Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Malware removal

12K views 98 replies 2 participants last post by  Qwacu 
#1 ·
Problem: Please this is what I see on my desktop whenever am done booting my pc 'winscomrssrv.dll'. Since that period am no more able to update my windows and also open the windows defender.

Question: Please how can you help me out?

Please here is my pc specification;
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 17763, Installed 20190730173227.000000+720
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics, AMD64 Family 22 Model 48 Stepping 1, CPU Count: 4
Total Physical RAM: 4 GB
Graphics Card: AMD Radeon(TM) R5 Graphics, 512 MB
Hard Drives: C: 221 GB (60 GB Free); D: 244 GB (35 GB Free);
Motherboard: HP 8015, ver 11.27, s/n PFQLQ018J20BI3
System: American Megatrends Inc., ver HPQOEM - 1072009, s/n 5CD614433F
Antivirus: 360 Total Security, Updated: Yes, On-Demand Scanner: Enabled
 
See less See more
#2 ·
Hi, Qwacu.

Welcome to Tech Support Guy Forums. :)

Please, download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt. Please copy and paste the content of these two logs in your next reply.

NOTES:


1. Do not run any tool unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

2. Always ask before act. Do not continue if you are not sure, or if something unexpected happens.

3. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.
 
#3 ·
FOR FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-03-2020
Ran by Emmanuel (administrator) on DESKTOP-ES3D6SG (HP HP 15 Notebook PC) (06-04-2020 09:46:57)
Running from C:\Users\Emmanuel\Desktop
Loaded Profiles: Emmanuel (Available Profiles: Emmanuel)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atiesrxx.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\ProgramData\360TotalSecurity\DesktopPlus\DesktopPlus64.exe
(CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) [File not signed] C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Emmanuel\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Emmanuel\AppData\Roaming\Dashlane\DashlanePlugin.exe
(FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Driver Booster\7.3.0\Pub\PubMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Opera Software AS -> Opera Software) C:\Users\Emmanuel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
(Opera Software AS -> Opera Software) C:\Users\Emmanuel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-12] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [413000 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-27] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [80832 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Microsoft Word] => wscript.exe //D "C:\Users\Emmanuel\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [360DesktopLite] => C:\ProgramData\360TotalSecurity\DesktopPlus\DesktopPlus64.exe [3269472 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Dashlane] => C:\Users\Emmanuel\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-03-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [DashlanePlugin] => C:\Users\Emmanuel\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-03-11] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Opera Browser Assistant] => C:\Users\Emmanuel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3024920 2020-03-27] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {04db7fb0-5c88-11ea-8bd6-705a0f2c7539} - "G:\SISetup.exe"
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {56d9a3c9-fda6-11e9-8a1a-705a0f2c7539} - "F:\autorun.exe"
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {73585da3-ec9a-11e9-89f5-705a0f2c7539} - "F:\AutoRun.exe"
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {73585dd5-ec9a-11e9-89f5-705a0f2c7539} - "F:\AutoRun.exe"
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1A0D38BE-2581-4AC2-B11A-FF4D0D0257EE} - System32\Tasks\Software Updater SkipUAC(Emmanuel) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4220688 2020-02-18] (IObit Information Technology -> IObit) <==== ATTENTION
Task: {27B6A76D-C844-4EB6-9C93-67C7D56798BD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A37AAEE-0C64-41C6-AD08-4748051C3FBC} - System32\Tasks\Opera scheduled assistant Autoupdate 1583248820 => C:\Users\Emmanuel\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Task: {3ADF9D9D-2845-4156-B48D-DED456B4A3E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4369824 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {413D6B12-91FA-4B80-BDF8-12A3F204E39F} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [688128 2019-01-31] (FreeDownloadManager.org) [File not signed]
Task: {41535747-902B-43A4-942D-615174CDD0A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4217C694-43D6-411F-81B0-96735ECAE4C8} - System32\Tasks\Opera scheduled Autoupdate 1564471381 => C:\Users\Emmanuel\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Task: {4C30F16B-7196-47AF-A504-6347CD9898F7} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\Scheduler.exe [149776 2020-02-28] (IObit Information Technology -> IObit)
Task: {4DDF35D6-BB6A-41FA-BD07-1A44F6B1F657} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-04-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {59E2B863-1CC6-4168-A12E-DB9826CE859F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {71B25380-2834-443B-AF0F-56141EDEE50B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {74722000-7D41-4FCC-A6F0-E95AE880B4FA} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\AutoUpdate.exe [2369808 2020-03-07] (IObit Information Technology -> IObit)
Task: {817EEF09-276E-4481-96B7-415E926E86E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {8775FD77-36CE-4A0E-9671-FDB4BEDF8A24} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {94FB226D-9513-4262-B179-06E94D6E6BBF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A10043E9-B5B3-4C40-8186-03561149D3AD} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1787152 2020-01-16] (IObit Information Technology -> IObit Software updater) <==== ATTENTION
Task: {A4E22A09-F89A-4895-9686-549A9140845D} - System32\Tasks\AutoPico Daily Restart
Task: {AA424FFA-95D6-4EF4-B4F4-48546CB203E7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACBB760B-FFB9-4A02-BC35-070EB9EB5F62} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4475136 2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Task: {B1B6AC65-FF39-433E-B1AA-19A0CD0D12CB} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4220688 2020-02-18] (IObit Information Technology -> IObit)
Task: {C0E372A0-059B-4BF2-9C4A-C299B750E38F} - System32\Tasks\BoostTray SkipUAC (Emmanuel) => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\BoostTray.exe [3173136 2020-03-07] (IObit Information Technology -> IObit)
Task: {C134AA73-59DF-437F-9175-01BAF8F4F545} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4369824 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5EAB2BE-8FB6-4474-9281-F864027A4626} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv
Task: {D26EA98E-03A8-4C1F-B0E3-E08644D51606} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {D3EBF9C2-A02F-4339-AFBD-00F20988121F} - System32\Tasks\Driver Booster SkipUAC (Emmanuel) => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\DriverBooster.exe [7892240 2020-03-07] (IObit Information Technology -> IObit)
Task: {D7191A37-83CD-4766-A61B-2BF68408D954} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-ES3D6SG-Emmanuel => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-12] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {EFA233D0-A096-4E57-92F4-8CC8023B05CD} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-10-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: mc3byqaa.default
FF ProfilePath: C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\mc3byqaa.default [2020-04-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-3975140369-1696558351-1519201624-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js [2018-09-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cck2.cfg [2018-09-19] <==== ATTENTION
Opera:
=======
OPR Notifications: hxxps://click.infocenter.support; hxxps://herdoperolhan.pro; hxxps://pushmedear.com; hxxps://xyvaw.talkreply.com
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-04-25] (Advanced Micro Devices, Inc. -> )
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atiesrxx.exe [522880 2020-03-14] (Advanced Micro Devices, Inc. -> AMD)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [56256 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11091224 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126520 2011-05-11] (Hewlett-Packard Company -> HP)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [965472 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
S3 QHProtected; C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe [3147048 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [269816 2020-01-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-22] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\NisSrv.exe [3630832 2019-09-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [199008 2019-09-20] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [95232 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [343928 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [57848 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
S0 360elam64; C:\Windows\System32\DRIVERS\360elam64.sys [17192 2019-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> 360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [466296 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [317240 2020-04-03] (Beijing Qihu Technology Co., Ltd. -> 360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [96424 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [36024 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [35848 2019-04-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atikmdag.sys [65740416 2020-03-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atikmpag.sys [590464 2020-03-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103456 2020-03-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [146304 2019-04-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [93240 2020-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [33336 2020-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [156856 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [23224 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-11] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [226376 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [136040 2019-09-27] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [37112 2015-06-18] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-03-13] (Martin Malik - REALiX -> REALiX(tm))
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [364960 2019-08-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1160280 2020-03-14] (Realtek Semiconductor Corp. -> Realtek )
S3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [8169472 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 RTWlanE02; C:\Windows\System32\drivers\rtwlane02.sys [9625384 2019-05-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46472 2019-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [346336 2019-09-28] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-28] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [35392 2019-11-16] (HP Inc. -> HP)
R3 xtouch; C:\Windows\System32\drivers\xtouch.sys [182800 2020-03-14] (Microsoft Windows Hardware Compatibility Publisher -> )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-06 09:46 - 2020-04-06 09:49 - 000026483 _____ C:\Users\Emmanuel\Desktop\FRST.txt
2020-04-06 02:24 - 2020-04-06 02:24 - 008161828 _____ C:\Users\Emmanuel\Downloads\y2mate.com - Praise Is What I Do - William Murphy_vIPKnj-0Czw_360p.mp4
2020-04-06 02:15 - 2020-04-06 02:18 - 038253247 _____ C:\Users\Emmanuel\Downloads\y2mate.com - JUANITA BYNUM LIVE - I DON'T MIND WAITING__hEiGEfm2uE_360p.mp4
2020-04-06 02:09 - 2020-04-06 02:10 - 008832444 _____ C:\Users\Emmanuel\Downloads\y2mate.com - Gh bass lines - Fingering exercises for bass players_J0rd7szn-kw_360p.mp4
2020-04-06 02:02 - 2020-04-06 02:07 - 021382044 _____ C:\Users\Emmanuel\Downloads\y2mate.com - How to Play African GH Local Bass Praises Onyame S3 Ayeyi Praise Bass Cover_1sAbZu33fFc_360p.mp4
2020-04-06 01:59 - 2020-04-06 02:02 - 013904583 _____ C:\Users\Emmanuel\Downloads\y2mate.com - How to play Gh praise bass lines (intermediates) #bassLessons #praises #highlife_nQBLNsgGdcI_360p.mp4
2020-04-04 23:03 - 2020-04-06 09:48 - 000000000 ____D C:\FRST
2020-04-04 21:42 - 2020-04-04 21:42 - 002280448 _____ (Farbar) C:\Users\Emmanuel\Desktop\FRST64.exe
2020-04-04 01:12 - 2020-04-04 21:55 - 395903030 _____ C:\Users\Emmanuel\Downloads\Black.Sails.S03E03.HDTV.x264-KILLERS[eztv].mp4
2020-04-03 20:50 - 2020-04-05 23:38 - 626277920 _____ C:\Windows\MEMORY.DMP
2020-04-03 08:33 - 2020-04-03 08:34 - 000011295 ____H C:\Users\Emmanuel\Desktop\~WRL3430.tmp
2020-04-01 07:44 - 2018-07-07 14:47 - 003211432 _____ (TocaEdit) C:\Users\Emmanuel\Downloads\x360ce_x64.exe
2020-04-01 07:40 - 2020-04-01 07:40 - 001700319 _____ C:\Users\Emmanuel\Downloads\x360ce.zip
2020-04-01 07:39 - 2020-04-01 07:39 - 001700272 _____ C:\Users\Emmanuel\Downloads\x360ce_x64.zip
2020-04-01 07:39 - 2020-04-01 07:39 - 000000000 ____D C:\ProgramData\X360CE
2020-03-31 21:18 - 2020-03-31 21:18 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\2K Sports
2020-03-31 20:07 - 2020-03-31 20:07 - 000001111 _____ C:\Users\Public\Desktop\NBA 2K14.lnk
2020-03-31 20:07 - 2020-03-31 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K14
