bottomless-pit-stems.zip
2020-04-15 00:19 - 2020-04-15 00:19 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-15 00:19 - 2020-04-15 00:19 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-12 15:18 - 2020-04-12 21:50 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Waves Central
2020-04-12 15:17 - 2020-04-12 15:17 - 000001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves Central.lnk
2020-04-12 15:17 - 2020-04-12 15:17 - 000000000 ____D C:\Users\Alexander\AppData\Local\central-updater
2020-04-12 15:17 - 2020-04-12 15:17 - 000000000 ____D C:\Program Files\Waves Central
2020-04-11 02:09 - 2020-04-11 02:09 - 003214957 _____ C:\Users\Alexander\Documents\portrait test.scn
2020-04-08 15:30 - 2020-04-08 17:02 - 003731979 _____ C:\Users\Alexander\Documents\DemoTaps.scn
2020-04-05 00:18 - 2020-04-05 00:18 - 000000000 ____D C:\Users\Alexander\AppData\Local\mvMeter2
2020-04-05 00:18 - 2020-04-05 00:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TBProAudio
2020-04-02 20:58 - 2020-04-02 20:58 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-03-31 14:33 - 2020-03-31 15:32 - 004714528 _____ C:\Users\Alexander\Documents\Primary Polygons 2.scn
2020-03-29 18:46 - 2020-03-29 18:46 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2020-03-29 18:46 - 2020-03-29 18:46 - 000000000 ____D C:\ProgramData\Documents\NI Resources
2020-03-29 18:45 - 2020-03-29 18:45 - 000000000 __HDC C:\ProgramData\{2969B58F-5C2F-46F9-982D-6495CFDC0912}
2020-03-29 18:38 - 2020-03-29 18:38 - 000000000 __HDC C:\ProgramData\{BD1F6AFA-0377-41DA-A67B-34751022E3A9}
2020-03-29 17:56 - 2020-03-29 17:56 - 000000000 ____D C:\Users\Public\Documents\Native Instruments
2020-03-29 17:56 - 2020-03-29 17:56 - 000000000 ____D C:\ProgramData\Documents\Native Instruments
2020-03-29 16:51 - 2020-03-29 16:51 - 000000000 __HDC C:\ProgramData\{81CEA7FA-B451-421B-A524-E55974D1B295}
2020-03-26 23:06 - 2020-03-26 23:06 - 001086200 _____ C:\Users\Alexander\Downloads\2020-03-01 14.55.00.pdf
2020-03-26 23:05 - 2020-03-26 23:05 - 001166424 _____ C:\Users\Alexander\Desktop\Alexander Zepeda W2.pdf
2020-03-26 11:10 - 2020-03-26 12:29 - 001321288 _____ C:\Users\Alexander\Documents\Primary Polygons.scn
2020-03-24 18:28 - 2020-03-24 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack 64bit
2020-03-24 18:28 - 2020-03-24 18:28 - 000000000 ____D C:\Program Files\Combined Community Codec Pack 64bit
2020-03-24 18:27 - 2020-03-24 18:27 - 011302536 _____ (CCCP Project ) C:\Users\Alexander\Downloads\Combined-Community-Codec-Pack-64bit-2015-10-18.exe
2020-03-24 18:20 - 2020-03-24 18:20 - 000554844 _____ C:\Users\Alexander\Downloads\MPEG_Streamclip_1.2.zip
2020-03-24 17:41 - 2020-03-29 18:46 - 000000000 ____D C:\Users\Alexander\Documents\Native Instruments
2020-03-24 17:41 - 2020-03-29 18:46 - 000000000 ____D C:\Users\Alexander\AppData\Local\Native Instruments
2020-03-24 17:41 - 2020-03-24 17:41 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Native Instruments
2020-03-24 17:40 - 2020-03-29 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2020-03-24 17:40 - 2020-03-29 18:44 - 000000000 ____D C:\Program Files\Native Instruments
2020-03-24 17:40 - 2020-03-24 17:40 - 000000000 __HDC C:\ProgramData\{279F6C59-F177-4D5F-9F4A-6D2984D9A649}
2020-03-24 17:40 - 2020-03-24 17:40 - 000000000 ____D C:\ProgramData\Native Instruments
2020-03-24 17:39 - 2020-03-24 17:39 - 072697384 _____ C:\Users\Alexander\Downloads\Native_Access_Installer.zip
2020-03-24 15:11 - 2020-03-18 22:51 - 923183358 _____ C:\Users\Alexander\Desktop\decadentdreams.mp4
2020-03-23 15:55 - 2020-03-23 19:42 - 001944040 _____ C:\Users\Alexander\Documents\Venus Man teaser.scn
2020-03-21 15:33 - 2020-03-21 16:37 - 000000024 _____ C:\Users\Alexander\jagexappletviewer.preferences
2020-03-21 15:33 - 2020-03-21 15:34 - 000000024 _____ C:\Users\Alexander\random.dat
2020-03-21 15:33 - 2020-03-21 15:33 - 024018944 _____ C:\Users\Alexander\Downloads\OldSchool.msi
2020-03-21 15:33 - 2020-03-21 15:33 - 000002134 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2020-03-21 15:33 - 2020-03-21 15:33 - 000000048 _____ C:\Users\Alexander\jagex_cl_oldschool_LIVE.dat
2020-03-21 15:33 - 2020-03-21 15:33 - 000000000 ____D C:\Users\Alexander\jagexcache
2020-03-21 15:33 - 2020-03-21 15:33 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2020-03-20 13:37 - 2020-03-20 14:21 - 000000440 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job
2020-03-20 13:37 - 2020-03-20 13:37 - 000003922 _____ C:\WINDOWS\system32\Tasks\Driver Easy Scheduled Scan
2020-03-20 13:37 - 2020-03-20 13:37 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Easeware
2020-03-20 13:37 - 2020-03-20 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2020-03-20 13:37 - 2020-03-20 13:37 - 000000000 ____D C:\Program Files\Easeware
2020-03-20 13:28 - 2020-03-20 13:28 - 000007605 _____ C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-16 16:14 - 2020-01-26 14:44 - 000936048 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-16 16:14 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-16 16:10 - 2016-05-11 09:08 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Spotify
2020-04-16 16:10 - 2016-05-11 09:08 - 000000000 ____D C:\Users\Alexander\AppData\Local\Spotify
2020-04-16 16:06 - 2020-01-26 14:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-16 16:06 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-16 16:06 - 2015-01-22 11:19 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-16 16:05 - 2019-03-18 21:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-16 16:03 - 2015-01-27 11:36 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\vlc
2020-04-16 13:03 - 2020-01-26 14:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-16 12:42 - 2018-05-22 14:39 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Splice
2020-04-16 11:52 - 2020-01-08 15:21 - 000000000 ____D C:\ProgramData\IDrive
2020-04-16 11:28 - 2015-01-22 10:46 - 000000000 ____D C:\Program Files\Intel
2020-04-16 11:10 - 2018-05-22 10:49 - 000000000 ____D C:\Users\Alexander\AppData\Local\SpliceSettings
2020-04-16 09:36 - 2020-01-26 14:41 - 005013536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 01:49 - 2019-03-18 23:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-16 01:49 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 01:49 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-16 01:49 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 01:49 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 01:49 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-16 01:49 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-16 01:49 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-16 00:40 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-16 00:20 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-16 00:20 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-15 22:49 - 2019-10-01 19:57 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-04-15 22:49 - 2019-10-01 19:57 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-04-15 14:13 - 2015-02-22 14:11 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Origin
2020-04-15 11:40 - 2015-02-22 14:11 - 000000000 ____D C:\ProgramData\Origin
2020-04-15 11:39 - 2015-10-08 12:28 - 000000000 ____D C:\Users\Alexander\AppData\Local\Origin
2020-04-14 13:34 - 2019-12-27 12:36 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\com.spitfireaudio
2020-04-13 22:20 - 2020-01-26 14:52 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2329418928-3044193561-448838019-1000
2020-04-13 22:20 - 2020-01-26 14:52 - 000000000 ___RD C:\Users\Alexander\OneDrive
2020-04-13 22:20 - 2020-01-26 14:44 - 000002417 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-13 18:33 - 2015-01-22 11:04 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-12 21:44 - 2019-09-14 18:39 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Waves Audio
2020-04-12 19:40 - 2019-09-14 18:42 - 000000000 ___SD C:\Program Files (x86)\Waves
2020-04-12 19:40 - 2019-09-14 18:42 - 000000000 ____D C:\Program Files\VSTPlugIns
2020-04-12 19:40 - 2019-09-14 18:38 - 002181120 _____ (Propellerhead Software AB) C:\WINDOWS\system32\ReWire.dll
2020-04-12 19:40 - 2019-09-14 18:38 - 001431552 _____ (Propellerhead Software AB) C:\WINDOWS\SysWOW64\ReWire.dll
2020-04-12 19:40 - 2019-01-20 14:10 - 000000000 ____D C:\Program Files\Common Files\VST3
2020-04-12 15:41 - 2019-01-20 14:11 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\iZotope
2020-04-12 15:39 - 2019-01-20 14:11 - 000000000 ____D C:\Users\Alexander\Documents\iZotope
2020-04-12 15:39 - 2019-01-20 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2020-04-12 15:39 - 2019-01-20 13:56 - 000000000 ____D C:\Program Files (x86)\iZotope
2020-04-12 15:17 - 2015-01-27 12:09 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-12 15:16 - 2019-09-14 18:38 - 000000000 ____D C:\Program Files (x86)\Waves Central
2020-04-08 14:35 - 2020-01-08 10:50 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-07 22:47 - 2019-09-16 15:05 - 000081629 _____ C:\Users\Alexander\Documents\AboveTheGardens.scn
2020-04-06 12:54 - 2015-01-27 12:54 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-02 20:58 - 2015-01-22 11:07 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Dropbox
2020-04-02 09:52 - 2010-11-20 20:27 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-03-29 18:44 - 2019-09-14 18:42 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2020-03-25 11:21 - 2020-01-26 14:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-24 18:31 - 2016-01-13 12:47 - 000000000 ____D C:\Users\Alexander\Desktop\webs
2020-03-24 17:41 - 2019-09-08 15:39 - 000000000 ____D C:\Users\Alexander\AppData\Local\cache
2020-03-24 15:49 - 2019-12-27 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spitfire Audio
2020-03-21 15:33 - 2020-01-26 14:44 - 000000000 ____D C:\Users\Alexander
2020-03-21 01:11 - 2016-04-10 20:44 - 000000000 ____D C:\Users\Alexander\Documents\Proteus
2020-03-20 17:13 - 2020-01-26 14:47 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-20 17:13 - 2020-01-26 14:47 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 13:30 - 2019-12-21 01:17 - 000000000 ____D C:\Users\Alexander\AppData\Local\ElevatedDiagnostics