2020-03-30 22:38 - 2019-12-10 16:51 - 000079351 ____N C:\Users\Emmanuel\Documents\DIGESTION AND ABSORPTION OF TRIACYLCLYCEROLS.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 002082870 ____N C:\Users\Emmanuel\Documents\Food production systems New_2019 PPT.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 001776785 ____N C:\Users\Emmanuel\Documents\FOOD CHEMISTRY 1-2018.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000956919 ____N C:\Users\Emmanuel\Documents\yam fps grp 2 F.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000954510 ____N C:\Users\Emmanuel\Documents\yam fps grp 2 e.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000635743 ____N C:\Users\Emmanuel\Documents\Information Sources UNIT 2.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000262878 ____N C:\Users\Emmanuel\Documents\Edu tech.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000215269 ____N C:\Users\Emmanuel\Documents\Introduction to Information Literacy Lecture(1)-2.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000192049 ____N C:\Users\Emmanuel\Documents\Tools, Strategies & Techniques of Searching Lecture(1)-2.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000158262 ____N C:\Users\Emmanuel\Documents\GROUP 3 POLYMORPHISM.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000101481 ____N C:\Users\Emmanuel\Documents\INFORMATION ORGANIZATION.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000033951 ____N C:\Users\Emmanuel\Documents\GROUP 3.pptx
2020-03-30 22:38 - 2019-11-28 13:17 - 003531016 ____N C:\Users\Emmanuel\Documents\Citing Information Sources Lecture-1.pptx
2020-03-30 22:38 - 2019-11-20 20:59 - 000589179 _____ C:\Users\Emmanuel\Documents\DIGESTION AND ABSORPTOPN OF NUTRIENTS-1.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 001659071 ____N C:\Users\Emmanuel\Documents\GLYCOLYSIS.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 000605293 ____N C:\Users\Emmanuel\Documents\Metabolism in tissues.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 000562769 ____N C:\Users\Emmanuel\Documents\LECTURE 2- THE ROLE OF ATP IN METABOLISM.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 000085159 ____N C:\Users\Emmanuel\Documents\LECTURE ONE - THE NEED FOR ENERGY.pptx
2020-03-29 13:16 - 2020-03-31 16:21 - 000000000 ____D C:\Users\Emmanuel\Downloads\NBA 2K14
2020-03-29 12:31 - 2010-06-02 23:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2020-03-29 12:31 - 2008-08-01 05:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2020-03-29 12:31 - 2008-08-01 05:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2020-03-29 12:31 - 2008-07-11 06:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2020-03-29 12:31 - 2008-07-11 06:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2020-03-29 12:31 - 2008-07-11 06:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2020-03-29 12:31 - 2008-07-11 06:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2020-03-29 12:30 - 2008-07-11 06:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2020-03-29 12:30 - 2008-07-11 06:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2020-03-29 12:30 - 2008-05-31 09:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2020-03-29 12:30 - 2008-05-31 09:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2020-03-29 12:30 - 2008-05-31 09:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2020-03-29 12:30 - 2008-05-31 09:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2020-03-29 12:30 - 2008-05-31 09:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2020-03-29 12:30 - 2008-05-31 09:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2020-03-29 12:30 - 2008-05-31 09:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2020-03-29 12:30 - 2008-05-31 09:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2020-03-29 12:30 - 2008-03-06 11:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2020-03-29 12:30 - 2008-03-06 11:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2020-03-29 12:30 - 2008-03-06 11:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2020-03-29 12:30 - 2008-03-06 11:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2020-03-29 12:30 - 2008-03-06 11:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2020-03-29 12:30 - 2008-03-06 11:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2020-03-29 12:30 - 2008-02-06 18:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2020-03-29 12:30 - 2008-02-06 18:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2020-03-29 12:30 - 2007-10-22 22:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2020-03-29 12:30 - 2007-10-22 22:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2020-03-29 12:30 - 2007-10-22 22:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2020-03-29 12:30 - 2007-10-22 22:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2020-03-29 12:30 - 2007-10-03 04:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2020-03-29 12:30 - 2007-10-03 04:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2020-03-29 12:30 - 2007-07-20 19:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2020-03-29 12:30 - 2007-07-20 19:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2020-03-29 12:30 - 2007-06-21 15:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2020-03-29 12:30 - 2007-06-21 15:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2020-03-29 12:30 - 2007-04-05 13:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2020-03-29 12:30 - 2007-04-05 13:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2020-03-29 12:30 - 2007-04-05 13:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2020-03-29 12:30 - 2007-04-05 13:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2020-03-29 12:30 - 2007-03-16 11:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2020-03-29 12:30 - 2007-03-16 11:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2020-03-29 12:30 - 2007-03-06 07:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2020-03-29 12:30 - 2007-03-06 07:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2020-03-29 12:30 - 2007-01-25 10:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2020-03-29 12:30 - 2007-01-25 10:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2020-03-29 12:30 - 2006-12-09 07:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2020-03-29 12:30 - 2006-12-09 07:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2020-03-29 12:30 - 2006-09-29 11:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2020-03-29 12:30 - 2006-09-29 11:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2020-03-29 12:30 - 2006-09-29 11:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2020-03-29 12:30 - 2006-09-29 11:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2020-03-29 12:30 - 2006-07-29 04:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2020-03-29 12:30 - 2006-07-29 04:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2020-03-29 12:29 - 2006-07-29 04:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2020-03-29 12:29 - 2006-07-29 04:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2020-03-29 12:29 - 2006-06-01 02:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2020-03-29 12:29 - 2006-06-01 02:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2020-03-29 12:29 - 2006-04-01 07:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2020-03-29 12:29 - 2006-04-01 07:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2020-03-29 12:29 - 2006-04-01 07:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2020-03-29 12:29 - 2006-04-01 07:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2020-03-29 12:29 - 2006-04-01 07:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2020-03-29 12:29 - 2006-04-01 07:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2020-03-29 12:29 - 2006-02-04 03:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2020-03-29 12:29 - 2006-02-04 03:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2020-03-29 12:29 - 2006-02-04 03:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2020-03-29 12:29 - 2006-02-04 03:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2020-03-29 12:29 - 2006-02-04 03:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2020-03-29 12:29 - 2006-02-04 03:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2020-03-29 12:29 - 2005-12-06 13:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2020-03-29 12:29 - 2005-12-06 13:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2020-03-29 12:29 - 2005-07-23 14:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2020-03-29 12:29 - 2005-07-23 14:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2020-03-29 12:29 - 2005-05-27 10:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2020-03-29 12:29 - 2005-05-27 10:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2020-03-29 12:29 - 2005-03-19 12:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2020-03-29 12:29 - 2005-03-19 12:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2020-03-29 12:29 - 2005-02-06 14:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2020-03-29 12:29 - 2005-02-06 14:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2020-03-29 12:28 - 2020-03-29 12:28 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-03-28 02:25 - 2020-03-28 02:25 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\bizarre creations
2020-03-27 10:28 - 2020-03-27 10:28 - 000003160 _____ C:\Windows\system32\Tasks\StartCN
2020-03-27 10:28 - 2020-03-27 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2020-03-27 10:28 - 2020-03-27 10:28 - 000000000 ____D C:\Program Files\ATI Technologies
2020-03-27 10:28 - 2020-03-27 10:28 - 000000000 ____D C:\Program Files (x86)\AMD
2020-03-27 09:56 - 2020-03-27 09:56 - 028201995 _____ C:\Users\Emmanuel\Downloads\FIFA 14 N.S.P 2020 Update v1.0 Micano4u.rar
2020-03-27 09:31 - 2020-03-27 09:31 - 000000886 _____ C:\Users\Public\Desktop\Blur.lnk
2020-03-27 09:31 - 2020-03-27 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorePack
2020-03-27 00:42 - 2020-03-27 00:42 - 000000000 ____D C:\CPY_SAVES
2020-03-25 07:49 - 2020-03-25 07:49 - 000089968 _____ C:\Windows\dxdiag.txt
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default\AppData\Local\D3DSCache
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default\AppData\Local\AMD
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default User\AppData\Local\D3DSCache
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default User\AppData\Local\AMD
2020-03-25 03:47 - 2020-03-25 04:00 - 1387637884 _____ C:\Users\Emmanuel\Downloads\audio (2).zip
2020-03-24 05:35 - 2020-03-24 05:35 - 000000000 ____D C:\Users\Emmanuel\Documents\FIFA 17
2020-03-21 19:07 - 2020-04-04 22:44 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\BitTorrent
2020-03-19 23:07 - 2020-03-19 23:07 - 003634332 _____ C:\Users\Emmanuel\Downloads\9.1.1.S02E06.480p.WEB-DL.mkv.opdownload
2020-03-19 23:07 - 2020-03-19 23:07 - 003346370 _____ C:\Users\Emmanuel\Downloads\9.1.1.S02E07.480p.WEB-DL.mkv.opdownload
2020-03-19 20:59 - 2020-03-29 23:10 - 000000000 ____D C:\ProgramData\AMD
2020-03-19 11:05 - 2020-03-19 11:05 - 000002946 _____ C:\Windows\system32\Tasks\BoostTray SkipUAC (Emmanuel)
2020-03-19 11:05 - 2020-03-19 11:05 - 000001475 _____ C:\Users\Public\Desktop\Game Boost.lnk
2020-03-18 23:14 - 2020-03-18 23:14 - 000313366 _____ C:\Users\Emmanuel\Downloads\WindowsUpdate.diagcab
2020-03-18 22:59 - 2020-03-18 22:59 - 000001428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 ransomware decryption tools.lnk
2020-03-18 22:59 - 2020-03-18 22:59 - 000001416 _____ C:\Users\Public\Desktop\360 ransomware decryption tools.lnk
2020-03-18 22:59 - 2020-03-18 22:59 - 000001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unstall 360 ransomware decryption tools.lnk
2020-03-18 20:26 - 2020-03-18 20:26 - 000000000 ____D C:\Users\Emmanuel\Downloads\Driverpack 17.7.73 Offline [TalhaSofts]
2020-03-18 20:25 - 2020-03-18 20:41 - 000000000 ____D C:\Users\Emmanuel\Downloads\Mastering Harmony Volume 1
2020-03-18 20:04 - 2020-03-18 20:04 - 000000000 ____D C:\Program Files (x86)\HP
2020-03-17 21:15 - 2020-03-17 21:16 - 018863348 _____ C:\Users\Emmanuel\Documents\[Free-scores.com]_orem-preston-ware-harmony-book-for-beginners-96515.pdf
2020-03-17 21:14 - 2020-03-17 21:14 - 000173522 _____ C:\Users\Emmanuel\Documents\Learning_About_Harmony_with_Harmony_Space_An_Overv.pdf
2020-03-17 21:13 - 2020-03-17 21:13 - 000106932 _____ C:\Users\Emmanuel\Documents\HARMONY_A_System_for_Musical_Composition.pdf
2020-03-17 18:52 - 2020-03-17 21:00 - 610738769 ____R C:\Users\Emmanuel\Downloads\[ FreeCourseWeb.com ] Udemy - Voice Training - Vocal Coaching for Effective Leadership.zip
2020-03-17 18:03 - 2020-03-18 02:12 - 000000000 ____D C:\Users\Emmanuel\Downloads\FIFA 17 Super Deluxe Edition [qoob RePack]
2020-03-17 17:59 - 2020-03-17 17:59 - 000000017 _____ C:\Users\Emmanuel\AppData\Local\resmon.resmoncfg
2020-03-17 17:42 - 2020-03-17 17:43 - 004827200 _____ (BitTorrent Inc.) C:\Users\Emmanuel\Downloads\BitTorrent.exe
2020-03-17 17:21 - 2020-03-17 17:21 - 000001971 _____ C:\Users\Emmanuel\Desktop\Dashlane.lnk
2020-03-17 17:21 - 2020-03-17 17:21 - 000001785 _____ C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk
2020-03-17 17:21 - 2020-03-17 17:21 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\Dashlane
2020-03-17 16:49 - 2020-03-17 16:49 - 000695044 _____ C:\Users\Emmanuel\Documents\epdf.pub_the-choir-director.mobi
2020-03-17 16:46 - 2020-03-17 16:46 - 000268756 _____ C:\Users\Emmanuel\Documents\epdf.pub_so-youre-the-new-musical-director.epub
2020-03-17 16:27 - 2020-03-17 17:21 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Dashlane
2020-03-17 16:27 - 2020-03-17 16:27 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2020-03-17 16:23 - 2020-03-19 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 7
2020-03-17 16:23 - 2020-03-17 17:58 - 000002355 _____ C:\Users\Public\Desktop\Driver Booster 7.lnk
2020-03-17 16:23 - 2020-03-17 16:23 - 000003204 _____ C:\Windows\system32\Tasks\Driver Booster Scheduler
2020-03-17 16:23 - 2020-03-17 16:23 - 000003190 _____ C:\Windows\system32\Tasks\Driver Booster Update
2020-03-17 16:23 - 2020-03-17 16:23 - 000002970 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (Emmanuel)
2020-03-16 17:23 - 2020-03-16 17:23 - 000002148 _____ C:\Users\Emmanuel\Desktop\Cleanup.lnk