2020-03-19 13:58 - 2020-01-26 14:47 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-03-19 01:15 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-03-18 11:42 - 2020-01-26 14:47 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-03-18 11:42 - 2018-04-20 14:55 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2015-04-22 13:17 - 2015-04-22 13:17 - 009294818 _____ () C:\Users\Alexander\AppData\Roaming\7.1.2.zip
2016-07-01 00:04 - 2013-08-10 10:09 - 000012005 _____ () C:\Users\Alexander\AppData\Roaming\alsoft.ini
2015-05-02 23:45 - 2015-05-02 23:45 - 000000268 ___RH () C:\Users\Alexander\AppData\Roaming\Bubble Noise
2015-05-02 23:45 - 2015-05-02 23:45 - 000000268 ___RH () C:\Users\Alexander\AppData\Roaming\Bundle
2015-05-02 23:45 - 2015-05-02 23:45 - 000000268 ___RH () C:\Users\Alexander\AppData\Roaming\CIOSupport
2018-08-30 19:02 - 2018-08-30 19:02 - 000001456 _____ () C:\Users\Alexander\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-25 14:13 - 2018-09-25 14:13 - 000000000 _____ () C:\Users\Alexander\AppData\Local\oobelibMkey.log
2018-08-21 15:25 - 2018-08-21 15:25 - 000000847 _____ () C:\Users\Alexander\AppData\Local\recently-used.xbel
2020-03-20 13:28 - 2020-03-20 13:28 - 000007605 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
2008-02-05 15:28 - 2008-02-05 15:28 - 000000051 _____ () C:\Users\Alexander\AppData\Local\setup.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by Alexander (16-04-2020 16:15:44)
Running from C:\Users\Alexander\Desktop
Windows 10 Pro Version 1909 18363.778 (X64) (2020-01-26 21:48:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2329418928-3044193561-448838019-500 - Administrator - Disabled)
Alexander (S-1-5-21-2329418928-3044193561-448838019-1000 - Administrator - Enabled) => C:\Users\Alexander
DefaultAccount (S-1-5-21-2329418928-3044193561-448838019-503 - Limited - Disabled)
Guest (S-1-5-21-2329418928-3044193561-448838019-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2329418928-3044193561-448838019-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2329418928-3044193561-448838019-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aalto VST version 1.3.2 (HKLM-x32\...\{F497817C-ED52-4C60-9C99-93C219254E4A}_is1) (Version: 1.3.2 - Madrona Labs, LLC)
Ableton Live 10 Suite (HKLM\...\{BF5B0440-80C4-4F3B-B0FD-AB43B2CC106D}) (Version: 10.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM-x32\...\{3573AD96-0B2F-4D56-BD66-2370C0F4EA99}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_5) (Version: 19.1.5 - Adobe Systems Incorporated)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.4 - Electronic Arts, Inc.)
Apowersoft Phone Manager version 2.3.8 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.3.8 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AudioBox VSL version 1.0 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.0 - PreSonus)
BIAS FX 2 Plugins Pack (64bit) (HKLM\...\{8706A836-9CA4-4E9D-AB6B-E5C552F39E58}) (Version: 2.1.9.4900 - PositiveGrid)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Caustic Editor for Volca Sample (HKLM-x32\...\CEVS) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Easy 5.6.14 (HKLM\...\DriverEasy_is1) (Version: 5.6.14 - Easeware)
Dropbox (HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Dropbox) (Version: 94.4.384 - Dropbox, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Flux) (Version: - f.lux Software LLC)
Focusrite USB 4.63.24.564 (HKLM\...\Focusrite USB_is1) (Version: 4.63.24.564 - Focusrite Audio Engineering, Ltd.)
Folder Size 4.5.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 4.5.0.0 - MindGems, Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IDrive version 6.7.3.1 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.1 - Pro Softnet Corp)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
iTunes (HKLM\...\{A9921EE9-86E5-402C-A934-4A8DBAD99E24}) (Version: 12.9.2.6 - Apple Inc.)
iZotope Nectar 3 Elements (HKLM-x32\...\Nectar 3 Elements) (Version: 3.00 - iZotope, Inc.)
iZotope Vocal Doubler (HKLM-x32\...\Vocal Doubler) (Version: 1.00 - iZotope, Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LG United Mobile Drivers (HKLM-x32\...\{73EAAF2F-9A69-409B-832F-2DCD0371CD44}) (Version: 3.11.3.0 - LG Electronics)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC Essentials 1.8.2 (HKLM\...\com.akaipro.mpc.essentials_is1) (Version: 1.8.2 - Akai Professional)
mvMeter2 1.0.22 (HKLM\...\{97D23C74-E340-4E1E-8306-184BC7FB8C68}}_is1) (Version: 1.0.22 - TBProAudio)
Native Instruments Analog Dreams (HKLM-x32\...\Native Instruments Analog Dreams) (Version: 1.1.0.5 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.2.2.51 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.12.1.129 - Native Instruments)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version: - neftojpg.com)
Neutron 3 Elements (HKLM-x32\...\Neutron 3 Elements) (Version: 3.0.0 - iZotope, Inc.)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 441.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
Ozone 8 Elements (HKLM-x32\...\Ozone 8 Elements) (Version: 8.01 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.)