2020-03-16 15:29 - 2020-03-16 15:29 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2020-03-16 02:56 - 2020-03-16 03:04 - 822193972 _____ C:\Users\Emmanuel\Downloads\audio.zip
2020-03-15 00:42 - 2020-03-15 00:42 - 000000165 ____H C:\Users\Emmanuel\Desktop\~$food che 11.pptx
2020-03-14 06:56 - 2020-03-14 23:44 - 000188642 _____ C:\Users\Emmanuel\Desktop\group 4 presentation,molecular genetics.pptx
2020-03-14 02:57 - 2020-03-14 02:39 - 000103456 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2020-03-14 02:55 - 2020-03-17 19:17 - 000003458 _____ C:\Windows\system32\Tasks\SU_AutoUpdate
2020-03-14 02:54 - 2020-03-14 02:55 - 000002187 _____ C:\Users\Public\Desktop\IObit Software Updater.lnk
2020-03-14 02:54 - 2020-03-14 02:54 - 000003192 _____ C:\Windows\system32\Tasks\Software Updater Scheduler
2020-03-14 02:54 - 2020-03-14 02:54 - 000002964 _____ C:\Windows\system32\Tasks\Software Updater SkipUAC(Emmanuel)
2020-03-14 02:54 - 2020-03-14 02:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Software Updater
2020-03-14 02:43 - 2020-03-17 17:55 - 000000000 ____D C:\Windows\LastGood
2020-03-14 02:40 - 2020-03-14 02:40 - 062866048 _____ C:\Windows\system32\amd_comgr.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 052402032 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 004583040 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 004092544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001729152 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001592448 _____ (AMD) C:\Windows\system32\coinst_19.50.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001241728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001241728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001083944 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001083944 _____ C:\Windows\system32\vulkan-1.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000942792 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000942792 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000573056 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000490112 _____ C:\Windows\system32\GameManager64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000483968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000467584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000372864 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000240256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000207488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000182912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000161408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000157824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000151680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000136832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000134784 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000134784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000133760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000127728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000123008 _____ C:\Windows\system32\atidxx64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000119936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000106832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000105600 _____ C:\Windows\SysWOW64\atidxx32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000069248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000045696 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000042624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000019384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000019384 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-03-14 02:39 - 2020-03-14 02:39 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-03-14 02:39 - 2020-03-14 02:39 - 001763968 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 001763968 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 001358464 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 001358464 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000940160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000767616 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000552576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000545320 _____ C:\Windows\system32\amdmiracast.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000542696 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-03-14 02:39 - 2020-03-14 02:39 - 000542696 _____ C:\Windows\system32\atiapfxx.blb
2020-03-14 02:39 - 2020-03-14 02:39 - 000492160 _____ C:\Windows\system32\dgtrayicon.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000482944 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000450176 _____ C:\Windows\system32\atieah64.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000382592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000372352 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000344192 _____ C:\Windows\SysWOW64\atieah32.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000343168 _____ C:\Windows\system32\clinfo.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000195776 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000165376 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000133936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000127728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2020-03-14 02:39 - 2020-03-14 02:39 - 000121168 _____ C:\Windows\system32\kapp_si.sbin
2020-03-14 02:39 - 2020-03-14 02:39 - 000119424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000118848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000106832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000104576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000069770 _____ C:\Windows\system32\AMDKernelEvents.man
2020-03-14 01:55 - 2020-03-14 01:55 - 000182800 _____ ( ) C:\Windows\system32\Drivers\xtouch.sys
2020-03-14 01:55 - 2020-03-14 01:55 - 000093240 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2020-03-14 01:55 - 2020-03-14 01:55 - 000033336 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2020-03-14 01:36 - 2020-03-14 01:36 - 001747704 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2020-03-14 01:36 - 2020-03-14 01:36 - 001028856 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2020-03-13 12:49 - 2020-01-31 18:57 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450
2020-03-13 12:46 - 2020-03-13 12:46 - 000000024 _____ C:\Windows\system32\WinUpdates105.dat
2020-03-13 12:46 - 2020-03-13 12:46 - 000000003 _____ C:\Windows\system32\wdbcache.tmp
2020-03-13 03:08 - 2020-03-31 12:36 - 000000000 ____D C:\ProgramData\ProductData
2020-03-13 03:04 - 2020-03-14 02:54 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\IObit
2020-03-13 03:03 - 2020-03-17 16:23 - 000000000 ____D C:\Program Files (x86)\IObit
2020-03-13 03:03 - 2020-03-13 03:03 - 000027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2020-03-13 03:01 - 2020-03-27 23:11 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\IObit
2020-03-13 03:01 - 2020-03-17 16:14 - 000000000 ____D C:\ProgramData\IObit
2020-03-13 02:43 - 2020-03-13 02:53 - 024820296 _____ (IObit ) C:\Users\Emmanuel\Downloads\driver_booster_setup.exe
2020-03-12 03:29 - 2020-03-12 03:29 - 000978850 _____ C:\Users\Emmanuel\Documents\UnitopsCh6.pdf
2020-03-10 03:10 - 2020-03-10 03:11 - 034980956 _____ C:\Users\Emmanuel\Downloads\The_Musical_Alphabet_Lesson___u0026_Exercises___StudyBass(360p).mp4
2020-03-10 03:10 - 2020-03-10 03:10 - 018377185 _____ C:\Users\Emmanuel\Downloads\Essential_Bass_Materials_and_Resources___StudyBass(360p).mp4
2020-03-08 09:56 - 2020-03-08 09:57 - 144067754 _____ C:\Users\Emmanuel\Downloads\Statuses.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-06 09:40 - 2019-09-28 22:01 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\360WD
2020-04-06 09:40 - 2018-09-15 19:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-06 09:39 - 2019-07-30 17:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-06 09:39 - 2019-07-30 17:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-06 05:41 - 2019-07-31 19:05 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\vlc
2020-04-05 23:49 - 2020-03-04 12:08 - 000000000 ____D C:\Users\Emmanuel\Downloads\opera autoupdate
2020-04-05 23:38 - 2019-09-28 22:00 - 000000000 _RSHD C:\360SANDBOX
2020-04-05 23:38 - 2019-08-07 07:03 - 000000000 ____D C:\Windows\Minidump
2020-04-05 22:23 - 2019-09-28 20:43 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\AIMP
2020-04-05 20:13 - 2020-01-05 10:34 - 000000000 ____D C:\Users\Emmanuel\Documents\Sound recordings
2020-04-05 11:58 - 2019-07-30 19:54 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-04-05 11:58 - 2018-09-15 18:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-05 10:30 - 2019-07-31 18:03 - 000004174 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{2BE24B23-3134-48B3-BBD8-85C49EF80B89}
2020-04-05 01:03 - 2019-07-30 17:32 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-05 01:03 - 2018-09-15 19:31 - 000000000 ____D C:\Windows\INF
2020-04-05 00:59 - 2019-09-28 21:28 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2020-04-04 23:01 - 2019-11-24 11:10 - 000000000 __SHD C:\$360Section
2020-04-04 23:01 - 2019-09-28 22:04 - 000000000 ____D C:\ProgramData\360Quarant
2020-04-04 21:09 - 2019-07-30 19:23 - 000004234 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1564471381
2020-04-04 21:09 - 2019-07-30 19:23 - 000001440 _____ C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-04-04 21:06 - 2019-09-28 21:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-04 19:18 - 2019-07-30 17:36 - 000000000 ____D C:\Users\Emmanuel
2020-04-03 19:41 - 2020-03-05 21:09 - 000317240 _____ (360安全中心) C:\Windows\system32\Drivers\360Hvm64.sys
2020-04-02 22:16 - 2019-08-03 02:13 - 000000000 ____D C:\Games
2020-04-02 22:12 - 2020-01-04 05:08 - 000000000 ____D C:\Program Files (x86)\CorePack
2020-04-02 12:32 - 2019-08-02 20:44 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\Free Download Manager
2020-04-02 02:03 - 2019-09-28 22:01 - 000000000 ____D C:\ProgramData\360safe
2020-03-31 21:17 - 2019-07-30 19:55 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-31 04:48 - 2018-09-15 19:33 - 000000000 ____D C:\Windows\system32\NDF
2020-03-31 01:59 - 2018-09-15 19:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-03-28 12:31 - 2020-03-04 03:20 - 000004494 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1583248820
2020-03-27 23:08 - 2019-07-31 19:57 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\ElevatedDiagnostics
2020-03-27 10:28 - 2019-07-30 19:54 - 000000000 ____D C:\Program Files\AMD
2020-03-27 10:12 - 2019-11-11 07:46 - 000000000 ____D C:\Users\Emmanuel\Documents\FIFA 14
2020-03-25 07:23 - 2018-09-15 19:33 - 000000000 ____D C:\ProgramData\USOPrivate
2020-03-21 19:13 - 2019-07-30 17:42 - 000003386 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3975140369-1696558351-1519201624-1001
2020-03-21 19:13 - 2019-07-30 17:42 - 000000000 ___RD C:\Users\Emmanuel\OneDrive
2020-03-21 19:13 - 2019-07-30 17:36 - 000002376 _____ C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-19 02:00 - 2020-01-04 04:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-03-19 01:47 - 2018-09-15 19:31 - 000000167 _____ C:\Windows\win.ini
2020-03-18 22:59 - 2019-09-28 21:55 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\360TotalSecurity
2020-03-18 22:59 - 2019-09-28 21:55 - 000000000 ____D C:\Program Files (x86)\360
2020-03-18 20:08 - 2019-07-30 17:17 - 000502768 _____ C:\Windows\system32\FNTCACHE.DAT
2020-03-18 20:07 - 2019-08-07 02:40 - 000011070 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2020-03-18 20:05 - 2019-07-30 20:11 - 000000000 ____D C:\SWSetup
2020-03-18 20:03 - 2019-07-30 20:16 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\DriverPack Cloud
2020-03-18 19:55 - 2019-08-07 02:40 - 000002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2020-03-18 19:53 - 2019-08-07 02:40 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2020-03-18 17:37 - 2019-09-12 17:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-03-17 19:56 - 2020-01-03 05:04 - 000000000 ____D C:\Program Files\KMSpico
2020-03-17 18:56 - 2019-07-30 19:21 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\PlaceholderTileLogoFolder
2020-03-17 17:38 - 2020-01-03 05:04 - 000003052 _____ C:\Windows\system32\Tasks\AutoPico Daily Restart
2020-03-17 16:30 - 2020-03-05 19:49 - 129753440 _____ C:\Users\Emmanuel\Downloads\nancy.drew.s01e10.480p.mkv.opdownload
2020-03-17 16:02 - 2019-07-30 19:54 - 000000000 ____D C:\AMD
2020-03-16 00:31 - 2019-07-30 17:37 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\Packages
2020-03-15 10:02 - 2019-07-30 17:37 - 000000000 ___RD C:\Users\Emmanuel\3D Objects
2020-03-14 18:31 - 2019-07-08 20:45 - 001160280 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2020-03-14 03:15 - 2019-07-30 17:49 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\Comms
2020-03-14 02:47 - 2019-07-30 20:00 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\AMD
2020-03-14 02:40 - 2017-05-17 13:06 - 000177248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-03-14 02:40 - 2017-05-17 13:06 - 000156600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-03-14 02:39 - 2017-05-17 13:06 - 000759424 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-03-13 05:58 - 2019-07-30 17:37 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Adobe
2020-03-11 12:19 - 2019-07-30 17:37 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\VirtualStore
2020-03-11 12:17 - 2019-09-28 20:43 - 000000638 _____ C:\Windows\Tasks\TrackerAutoUpdate.job
2020-03-11 03:51 - 2019-09-28 20:43 - 000002942 _____ C:\Windows\system32\Tasks\TrackerAutoUpdate
2020-03-11 03:42 - 2020-03-01 09:39 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Microsoft Office
==================== Files in the root of some directories ========
2020-03-17 17:59 - 2020-03-17 17:59 - 000000017 _____ () C:\Users\Emmanuel\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
 