Product Portal (HKLM-x32\...\Product Portal) (Version: - iZotope, Inc.)
proximityEQ plus 1.0.2 (HKLM\...\{2C94D9B4-6145-4498-820C-15E2CC240A15}_is1) (Version: 1.0.2 - sonible)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.1.18 - Spitfire Audio Holdings Ltd)
Splice (HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\splice) (Version: 3.6.21 - Distributed Creation, Inc.)
Spotify (HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\Spotify) (Version: 1.1.30.658.gf13cde74 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.24.0.0 - GOG.com)
TSLRCM 1.8.3 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )
Version 0.92 (HKLM-x32\...\UMI3 Panel_is1) (Version: - )
Video Download Capture version 4.9.9 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.9 - APOWERSOFT LIMITED)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.21 - NCH Software)
ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.10.3 - Nikon)
VIP 3.1.1.14 (HKLM-x32\...\{B3FC246F-87F6-4476-9E79-F14FB5A1F773}_is1) (Version: - inMusic Brands)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.58 - Waves Audio Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Filmora(Build 8.5.1) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-02-07] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-28] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => E:\Dropbox\Dropbox [2019-06-27 16:20]
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2329418928-3044193561-448838019-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2019-12-24] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2019-12-24] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2019-12-24] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2019-12-24] () [File not signed]
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2019-12-24] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2019-12-24] () [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-12-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2329418928-3044193561-448838019-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2329418928-3044193561-448838019-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2329418928-3044193561-448838019-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-03-03] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-03-03] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Alexander\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
ShortcutWithArgument: C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Loaded Modules (Whitelisted) =============
2020-01-08 15:21 - 2019-12-24 16:57 - 004689408 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2020-01-08 15:21 - 2019-12-24 16:57 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-01-08 15:21 - 2019-12-24 16:57 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2015-10-08 12:28 - 2020-03-16 14:05 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\LIBEAY32.dll
2020-01-15 19:05 - 2020-03-16 14:06 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] E:\Origin\ssleay32.dll
2020-01-15 19:04 - 2020-03-10 19:17 - 001611264 _____ (The Qt Company Ltd) [File not signed] E:\Origin\platforms\qwindows.dll
2020-04-10 15:40 - 2020-03-10 19:17 - 005487104 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Core.dll
2020-04-10 15:40 - 2020-03-10 19:17 - 005841920 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Gui.dll
2020-04-10 15:40 - 2020-03-10 19:17 - 001179136 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Network.dll
2020-04-10 15:40 - 2020-03-10 19:17 - 000146432 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5WebSockets.dll
2020-04-10 15:40 - 2020-03-10 19:17 - 005089792 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Widgets.dll
2020-04-10 15:40 - 2020-03-10 19:17 - 000184832 _____ (The Qt Company Ltd) [File not signed] E:\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:2D505CC0B8D64E5A [217]
AlternateDataStreams: C:\Users\All Users:2D505CC0B8D64E5A [217]
AlternateDataStreams: C:\Users\Alexander\Desktop\decadentdreams.mp4:com.dropbox.attrs [52]
AlternateDataStreams: C:\ProgramData\Application Data:2D505CC0B8D64E5A [217]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexander\Desktop\drive\413_Poemfield3web.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\StartupApproved\Run: => "com.squirrel.splice.Splice"
HKU\S-1-5-21-2329418928-3044193561-448838019-1000\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{78B58ABC-C6A0-495A-A5CB-327CA5D1D33C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{478C6825-2D71-4889-AA36-8C25994E45D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8A53A411-B4F4-4334-B102-CC5F36D5B830}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1CA78F43-060F-4A55-9FA5-C90CD1E4B3F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{70DF447E-194D-485E-B291-5BDFC6491C73}E:\origin games\apex\r5apex.exe] => (Allow) E:\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [TCP Query User{4BD4FBE3-56EE-4EB8-9CBE-7E223732E0C6}E:\origin games\apex\r5apex.exe] => (Allow) E:\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{3C3AB493-B7E5-4015-87EF-56AE9731CA32}] => (Allow) E:\Origin Games\Jedi Fallen Order\SwGame\Binaries\Win64\starwarsjedifallenorder.exe No File
FirewallRules: [{2EF6F843-276B-4A83-B4DE-B084DFAE99E4}] => (Allow) E:\Origin Games\Jedi Fallen Order\SwGame\Binaries\Win64\starwarsjedifallenorder.exe No File