#4 ·
FOR Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-03-2020
Ran by Emmanuel (06-04-2020 09:51:13)
Running from C:\Users\Emmanuel\Desktop
Windows 10 Pro Version 1809 17763.973 (X64) (2019-07-30 05:32:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3975140369-1696558351-1519201624-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3975140369-1696558351-1519201624-503 - Limited - Disabled)
Emmanuel (S-1-5-21-3975140369-1696558351-1519201624-1001 - Administrator - Enabled) => C:\Users\Emmanuel
Guest (S-1-5-21-3975140369-1696558351-1519201624-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3975140369-1696558351-1519201624-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Total Security (Enabled - Up to date) {2ACC6E6C-C52C-B3B4-DA13-A43E20B1E26D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {91AD8F88-E316-BC3A-E0A3-9F4C5B36A8D0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.3.0.0 - )
360 ransomware decryption tools (HKLM-x32\...\360teslacryptdecoder) (Version: 1.0.0.1271 - 360 Security Center)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.6.0.1338 - 360 Security Center)
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Flash Plugins (HKLM\...\Adobe Flash Player) (Version: 32.0.0.255 - oszone.net)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_8_4_1) (Version: 8.4.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2146, 28.08.2019 - AIMP DevTeam)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
Blur version 1.0 (HKLM-x32\...\Blur_is1) (Version: 1.0 - NORO) <==== ATTENTION
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Dashlane (HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Dashlane) (Version: 6.2011.0.33406 - Dashlane, Inc.)
Driver Booster 7 (HKLM-x32\...\Driver Booster_is1) (Version: 7.3.0 - IObit)
FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.38.7312 - FreeDownloadManager.ORG)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 2.4.0.2983 - IObit)
K-Lite Codec Pack 13.8.2 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.8.2 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 60.2.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 60.2.0 ESR (x64 en-US)) (Version: 60.2.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.2.0 - Mozilla)
NBA 2K14, версия 1.0.0.0 (HKLM-x32\...\NBA 2K14_is1) (Version: 1.0.0.0 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Opera Stable 67.0.3575.115 (HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Opera 67.0.3575.115) (Version: 67.0.3575.115 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.10 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8881.1 - Realtek Semiconductor Corp.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.6.2452 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Packages:
=========
Asphalt 8: Airborne -> C:\Program Files\WindowsApps\GAMELOFTSA.Asphalt8Airborne_4.5.0.13_x86__0pp20fcewvvtj [2019-09-28] (GAMELOFT SA)
Bible -> C:\Program Files\WindowsApps\LifeChurch.tv.Bible_2.0.4.37_neutral__d1phjsdba8cbj [2019-08-16] (LifeChurch.tv)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-28] (Dolby Laboratories)
HD video downloader for Youtube -> C:\Program Files\WindowsApps\14531Coder15.HDvideodownloaderforYoutube_2.4.3.0_x64__qy21kws4tmpze [2020-01-31] (Coder15) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2019-08-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2019-08-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-27] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-12-01] (Netflix, Inc.)
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.7.0_x64__jb41c8remg0x2 [2019-12-27] (Polarr)
Sketchable -> C:\Program Files\WindowsApps\SiliconBendersLLC.Sketchable_5.0.13.0_x64__r2kxzpx527qgj [2020-01-23] (Silicon Benders LLC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-09-28] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [DBGameBoosterMenu] -> {96086A41-005D-457D-0910-0D4A91ECF1B1} => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\boost\BoostMenu64.dll [2020-02-27] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-02-17] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [DBGameBoosterMenu] -> {96086A41-005D-457D-0910-0D4A91ECF1B1} => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\boost\BoostMenu64.dll [2020-02-27] (IObit Information Technology -> IObit)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-09-28] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [DBGameBoosterMenu] -> {96086A41-005D-457D-0910-0D4A91ECF1B1} => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\boost\BoostMenu64.dll [2020-02-27] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-02-17] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-25] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DBGameBoosterMenu] -> {96086A41-005D-457D-0910-0D4A91ECF1B1} => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\boost\BoostMenu64.dll [2020-02-27] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-02-17] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-09-14 21:59 - 2016-09-14 21:59 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-08-02 20:44 - 2019-01-31 16:58 - 000037376 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2017-04-25 16:17 - 2017-04-25 16:17 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-04-25 16:17 - 2017-04-25 16:17 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2019-09-28 21:28 - 2015-02-26 19:00 - 002403504 _____ (Aomei Technology Co., Limited -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000117696 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000289728 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000105408 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000969664 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000105408 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000281536 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000318400 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000072640 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000064448 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Device.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000179136 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2019-09-28 21:28 - 2016-09-27 11:53 - 000244672 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000031680 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000486336 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000158656 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000125888 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000256960 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000351168 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000080832 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000703424 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000388032 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 001184704 _____ (CHENGDU AOMEI Tech Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AOMEI Backupper\LIBEAY32.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000278464 _____ (CHENGDU AOMEI Tech Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AOMEI Backupper\SSLEAY32.dll
2019-08-02 20:44 - 2019-01-31 16:59 - 000436224 _____ (FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\common.dll
2019-08-03 03:29 - 2019-08-03 03:29 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
2020-03-17 17:21 - 2020-03-11 02:33 - 001240064 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\libeay32.dll
2020-03-17 17:21 - 2020-03-11 02:33 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\ssleay32.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-08-02 20:44 - 2019-01-31 17:01 - 005938176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Core.dll
2019-08-02 20:44 - 2018-05-16 01:35 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Gui.dll
2019-08-02 20:44 - 2018-05-16 01:35 - 001256960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Network.dll
2019-08-02 20:44 - 2018-05-16 01:33 - 000207360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Sql.dll
2019-08-02 20:44 - 2018-05-16 01:38 - 005515264 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Widgets.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qgif.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qicns.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qico.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000298496 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qjpeg.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qsvg.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qtga.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qtiff.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qwbmp.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\imageformats\qwebp.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 001126400 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\platforms\qwindows.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 004994048 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Core.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 003637248 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Gui.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 001088512 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Network.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000280576 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Positioning.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000278016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5PrintSupport.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 002966016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Qml.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 002796032 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Quick.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000048640 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5QuickWidgets.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000163840 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Sql.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000268288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Svg.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000092160 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5WebChannel.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 055062528 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5WebEngineCore.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000190976 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5WebEngineWidgets.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 004590592 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\Qt5Widgets.dll
2020-03-17 17:13 - 2020-03-11 02:33 - 000122368 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2011.0.33406\bin\Qt\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Emmanuel\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice =>
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 19:31 - 2018-09-15 19:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2019-08-02 22:52 - 2020-02-29 12:15 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Reliable Multicast Protocol -> ms_rmcast (enabled)
Wi-Fi: Reliable Multicast Protocol -> ms_rmcast (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4BFA2BF4-7CAE-4A4A-ADDC-943B276FD6CF}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [{DE3672C8-F5F3-48B1-862E-B65FE9439683}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{CB21AFB0-C4C1-4992-A9DC-3B587270B766}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{B8EBCBD0-FBE6-4BBE-B333-BDB1FCA02441}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{DC1778A6-A5D3-4D77-AE0B-9706EFE8A9AE}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{D8605798-043D-4635-B0BB-739518178CC5}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [TCP Query User{312F660F-3EED-4F06-B87F-1C7AFD92EBA9}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [UDP Query User{32D0CE99-CF0B-4A20-AB84-83716A422F70}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{6DA0B3EB-AB8C-4707-90DE-FCC7D4F0B090}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B18B8000-C6C2-4914-AC80-C78B9C70DF12}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A26554E6-5B18-471D-B4BC-8B72111294BD}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [{DD5F61B4-F11E-4AAD-8A85-AB69A1C7CFCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{71D555B4-A364-4BCB-A323-F28DE3D961E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{64303620-BA86-4C84-87E5-8C2A894636A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{72BBE143-3239-401C-9B34-421D99AC471A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{98E737F9-A35E-4C18-ACF6-D9ABF0F70D22}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{426F6538-1C5E-4527-BE10-936A1B587513}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4FD9D8B8-BCB4-43B9-AD82-FAFD1C82AE0C}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{75CEF20D-E28F-4375-8B5D-9F625E991FD3}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [TCP Query User{D70ED754-D68D-4A85-ABF5-2C2AC24E63A4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{1B15FE56-BA44-4AA3-B0A7-3CD83AC5E8DB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{931A9DF6-5C51-494C-853A-115D2262A3CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C780DFAD-8EB8-4751-8665-13F8AA9F1946}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0738F7EE-F909-47D0-9DE0-B094CECC62B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BE45D5F-3D7F-49B0-AC4C-23FDC65C3BF2}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{17318724-2DB0-47B6-A571-43C84C8F860E}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{139D6C7A-6A6A-462A-A154-1C7368DAB818}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAB1A8B9-B0EB-41F1-9209-B68BECF77559}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51BF2D47-A008-4AC7-AB9E-1C0F85195305}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4CA9BB7B-584B-4139-887F-8DFD57B1D893}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA21B248-DC96-440A-95FC-8300DB40E90A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{024637DA-2269-4B92-A6C0-3516303EA81B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{864987C5-DCBC-4352-A76F-8136A95D897F}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{530AD87E-53AE-42FF-A85F-C8D2CFF15A71}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{1966DF7F-1DFB-462F-895A-7A4E92DE3E57}] => (Allow) C:\Windows\system32\winrmsrv.exe No File
FirewallRules: [{E3CA788B-B88D-4057-92AE-EC1D7D53DCD4}] => (Allow) C:\Users\Emmanuel\AppData\Local\Temp\DriverPack-2020031801301\tools\aria2c.exe No File
FirewallRules: [{2A5A995E-8543-46AB-BE09-1972FBD59045}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [{C5240554-B679-4525-902B-49C3E2D1B18A}] => (Allow) C:\Users\Emmanuel\AppData\Local\Programs\Opera\67.0.3575.97\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{BAE13073-C955-4F89-9356-0BF74FDF551D}C:\program files (x86)\corepack\blur\blur.exe] => (Allow) C:\program files (x86)\corepack\blur\blur.exe No File
FirewallRules: [UDP Query User{EF4F6D96-A81A-49CE-A37F-691676331F67}C:\program files (x86)\corepack\blur\blur.exe] => (Allow) C:\program files (x86)\corepack\blur\blur.exe No File
FirewallRules: [TCP Query User{7E3697E3-2B77-41BB-89DB-835EF3862E4B}C:\games\blur\blur.exe] => (Allow) C:\games\blur\blur.exe () [File not signed]
FirewallRules: [UDP Query User{EDC5F624-3D2A-48CE-A5B7-F58CFC436C18}C:\games\blur\blur.exe] => (Allow) C:\games\blur\blur.exe () [File not signed]
FirewallRules: [{CC37EBB2-AAA3-4AE3-ADF8-80E1A58DA819}] => (Allow) C:\Users\Emmanuel\AppData\Local\Programs\Opera\67.0.3575.115\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{8D737988-EA1D-41FA-A098-218E01DA3680}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{7B8E627F-6889-42B1-B09A-38F4616C49BD}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{1FA28151-D8CE-45C2-9598-0CF060683637}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{E2036E65-1314-4B81-BFCB-A4E7340C3D67}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
==================== Restore Points =========================
02-04-2020 20:36:08 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (04/06/2020 09:49:52 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/06/2020 09:39:52 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/06/2020 04:34:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DoSvc, version: 10.0.17763.1, time stamp: 0xb900eeff
Faulting module name: dosvc.dll, version: 10.0.17763.404, time stamp: 0x4edbcc20
Exception code: 0xc0000005
Fault offset: 0x00000000000d3a1f
Faulting process id: 0x25ec
Faulting application start time: 0x01d60b3f06e79a56
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\dosvc.dll
Report Id: d54056ca-c34c-4580-b2ad-704589a642a4
Faulting package full name:
Faulting package-relative application ID:
Error: (04/06/2020 02:10:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 20d0
Start Time: 01d60b53ce5e3f3d
Termination Time: 25
Application Path: C:\Windows\System32\MicrosoftEdgeCP.exe
Report Id: 5ec5f650-e907-4e26-8f7e-52acc5240093
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Hang type: Unknown
Error: (04/05/2020 11:59:09 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/05/2020 11:48:53 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/05/2020 11:38:53 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/05/2020 08:03:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YouVersion-Win8-App.exe, version: 2.0.0.0, time stamp: 0x521e15bd
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17763.802, time stamp: 0x4bcc8da7
Exception code: 0xc000027b
Fault offset: 0x008db931
Faulting process id: 0x1c4c
Faulting application start time: 0x01d60b207e7eac4f
Faulting application path: C:\Program Files\WindowsApps\LifeChurch.tv.Bible_2.0.4.37_neutral__d1phjsdba8cbj\YouVersion-Win8-App.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 26cd2419-2a42-46f6-9b80-bff49fd7dbdc
Faulting package full name: LifeChurch.tv.Bible_2.0.4.37_neutral__d1phjsdba8cbj
Faulting package-relative application ID: App

System errors:
=============
Error: (04/06/2020 09:50:55 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (04/06/2020 09:48:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/06/2020 09:48:55 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (04/06/2020 09:46:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/06/2020 09:46:55 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (04/06/2020 09:44:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/06/2020 09:41:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/06/2020 09:39:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:37:51 AM on ‎06/‎04/‎2020 was unexpected.

Windows Defender:
===================================
Date: 2020-01-31 03:36:38.631
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-31 03:35:10.103
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-31 03:34:47.627
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-30 14:42:41.943
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {72F35DB4-5329-4828-9D80-8FA33781E844}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-01-30 09:52:30.945
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D13DE47F-F617-4DA9-9489-259028B36D48}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-01-31 03:34:57.726
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.722
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.721
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.686
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.684
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2020-04-06 06:57:20.536
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-06 06:55:43.875
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-06 06:55:40.847
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-06 06:55:25.822
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-06 06:55:25.418
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-06 06:55:17.932
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-06 06:55:17.488
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-06 06:55:09.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F.34 12/07/2015
Motherboard: HP 8015
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 60%
Total physical RAM: 3519.03 MB
Available physical RAM: 1386.75 MB
Total Virtual: 5055.03 MB
Available Virtual: 2639.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:221.02 GB) (Free:61.13 GB) NTFS
Drive d: (Emma) (Fixed) (Total:244.14 GB) (Free:35.56 GB) NTFS
\\?\Volume{eef620fb-b331-4352-9671-b4e2ab4a7180}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{662200f1-5936-4614-9151-16319ea613db}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 44A650CE)
Partition: GPT.
==================== End of Addition.txt =======================
 