FirewallRules: [{C8248B05-B54B-441E-9C3A-E53E81A92B79}] => (Allow) E:\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{ED798377-4306-4EB9-A822-9BBCB2EC6E7D}] => (Allow) E:\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{3EA6A601-8727-40D2-AEC3-84BC7EE90528}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2AD1D80B-3405-4C29-91B8-0512AB30D64A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6AF53383-AE7F-40A5-8388-EDC7CF8A8970}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{E40EBB17-B7D1-41AB-8DD8-0B349F24DA42}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{A8E39EF4-3BFA-4876-A009-0D5C69BC24E0}] => (Allow) E:\Steam\steamapps\common\Sekiro\Artwork_MiniSoundtrack\DigitalArtwork_MiniSoundtrack.exe (Activision Publishing Inc -> DIGITAL ARTWORK & MINI SOUNDTRACK)
FirewallRules: [{CD09D1F1-E874-4AF9-898E-41111F05131A}] => (Allow) E:\Steam\steamapps\common\Sekiro\Artwork_MiniSoundtrack\DigitalArtwork_MiniSoundtrack.exe (Activision Publishing Inc -> DIGITAL ARTWORK & MINI SOUNDTRACK)
FirewallRules: [{80E5BC6C-9A1F-47AE-BAB3-D36455CEA86E}] => (Allow) E:\Steam\steamapps\common\cave story+\CaveStory+.exe () [File not signed]
FirewallRules: [{B7A6B55E-5933-4D7C-B19B-D29E47A915F2}] => (Allow) E:\Steam\steamapps\common\cave story+\CaveStory+.exe () [File not signed]
FirewallRules: [{F1B6CFF0-492B-41AF-B7AD-5FA87785BD69}] => (Allow) E:\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{EAD1450D-FC90-48FA-BB35-A6268781558F}] => (Allow) E:\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [UDP Query User{FC2F6929-29C7-414A-A2C5-82533C9C7D53}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Block) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe (Ableton AG -> Ableton)
FirewallRules: [TCP Query User{ECE4DAF1-09AB-40FE-A451-2732EA67BA81}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Block) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe (Ableton AG -> Ableton)
FirewallRules: [{2FAB1E64-924B-4416-A221-4045110453C4}] => (Allow) E:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe No File
FirewallRules: [{F398EA5E-2A61-4F51-8601-4DFAD5BED625}] => (Allow) E:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe No File
FirewallRules: [{3E8F8A44-2CE4-4DCF-B908-8BD4A681EBCA}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe No File
FirewallRules: [{2CCCA8C0-894B-4CFA-AB51-94872E6DD6AF}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe No File
FirewallRules: [UDP Query User{D65F6D9E-95E4-4A98-A28E-034F3AC2E0C7}E:\origin games\apex\r5apex.exe] => (Block) E:\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [TCP Query User{5691AC99-2FE7-4106-AD8B-62CC3B5ED3E5}E:\origin games\apex\r5apex.exe] => (Block) E:\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{880D8698-FC58-4059-9C5D-0024F4222316}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ACCD00CF-5A9A-4841-85BD-A2138A3CB9D3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7FF26090-65E1-49BF-99CE-26B49056B2B6}] => (Allow) D:\steam\steamapps\common\super meat boy\SuperMeatBoy.exe () [File not signed]
FirewallRules: [{998F00AF-C152-4C22-A086-49CB62134570}] => (Allow) D:\steam\steamapps\common\super meat boy\SuperMeatBoy.exe () [File not signed]
FirewallRules: [{7FF46113-7C09-4F4B-B656-231539986DEC}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe () [File not signed]
FirewallRules: [{138E0399-F5E8-4CE2-A01A-AFA7AE2EE1D1}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe () [File not signed]
FirewallRules: [{585A7D62-E33B-4609-A529-734ECD146C48}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe () [File not signed]
FirewallRules: [{D1F2B43C-D923-4389-B42D-A7537D4E7E54}] => (Allow) E:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe () [File not signed]
FirewallRules: [{2FB6C27D-4797-4546-A9D0-E0CE17D5D4F9}] => (Allow) E:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe () [File not signed]
FirewallRules: [{0B2B5D46-C0B9-4E08-93B8-84D7336F2B6E}] => (Allow) E:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe () [File not signed]
FirewallRules: [{21A2270C-8351-47A4-954A-B07F9F98BD40}] => (Allow) E:\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe No File
FirewallRules: [{E5EB3123-D3C4-48FC-96B5-1D866BC66726}] => (Allow) E:\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe No File
FirewallRules: [{D3D4240A-6709-440E-B9D9-64D2F6823D58}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{EA412DC1-E5E5-4E5E-AC8C-E07B613856A3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{14F14A28-1316-4F35-8F9F-8CCB93300A60}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3D23D4D9-0F23-442F-B229-DD38ADC72B94}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{88E767CC-E165-44D2-956F-8EAB65495CC2}] => (Allow) LPort=53
FirewallRules: [{37467452-2BB7-4AEE-9729-9D40B07C2FDB}] => (Allow) LPort=1542
FirewallRules: [{61B86612-6806-4ABA-88BC-064C8F300578}] => (Allow) LPort=1542
FirewallRules: [{BE0BFA3E-01D6-4888-A765-5B0BF48CFA9F}] => (Allow) LPort=53
FirewallRules: [{812D52DA-8FAB-411C-BFFD-19CEB25BFA36}] => (Allow) E:\Steam\steamapps\common\Dark Forces\DosBox\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{75D3978A-D021-4EDC-BA11-AF9EE6169BFA}] => (Allow) E:\Steam\steamapps\common\Dark Forces\DosBox\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{73852E52-280D-482C-AFC3-A96A2A0B5281}] => (Allow) E:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{B67D76AE-DAD0-4B2B-B500-9942AA9F0834}] => (Allow) E:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{4A95057A-A04E-4454-9D72-F58865417D3E}] => (Allow) E:\Steam\steamapps\common\SS2\SS2.exe (Looking Glass Studios) [File not signed]
FirewallRules: [{82A1C0B0-B2F5-4FF9-8726-6443E8A222DB}] => (Allow) E:\Steam\steamapps\common\SS2\SS2.exe (Looking Glass Studios) [File not signed]
FirewallRules: [{6C484689-F8F1-418E-840E-19A2F4C9D027}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{403A8CF5-321D-49C7-B61D-E2F3DAFA05D5}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{106373AF-E615-499B-983B-13D199CE48D3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{10427C9C-AA17-43DB-8897-A46016804530}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{877C0404-D18E-4B66-B00C-779FEF21CFD9}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games)