#7 ·
Hi, Quacu.

I'm sorry for the delay.

Comments regarding your logs:

Warning:

You have KMSpico installed on your computer. This program is used to illegally activate Microsoft's products, such as Windows or Office. My instructions below ask you to uninstall it, and this means that either your Windows or Office (or both) will stop being activated, and therefore they will stop working properly. Note that if the problem is with your Windows activation, you will have many restrictions soon or later, including not receiving security updates. You can proceed with the following, only if you agree with this.

=====================================================================

1. Windows updates

Assuming that your Windows operating system is legally activated, is there any reason why you haven't upgraded from Windows 10 Version 1809 to Version 1909 that was released last November? It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. Either enable Automatic Updates or get into the habit of checking for Windows updates regularly. The end of service for Version 1809 is May 12, 2020, so you should consider updating your operating system after the cleaning procedure.

2. Notifications

Did you intentionally enable notifications from these sites?
Code:
hxxps://click.infocenter.support;
hxxps://herdoperolhan.pro;
hxxps://pushmedear.com;
hxxps://xyvaw.talkreply.com

3. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
KMSpico
Adobe Flash Plugins
Blur version 1.0
IObit Software Updater
  • Select each of the above programs and click Uninstall.
  • Restart the computer.
You also have to uninstall Microsoft Office Professional Plus 2013 or Microsoft Office Professional Plus 2019 or both, if they are not legally bought and activated. A free alternative to these is Microsoft Office Online. You can have almost all the utilities Microsoft Office offers, as long as you have a Microsoft account and internet connection.

Since drivers boosters can harm your computer rather than help it, I should recommend uninstalling Driver Booster 7 too. Note that some antimalware programs detect it as a potentially unwanted program. But this is your choice.

4. Run an FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Microsoft Word] => wscript.exe //D "C:\Users\Emmanuel\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
Task: {A4E22A09-F89A-4895-9686-549A9140845D} - System32\Tasks\AutoPico Daily Restart
Task: {8775FD77-36CE-4A0E-9671-FDB4BEDF8A24} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {D26EA98E-03A8-4C1F-B0E3-E08644D51606} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {EFA233D0-A096-4E57-92F4-8CC8023B05CD} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js [2018-09-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cck2.cfg [2018-09-19] <==== ATTENTION
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{CA21B248-DC96-440A-95FC-8300DB40E90A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{024637DA-2269-4B92-A6C0-3516303EA81B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{E3CA788B-B88D-4057-92AE-EC1D7D53DCD4}] => (Allow) C:\Users\Emmanuel\AppData\Local\Temp\DriverPack-2020031801301\tools\aria2c.exe No File
FirewallRules: [TCP Query User{BAE13073-C955-4F89-9356-0BF74FDF551D}C:\program files (x86)\corepack\blur\blur.exe] => (Allow) C:\program files (x86)\corepack\blur\blur.exe No File
FirewallRules: [UDP Query User{EF4F6D96-A81A-49CE-A37F-691676331F67}C:\program files (x86)\corepack\blur\blur.exe] => (Allow) C:\program files (x86)\corepack\blur\blur.exe No File
FirewallRules: [TCP Query User{7E3697E3-2B77-41BB-89DB-835EF3862E4B}C:\games\blur\blur.exe] => (Allow) C:\games\blur\blur.exe () [File not signed]
FirewallRules: [UDP Query User{EDC5F624-3D2A-48CE-A5B7-F58CFC436C18}C:\games\blur\blur.exe] => (Allow) C:\games\blur\blur.exe () [File not signed]
C:\Users\Emmanuel\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF
C:\Windows\system32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico
C:\Program Files\mozilla firefox\cck2.cfg
C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js
C:\program files (x86)\corepack
C:\games\blur
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

5. Search with FRST
  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search: box:
    Code:
    winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll
  • Press the Search Files button.
  • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
  • Please copy and paste its contents into your reply.

6. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

In your next reply, please post:

  • The fixlog.txt
  • The Search.txt
  • FRST.txt and Addition.txt
 
#8 ·
The fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by Emmanuel (09-04-2020 02:13:45) Run:1
Running from C:\Users\Emmanuel\Desktop
Loaded Profiles: Emmanuel (Available Profiles: Emmanuel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Microsoft Word] => wscript.exe //D "C:\Users\Emmanuel\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF"
Task: {A4E22A09-F89A-4895-9686-549A9140845D} - System32\Tasks\AutoPico Daily Restart
Task: {8775FD77-36CE-4A0E-9671-FDB4BEDF8A24} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {D26EA98E-03A8-4C1F-B0E3-E08644D51606} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {EFA233D0-A096-4E57-92F4-8CC8023B05CD} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js [2018-09-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\cck2.cfg [2018-09-19] <==== ATTENTION
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{CA21B248-DC96-440A-95FC-8300DB40E90A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{024637DA-2269-4B92-A6C0-3516303EA81B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{E3CA788B-B88D-4057-92AE-EC1D7D53DCD4}] => (Allow) C:\Users\Emmanuel\AppData\Local\Temp\DriverPack-2020031801301\tools\aria2c.exe No File
FirewallRules: [TCP Query User{BAE13073-C955-4F89-9356-0BF74FDF551D}C:\program files (x86)\corepack\blur\blur.exe] => (Allow) C:\program files (x86)\corepack\blur\blur.exe No File
FirewallRules: [UDP Query User{EF4F6D96-A81A-49CE-A37F-691676331F67}C:\program files (x86)\corepack\blur\blur.exe] => (Allow) C:\program files (x86)\corepack\blur\blur.exe No File
FirewallRules: [TCP Query User{7E3697E3-2B77-41BB-89DB-835EF3862E4B}C:\games\blur\blur.exe] => (Allow) C:\games\blur\blur.exe () [File not signed]
FirewallRules: [UDP Query User{EDC5F624-3D2A-48CE-A5B7-F58CFC436C18}C:\games\blur\blur.exe] => (Allow) C:\games\blur\blur.exe () [File not signed]
C:\Users\Emmanuel\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF
C:\Windows\system32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico
C:\Program Files\mozilla firefox\cck2.cfg
C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js
C:\program files (x86)\corepack
C:\games\blur
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Word" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4E22A09-F89A-4895-9686-549A9140845D}" => not found
"C:\Windows\System32\Tasks\AutoPico Daily Restart" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8775FD77-36CE-4A0E-9671-FDB4BEDF8A24}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8775FD77-36CE-4A0E-9671-FDB4BEDF8A24}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet\Winlogui => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Winlogui" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D26EA98E-03A8-4C1F-B0E3-E08644D51606}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D26EA98E-03A8-4C1F-B0E3-E08644D51606}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFA233D0-A096-4E57-92F4-8CC8023B05CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFA233D0-A096-4E57-92F4-8CC8023B05CD}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js => moved successfully
C:\Program Files\mozilla firefox\cck2.cfg => moved successfully
Service KMSELDI => service not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA21B248-DC96-440A-95FC-8300DB40E90A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{024637DA-2269-4B92-A6C0-3516303EA81B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3CA788B-B88D-4057-92AE-EC1D7D53DCD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BAE13073-C955-4F89-9356-0BF74FDF551D}C:\program files (x86)\corepack\blur\blur.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EF4F6D96-A81A-49CE-A37F-691676331F67}C:\program files (x86)\corepack\blur\blur.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E3697E3-2B77-41BB-89DB-835EF3862E4B}C:\games\blur\blur.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EDC5F624-3D2A-48CE-A5B7-F58CFC436C18}C:\games\blur\blur.exe" => removed successfully
"C:\Users\Emmanuel\AppData\Roaming\Microsoft Office\\Microsoft Word.WsF" => not found
"C:\Windows\system32\Tasks\AutoPico Daily Restart" => not found
C:\Program Files\KMSpico => moved successfully
"C:\Program Files\mozilla firefox\cck2.cfg" => not found
"C:\Program Files\mozilla firefox\defaults\pref\autoconfig.js" => not found
C:\program files (x86)\corepack => moved successfully
C:\games\blur => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36023126 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 13549516 B
Edge => 21893599 B
Chrome => 0 B
Firefox => 1243129 B
Opera => 93215452 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 34744 B
NetworkService => 34744 B
Emmanuel => 65144616 B
RecycleBin => 17923768807 B
EmptyTemp: => 16.9 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 02:18:05 ====
 
#10 ·
The search.txt
Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by Emmanuel (09-04-2020 02:37:23)
Running from C:\Users\Emmanuel\Desktop
Boot Mode: Normal
================== Search Files: "winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll" =============
C:\Windows\System32\StartupCheckLibrary.dll
[2020-02-06 03:14][2020-02-06 03:14] 002619392 _____ (Microsoft Corporation) 250532B95FBF3154FE571B65217D4B11 [File not signed]

====== End of Search ======
 
#11 ·
For FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2020
Ran by Emmanuel (administrator) on DESKTOP-ES3D6SG (HP HP 15 Notebook PC) (09-04-2020 03:00:33)
Running from C:\Users\Emmanuel\Desktop
Loaded Profiles: Emmanuel (Available Profiles: Emmanuel)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atiesrxx.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\ProgramData\360TotalSecurity\DesktopPlus\DesktopPlus64.exe
(CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) [File not signed] C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Emmanuel\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Emmanuel\AppData\Roaming\Dashlane\DashlanePlugin.exe
(FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(IP Izmaylov Artem Andreevich -> AIMP DevTeam) C:\Program Files (x86)\AIMP\AIMP.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Opera Software AS -> Opera Software) C:\Users\Emmanuel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
(Opera Software AS -> Opera Software) C:\Users\Emmanuel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-12] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [413000 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-27] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [80832 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [360DesktopLite] => C:\ProgramData\360TotalSecurity\DesktopPlus\DesktopPlus64.exe [3269472 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Dashlane] => C:\Users\Emmanuel\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-03-24] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [DashlanePlugin] => C:\Users\Emmanuel\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-03-24] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8000600 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Opera Browser Assistant] => C:\Users\Emmanuel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3024920 2020-04-08] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {04db7fb0-5c88-11ea-8bd6-705a0f2c7539} - "G:\SISetup.exe"
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {56d9a3c9-fda6-11e9-8a1a-705a0f2c7539} - "F:\autorun.exe"
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {73585da3-ec9a-11e9-89f5-705a0f2c7539} - "F:\AutoRun.exe"
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\MountPoints2: {73585dd5-ec9a-11e9-89f5-705a0f2c7539} - "F:\AutoRun.exe"
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {27B6A76D-C844-4EB6-9C93-67C7D56798BD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {3ADF9D9D-2845-4156-B48D-DED456B4A3E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4369824 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {413D6B12-91FA-4B80-BDF8-12A3F204E39F} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [688128 2019-01-31] (FreeDownloadManager.org) [File not signed]
Task: {41535747-902B-43A4-942D-615174CDD0A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4217C694-43D6-411F-81B0-96735ECAE4C8} - System32\Tasks\Opera scheduled Autoupdate 1564471381 => C:\Users\Emmanuel\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Task: {4DDF35D6-BB6A-41FA-BD07-1A44F6B1F657} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-04-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {4EF456DB-8A7F-45D3-8612-19B13CC43318} - System32\Tasks\Opera scheduled assistant Autoupdate 1583248820 => C:\Users\Emmanuel\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Task: {59E2B863-1CC6-4168-A12E-DB9826CE859F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {71B25380-2834-443B-AF0F-56141EDEE50B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {817EEF09-276E-4481-96B7-415E926E86E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {94FB226D-9513-4262-B179-06E94D6E6BBF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {AA424FFA-95D6-4EF4-B4F4-48546CB203E7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACBB760B-FFB9-4A02-BC35-070EB9EB5F62} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4475136 2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Task: {C134AA73-59DF-437F-9175-01BAF8F4F545} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4369824 2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5EAB2BE-8FB6-4474-9281-F864027A4626} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv
Task: {D7191A37-83CD-4766-A61B-2BF68408D954} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-ES3D6SG-Emmanuel => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-12] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {D93BF5E6-CE8E-4383-8F1C-A647CF0449CC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-ES3D6SG-Emmanuel DESKTOP-ES3D6SG => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [448704 2015-02-11] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{34bb7739-b7cb-42b6-b8a8-648cd4c89c52}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
SearchScopes: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-10-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: mc3byqaa.default
FF ProfilePath: C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\mc3byqaa.default [2020-04-09]
FF Homepage: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
FF NewTab: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-3975140369-1696558351-1519201624-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-14] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Opera:
=======
OPR Notifications: hxxps://click.infocenter.support; hxxps://herdoperolhan.pro; hxxps://pushmedear.com; hxxps://xyvaw.talkreply.com
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-04-25] (Advanced Micro Devices, Inc. -> )
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atiesrxx.exe [522880 2020-03-14] (Advanced Micro Devices, Inc. -> AMD)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [56256 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11091224 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126520 2011-05-11] (Hewlett-Packard Company -> HP)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-19] (Hewlett-Packard Company -> HP Inc.)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [965472 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
S3 QHProtected; C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe [3147048 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [269816 2020-01-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-22] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-16] (TeamViewer GmbH -> TeamViewer GmbH)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\NisSrv.exe [3630832 2019-09-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [199008 2019-09-20] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [95232 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [343928 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [57848 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
S0 360elam64; C:\Windows\System32\DRIVERS\360elam64.sys [17192 2019-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> 360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [466296 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [317240 2020-04-03] (Beijing Qihu Technology Co., Ltd. -> 360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [96424 2019-09-20] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [36024 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [35848 2019-04-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atikmdag.sys [65740416 2020-03-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0351505.inf_amd64_5938a70929a31401\B351435\atikmpag.sys [590464 2020-03-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103456 2020-03-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [146304 2019-04-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [93240 2020-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [33336 2020-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [156856 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [23224 2016-09-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed]
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-11] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [226376 2020-02-17] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [136040 2019-09-27] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [37112 2015-06-18] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-03-13] (Martin Malik - REALiX -> REALiX(tm))
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [364960 2019-08-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1160280 2020-03-14] (Realtek Semiconductor Corp. -> Realtek )
S3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [8169472 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 RTWlanE02; C:\Windows\System32\drivers\rtwlane02.sys [9625384 2019-05-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46472 2019-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [346336 2019-09-28] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-28] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [35392 2019-11-16] (HP Inc. -> HP)
R3 xtouch; C:\Windows\System32\drivers\xtouch.sys [182800 2020-03-14] (Microsoft Windows Hardware Compatibility Publisher -> )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-09 03:00 - 2020-04-09 03:03 - 000025493 _____ C:\Users\Emmanuel\Desktop\FRST.txt
2020-04-09 02:59 - 2020-04-09 02:59 - 000000000 ____D C:\Users\Emmanuel\Desktop\New folder (3)
2020-04-09 02:37 - 2020-04-09 02:52 - 000000464 _____ C:\Users\Emmanuel\Desktop\Search.txt
2020-04-09 02:11 - 2020-04-09 02:11 - 000000000 ____D C:\Users\Emmanuel\Desktop\FRST-OlderVersion
2020-04-09 02:00 - 2020-04-09 02:00 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Macromedia
2020-04-08 22:28 - 2020-01-20 19:03 - 000000000 ____D C:\Users\Emmanuel\Downloads\[ FreeCourseWeb.com ] Udemy - Voice Training - Vocal Coaching for Effective Leadership
2020-04-08 12:54 - 2020-04-08 12:54 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Lavasoft
2020-04-08 12:54 - 2020-04-08 12:54 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\Lavasoft
2020-04-08 12:54 - 2020-04-08 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-04-08 12:53 - 2020-04-08 12:53 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-04-08 12:52 - 2020-04-08 12:52 - 000000000 ____D C:\ProgramData\Lavasoft
2020-04-08 07:38 - 2020-04-08 07:39 - 195355136 _____ C:\Users\Emmanuel\Downloads\Statuses (1).zip
2020-04-07 16:07 - 2020-04-09 02:47 - 000005290 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-ES3D6SG-Emmanuel DESKTOP-ES3D6SG