FirewallRules: [{27F6557C-643D-4DB7-946B-27AECA7E6C84}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games)
FirewallRules: [{8EB223CA-3177-4609-8D5B-0A9F96BA2A98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9C8522E1-0FC4-4DBC-B0A5-FB53B53FFC7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AEDEBD5F-BE82-4EF1-947E-CF4E5134A1AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{C9174317-1E0E-4573-931A-5778CCFA1485}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BEFEC963-BDE7-46AB-8DBD-0309A04ED062}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{35E1D3A1-C5FB-4D7A-97D9-09F742EC70E6}] => (Allow) E:\Steam\steamapps\common\Passpartout\Passpartout.exe () [File not signed]
FirewallRules: [{080270B4-6C0B-49A5-B3E8-69BA8BCBD0CF}] => (Allow) E:\Steam\steamapps\common\Passpartout\Passpartout.exe () [File not signed]
FirewallRules: [{855435DE-8C78-403A-A8EF-6A6062955B9E}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{B72CA021-9E50-413B-B174-793CE6CB0895}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E5F059D4-F111-44C7-99E5-33ECDCF1D349}] => (Allow) E:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed]
FirewallRules: [{56548C4C-3F7B-4223-991F-143A6372074E}] => (Allow) E:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed]
FirewallRules: [{B53A5A52-FE9A-4C7C-B9B5-C0F8419B672A}] => (Allow) D:\steam\steamapps\common\vvvvvv\VVVVVV.exe () [File not signed]
FirewallRules: [{41D5D4D7-E1E5-4BB9-8785-87C78245FE67}] => (Allow) D:\steam\steamapps\common\vvvvvv\VVVVVV.exe () [File not signed]
FirewallRules: [{9D51C89D-3AE4-426C-8315-BF6D5027335B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF17A5AC-F482-47B7-8743-8AA3C6024934}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C5A5F2EF-DCDB-4FBC-BD1A-E94083921117}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{720F95FC-176D-42D5-A550-14AB342520E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{58368B77-ADFD-4176-84E5-F3CFD5474A5D}E:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [TCP Query User{4473738C-C59B-45FB-A64D-EDA9C4DCCDAC}E:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [UDP Query User{D43A36F3-252A-4096-9AA6-9CF61DDC6579}E:\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) E:\steam\steamapps\common\outlast\binaries\win64\olgame.exe No File
FirewallRules: [TCP Query User{82E9E583-B03B-4D7D-A2D8-7BA8B4AB7923}E:\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) E:\steam\steamapps\common\outlast\binaries\win64\olgame.exe No File
FirewallRules: [{20DD4C38-221B-49CD-B03C-FDB2575890A7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{DF514C75-8C69-4641-9560-D7ED9310F875}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [UDP Query User{F5716754-BEB6-4655-9FF1-EF9C7DCA93E4}E:\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) E:\steam\steamapps\common\fallout 4\fallout4.exe No File
FirewallRules: [TCP Query User{52DF713A-9DED-4190-9A55-AD5D815D0663}E:\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) E:\steam\steamapps\common\fallout 4\fallout4.exe No File
FirewallRules: [{99B6A466-4E2E-4884-BB8D-5F1FAA181A3B}] => (Allow) E:\Steam\steamapps\common\psychonauts\Psychonauts.exe (Double Fine Productions) [File not signed]
FirewallRules: [{DF04CBE9-AEA4-4404-BE06-435C59AE7FAC}] => (Allow) E:\Steam\steamapps\common\psychonauts\Psychonauts.exe (Double Fine Productions) [File not signed]
FirewallRules: [{709B7679-C35E-4A5B-A97A-B23FE204FFC9}] => (Allow) E:\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe No File
FirewallRules: [{FD2361E9-A22C-4AEA-9BC3-A6E735E3B81C}] => (Allow) E:\Steam\steamapps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe No File
FirewallRules: [{429EC544-585F-4C77-BEF6-2242AEA3040A}] => (Allow) E:\Steam\steamapps\common\hotline_miami\HotlineMiami.exe (Devolver) [File not signed]
FirewallRules: [{34B49D2B-57E2-4DA7-B5B2-C96AC1F70540}] => (Allow) E:\Steam\steamapps\common\hotline_miami\HotlineMiami.exe (Devolver) [File not signed]
FirewallRules: [UDP Query User{BD7BFE33-30C6-40E5-838B-079B8A8AD76A}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\alexander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F3CDE7F0-A62C-40A0-A831-EBBE9F77D6C1}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\alexander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CA63F4BE-85CF-43C0-9599-0C8E469EB6C9}] => (Allow) E:\Steam\steamapps\common\Braid\braid.exe () [File not signed]
FirewallRules: [{7C5A3B58-B47B-428A-B87D-840F11713ABB}] => (Allow) E:\Steam\steamapps\common\Braid\braid.exe () [File not signed]
FirewallRules: [{81ADEC24-CD57-459A-A449-703620532F09}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A7D94D89-5ED9-4121-BD4C-16CA1A3F1629}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{591BF3CA-5593-4A75-898B-222EE6DC1F55}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9DC9F205-38D8-4CBC-8F8B-52230D5DA8B4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [UDP Query User{2DAB66D7-C520-4616-8EBD-6B295A1D4AF9}C:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{E32B546E-9763-4C57-A158-BFC57FB83AF6}C:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{C80B4F88-BDAB-46A2-9819-1C80AF6AE9CF}] => (Allow) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{460B557F-AF10-43C2-A8AC-EEF7D9336A22}] => (Allow) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{BFB48558-DE1F-4085-AD6C-3CB5C4514002}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe (APOWERSOFT LIMITED -> )
FirewallRules: [{BE6F95BD-2A1A-48BD-A855-774540D32D92}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe (APOWERSOFT LIMITED -> )
FirewallRules: [{2F21490A-82A6-41B8-90FB-887A70B240F6}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe (APOWERSOFT LIMITED -> )
FirewallRules: [{A9704EB1-E1E8-4AA9-ABC5-1F380D9F2393}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe (APOWERSOFT LIMITED -> )
FirewallRules: [{F527CC1C-1462-48F2-8BD4-1B26D7B1BD26}] => (Allow) LPort=1900
FirewallRules: [{27B9D9BA-1F1F-4D5F-995D-6645252E8F7F}] => (Allow) LPort=2869
FirewallRules: [{A6ABF448-A4A3-4405-9393-D5C7C2560AB1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D1DA500-E889-41CE-8822-8FC348969BDB}] => (Allow) E:\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe (GSC Game World -> )
FirewallRules: [{0F726DB1-004A-472E-876C-283A38CFFE25}] => (Allow) E:\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe (GSC Game World -> )
FirewallRules: [{A9279A70-EF5F-4AE9-A820-1E01270D7DB5}] => (Allow) E:\Video Download Capture\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{A9E53312-E442-41CE-AA6D-7B9F869A98FA}] => (Allow) E:\Video Download Capture\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{B2A8D9D9-3525-41FC-9543-FF1A4967F22C}] => (Allow) E:\Video Download Capture\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{3F50D36C-E4BA-4E7C-AECD-FB92B1346933}] => (Allow) E:\Video Download Capture\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{D232D5B1-AF91-408B-92BE-C0B1867C2934}] => (Allow) E:\Video Download Capture\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{9E0AEC3C-5F4E-4D7C-88AA-108698BD7DA8}] => (Allow) E:\Video Download Capture\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{E178E79D-8C96-434D-BEE6-022060631E00}] => (Allow) E:\Video Download Capture\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{CF1FF8C0-E542-4E64-A748-532D169EDD5C}] => (Allow) E:\Video Download Capture\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{98B0321D-A0F7-4B2B-862B-20C41B0C192D}] => (Allow) E:\Video Download Capture\ApowersoftDump.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{2B5EA955-2B02-41AB-B958-25A1E90CFD29}] => (Allow) E:\Video Download Capture\ApowersoftDump.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{6D9B27EC-00D1-432B-A76B-3FA929FC45DD}] => (Allow) E:\Video Download Capture\ApowersoftSrv.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{753754DB-92A9-44E9-954E-63C17448B277}] => (Allow) E:\Video Download Capture\ApowersoftSrv.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{D5E6E641-E493-4ACA-B08D-2B5A71E9CEEA}] => (Allow) E:\Video Download Capture\Video Download Capture.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{6294A710-A1A8-4AC4-BC4B-92F6E69B4E3E}] => (Allow) E:\Video Download Capture\Video Download Capture.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [UDP Query User{E3D76BAA-45C2-4514-B87D-82052B604730}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{8EB2FAAA-8E8A-4240-842E-324EB5204A05}C:\users\alexander\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexander\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F4D8EB95-C1C0-4510-83D3-C14047B7D9CE}] => (Allow) E:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed]
FirewallRules: [{DBC41422-9899-4584-8C42-8D85493E01A5}] => (Allow) E:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed]
FirewallRules: [{EAA194DE-8AFC-47DD-A6BD-788BABBA9FD2}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe () [File not signed]
FirewallRules: [{24A42F39-FDEC-404B-B7DE-FAD9925F1DCC}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe () [File not signed]
FirewallRules: [{15FCAF56-6CA4-435D-B8A0-53ECF3C796E6}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe () [File not signed]
FirewallRules: [{21BCEE38-8BD3-409D-A01C-FD635881D3B9}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe () [File not signed]
FirewallRules: [{C935D6ED-FF53-4356-B951-4BC3D7300A48}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{3E66790B-8B4F-4475-9A35-C557C98DD834}] => (Allow) E:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{FBB47362-C5B6-4623-9C8D-A95FEDD75CC7}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe No File
FirewallRules: [{2E324EC2-6404-47DB-A121-01E84AD5674E}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe No File
FirewallRules: [{46CD1FB7-477B-416B-BE89-181E6285C90F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{B7E4694D-5E4A-4153-9A83-5111FCEA6417}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe No File
FirewallRules: [{E0824DE4-AD5E-4DCC-9118-EAC8B55BE622}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{FF3A39EE-38E9-4730-97B2-CA390963F71D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe No File
FirewallRules: [{180F9EB3-3BF8-42A7-9FA3-D0FDFA268326}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{17FEB960-44F9-44D5-AC8B-05BFA99500E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{32D9297C-5555-4D11-9D36-4EBE396D8281}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Allow) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe (Ableton AG -> Ableton)
FirewallRules: [UDP Query User{AC1F83FA-908F-45F1-AC33-821977714242}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Allow) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe (Ableton AG -> Ableton)
FirewallRules: [{4B50DEAF-2285-43E2-952E-4552B4329E8E}] => (Allow) E:\Steam\steamapps\common\Cathodemer\Cathodemer.exe () [File not signed]
FirewallRules: [{8A097CDE-D830-410B-8927-EADEFEB952DB}] => (Allow) E:\Steam\steamapps\common\Cathodemer\Cathodemer.exe () [File not signed]
FirewallRules: [{5C119F14-40C0-4697-A0CD-126E496E7246}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{E1AC12CB-14DE-43F7-A0B6-8A64682200BD}] => (Allow) E:\Steam\steamapps\common\Drawful 2\Drawful 2.exe () [File not signed]
FirewallRules: [{27324392-00FD-4E4F-846C-A765BB377F52}] => (Allow) E:\Steam\steamapps\common\Drawful 2\Drawful 2.exe () [File not signed]
FirewallRules: [{4F60A142-B198-4616-8AC0-4C0607D527A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DC383AA6-4913-4000-8461-1348364917E8}] => (Allow) E:\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{4BBA7A54-6F43-4219-AC1E-BCEB6AB678B8}] => (Allow) E:\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:119.14 GB) (Free:30.52 GB) (26%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/16/2020 03:54:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2700,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/16/2020 03:43:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4284,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/16/2020 03:15:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/16/2020 02:51:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/16/2020 02:13:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/16/2020 02:06:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1476,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/16/2020 01:43:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2640,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/16/2020 01:34:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7260,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
System errors:
=============
Error: (04/16/2020 01:03:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:43:24 PM on 4/16/2020 was unexpected.
Error: (04/16/2020 11:30:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Services x64 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/16/2020 11:30:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the System Services x64 service to connect.
Error: (04/16/2020 11:28:41 AM) (Source: IntelHaxm) (EventID: 10) (User: )
Description:
Error: (04/11/2020 02:12:12 AM) (Source: DCOM) (EventID: 10010) (User: Alexander-PC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/11/2020 02:12:12 AM) (Source: DCOM) (EventID: 10010) (User: Alexander-PC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/11/2020 02:12:12 AM) (Source: DCOM) (EventID: 10010) (User: Alexander-PC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/11/2020 02:12:12 AM) (Source: DCOM) (EventID: 10010) (User: Alexander-PC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2020-04-16 11:31:03.891
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Uwasson.A!ml
ID: 251745
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Alexander\AppData\Local\Temp\7zO35D6.tmp\FabFilter Total Bundle v2019.3.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.313.1668.0, AS: 1.313.1668.0, NIS: 1.313.1668.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-16 11:28:33.536
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Uwasson.A!ml
ID: 251745
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Alexander\AppData\Local\Temp\7zO35D6.tmp\FabFilter Total Bundle v2019.3.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.313.1668.0, AS: 1.313.1668.0, NIS: 1.313.1668.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-16 11:28:22.859
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Uwasson.A!ml
ID: 251745
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Alexander\AppData\Local\Temp\7zO35D6.tmp\FabFilter Total Bundle v2019.3.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\ALEXAN~1\AppData\Local\Temp\7zO35D6.tmp\FabFilter Total Bundle v2019.3.exe
Security intelligence Version: AV: 1.313.1668.0, AS: 1.313.1668.0, NIS: 1.313.1668.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-16 11:28:01.906
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Uwasson.A!ml
ID: 251745
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Alexander\AppData\Local\Temp\7zO35D6.tmp\FabFilter Total Bundle v2019.3.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.313.1668.0, AS: 1.313.1668.0, NIS: 1.313.1668.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-16 11:27:56.288
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Uwasson.A!ml
ID: 251745
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Alexander\AppData\Local\Temp\7zO35D6.tmp\FabFilter Total Bundle v2019.3.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.313.1668.0, AS: 1.313.1668.0, NIS: 1.313.1668.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
CodeIntegrity:
===================================
Date: 2020-04-16 12:44:50.383
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-16 12:44:49.539
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-16 12:44:48.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-16 12:44:47.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-16 12:44:46.358
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-16 11:56:33.464
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-16 11:56:32.909
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-04-16 11:56:31.943
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1502 03/02/2011
Motherboard: ASUSTeK Computer INC. SABERTOOTH P67
Processor: Intel® Core i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 46%
Total physical RAM: 8168.97 MB
Available physical RAM: 4356.65 MB
Total Virtual: 16360.97 MB
Available Virtual: 11269.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:30.52 GB) NTFS
Drive d: (Side Hard Drive) (Fixed) (Total:111.79 GB) (Free:39.85 GB) NTFS
Drive e: (Main Hard Drive) (Fixed) (Total:1397.26 GB) (Free:758.49 GB) NTFS
Drive g: (ESD-USB) (Removable) (Total:31.99 GB) (Free:27.97 GB) FAT32
\\?\Volume{41c15221-a25d-11e4-83fd-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 54E77F82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 4F011FD3)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (Protective MBR) (Size: 114.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