2020-04-07 15:25 - 2020-04-07 15:25 - 000024127 _____ C:\Users\Emmanuel\Downloads\download.html
2020-04-07 15:18 - 2020-04-07 15:18 - 033706227 _____ C:\Users\Emmanuel\Downloads\9.1.1.S02E05.480p.WEB-DL.mkv.opdownload
2020-04-07 15:09 - 2020-04-08 13:24 - 058350638 _____ C:\Users\Emmanuel\Downloads\The.Rookie.S01E02.480p.DreamMovie.mkv.opdownload
2020-04-07 15:02 - 2020-04-08 13:24 - 037462063 _____ C:\Users\Emmanuel\Downloads\The.Rookie.S01E01.480p.DreamMovie.mkv.opdownload
2020-04-07 03:19 - 2017-06-04 02:49 - 001630720 _____ (_) C:\Users\Emmanuel\Desktop\PES2017 Multi-Switcher.exe
2020-04-06 13:51 - 2020-04-06 14:02 - 001091518 _____ C:\Users\Emmanuel\Downloads\9.1.1.S02E06.720p.WEB-DL.2CH.x265.mkv
2020-04-06 02:24 - 2020-04-06 02:24 - 008161828 _____ C:\Users\Emmanuel\Downloads\y2mate.com - Praise Is What I Do - William Murphy_vIPKnj-0Czw_360p.mp4
2020-04-06 02:15 - 2020-04-06 02:18 - 038253247 _____ C:\Users\Emmanuel\Downloads\y2mate.com - JUANITA BYNUM LIVE - I DON'T MIND WAITING__hEiGEfm2uE_360p.mp4
2020-04-06 02:09 - 2020-04-06 02:10 - 008832444 _____ C:\Users\Emmanuel\Downloads\y2mate.com - Gh bass lines - Fingering exercises for bass players_J0rd7szn-kw_360p.mp4
2020-04-06 02:02 - 2020-04-06 02:07 - 021382044 _____ C:\Users\Emmanuel\Downloads\y2mate.com - How to Play African GH Local Bass Praises Onyame S3 Ayeyi Praise Bass Cover_1sAbZu33fFc_360p.mp4
2020-04-06 01:59 - 2020-04-06 02:02 - 013904583 _____ C:\Users\Emmanuel\Downloads\y2mate.com - How to play Gh praise bass lines (intermediates) #bassLessons #praises #highlife_nQBLNsgGdcI_360p.mp4
2020-04-04 23:03 - 2020-04-09 03:02 - 000000000 ____D C:\FRST
2020-04-04 21:42 - 2020-04-09 02:11 - 002281472 _____ (Farbar) C:\Users\Emmanuel\Desktop\FRST64.exe
2020-04-04 01:12 - 2020-04-04 21:55 - 395903030 _____ C:\Users\Emmanuel\Downloads\Black.Sails.S03E03.HDTV.x264-KILLERS[eztv].mp4
2020-04-03 20:50 - 2020-04-05 23:38 - 626277920 _____ C:\Windows\MEMORY.DMP
2020-04-03 08:33 - 2020-04-03 08:34 - 000011295 ____H C:\Users\Emmanuel\Desktop\~WRL3430.tmp
2020-04-01 07:44 - 2018-07-07 14:47 - 003211432 _____ (TocaEdit) C:\Users\Emmanuel\Downloads\x360ce_x64.exe
2020-04-01 07:40 - 2020-04-01 07:40 - 001700319 _____ C:\Users\Emmanuel\Downloads\x360ce.zip
2020-04-01 07:39 - 2020-04-01 07:39 - 001700272 _____ C:\Users\Emmanuel\Downloads\x360ce_x64.zip
2020-04-01 07:39 - 2020-04-01 07:39 - 000000000 ____D C:\ProgramData\X360CE
2020-03-31 21:18 - 2020-03-31 21:18 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\2K Sports
2020-03-31 20:07 - 2020-03-31 20:07 - 000001111 _____ C:\Users\Public\Desktop\NBA 2K14.lnk
2020-03-31 20:07 - 2020-03-31 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K14
2020-03-30 22:38 - 2019-12-10 16:51 - 000079351 ____N C:\Users\Emmanuel\Documents\DIGESTION AND ABSORPTION OF TRIACYLCLYCEROLS.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 002082870 ____N C:\Users\Emmanuel\Documents\Food production systems New_2019 PPT.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 001776785 ____N C:\Users\Emmanuel\Documents\FOOD CHEMISTRY 1-2018.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000956919 ____N C:\Users\Emmanuel\Documents\yam fps grp 2 F.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000954510 ____N C:\Users\Emmanuel\Documents\yam fps grp 2 e.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000635743 ____N C:\Users\Emmanuel\Documents\Information Sources UNIT 2.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000262878 ____N C:\Users\Emmanuel\Documents\Edu tech.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000215269 ____N C:\Users\Emmanuel\Documents\Introduction to Information Literacy Lecture(1)-2.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000192049 ____N C:\Users\Emmanuel\Documents\Tools, Strategies & Techniques of Searching Lecture(1)-2.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000158262 ____N C:\Users\Emmanuel\Documents\GROUP 3 POLYMORPHISM.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000101481 ____N C:\Users\Emmanuel\Documents\INFORMATION ORGANIZATION.pptx
2020-03-30 22:38 - 2019-11-28 13:18 - 000033951 ____N C:\Users\Emmanuel\Documents\GROUP 3.pptx
2020-03-30 22:38 - 2019-11-28 13:17 - 003531016 ____N C:\Users\Emmanuel\Documents\Citing Information Sources Lecture-1.pptx
2020-03-30 22:38 - 2019-11-20 20:59 - 000589179 _____ C:\Users\Emmanuel\Documents\DIGESTION AND ABSORPTOPN OF NUTRIENTS-1.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 001659071 ____N C:\Users\Emmanuel\Documents\GLYCOLYSIS.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 000605293 ____N C:\Users\Emmanuel\Documents\Metabolism in tissues.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 000562769 ____N C:\Users\Emmanuel\Documents\LECTURE 2- THE ROLE OF ATP IN METABOLISM.pptx
2020-03-30 22:38 - 2019-11-20 13:31 - 000085159 ____N C:\Users\Emmanuel\Documents\LECTURE ONE - THE NEED FOR ENERGY.pptx
2020-03-29 13:16 - 2020-03-31 16:21 - 000000000 ____D C:\Users\Emmanuel\Downloads\NBA 2K14
2020-03-29 12:31 - 2010-06-02 23:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2020-03-29 12:31 - 2010-06-02 23:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2020-03-29 12:31 - 2010-05-27 06:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2020-03-29 12:31 - 2010-02-05 05:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2020-03-29 12:31 - 2009-09-05 12:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2020-03-29 12:31 - 2009-09-05 12:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2020-03-29 12:31 - 2009-03-17 09:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2020-03-29 12:31 - 2009-03-10 10:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2020-03-29 12:31 - 2008-10-28 05:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2020-03-29 12:31 - 2008-10-16 01:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2020-03-29 12:31 - 2008-08-01 05:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2020-03-29 12:31 - 2008-08-01 05:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2020-03-29 12:31 - 2008-08-01 05:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2020-03-29 12:31 - 2008-07-11 06:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2020-03-29 12:31 - 2008-07-11 06:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2020-03-29 12:31 - 2008-07-11 06:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2020-03-29 12:31 - 2008-07-11 06:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2020-03-29 12:30 - 2008-07-11 06:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2020-03-29 12:30 - 2008-07-11 06:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2020-03-29 12:30 - 2008-05-31 09:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2020-03-29 12:30 - 2008-05-31 09:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2020-03-29 12:30 - 2008-05-31 09:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2020-03-29 12:30 - 2008-05-31 09:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2020-03-29 12:30 - 2008-05-31 09:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2020-03-29 12:30 - 2008-05-31 09:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2020-03-29 12:30 - 2008-05-31 09:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2020-03-29 12:30 - 2008-05-31 09:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2020-03-29 12:30 - 2008-05-31 09:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2020-03-29 12:30 - 2008-03-06 11:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2020-03-29 12:30 - 2008-03-06 11:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2020-03-29 12:30 - 2008-03-06 11:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2020-03-29 12:30 - 2008-03-06 11:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2020-03-29 12:30 - 2008-03-06 11:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2020-03-29 12:30 - 2008-03-06 11:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2020-03-29 12:30 - 2008-03-06 10:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2020-03-29 12:30 - 2008-02-06 18:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2020-03-29 12:30 - 2008-02-06 18:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2020-03-29 12:30 - 2007-10-22 22:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2020-03-29 12:30 - 2007-10-22 22:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2020-03-29 12:30 - 2007-10-22 22:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2020-03-29 12:30 - 2007-10-22 22:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2020-03-29 12:30 - 2007-10-13 10:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2020-03-29 12:30 - 2007-10-03 04:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2020-03-29 12:30 - 2007-10-03 04:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2020-03-29 12:30 - 2007-07-20 19:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2020-03-29 12:30 - 2007-07-20 19:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2020-03-29 12:30 - 2007-07-20 13:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2020-03-29 12:30 - 2007-06-21 15:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2020-03-29 12:30 - 2007-06-21 15:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2020-03-29 12:30 - 2007-05-17 11:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2020-03-29 12:30 - 2007-04-05 13:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2020-03-29 12:30 - 2007-04-05 13:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2020-03-29 12:30 - 2007-04-05 13:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2020-03-29 12:30 - 2007-04-05 13:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2020-03-29 12:30 - 2007-03-16 11:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2020-03-29 12:30 - 2007-03-16 11:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2020-03-29 12:30 - 2007-03-13 11:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2020-03-29 12:30 - 2007-03-06 07:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2020-03-29 12:30 - 2007-03-06 07:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2020-03-29 12:30 - 2007-01-25 10:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2020-03-29 12:30 - 2007-01-25 10:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2020-03-29 12:30 - 2006-12-09 07:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2020-03-29 12:30 - 2006-12-09 07:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2020-03-29 12:30 - 2006-11-30 08:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2020-03-29 12:30 - 2006-09-29 11:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2020-03-29 12:30 - 2006-09-29 11:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2020-03-29 12:30 - 2006-09-29 11:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2020-03-29 12:30 - 2006-09-29 11:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2020-03-29 12:30 - 2006-07-29 04:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2020-03-29 12:30 - 2006-07-29 04:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2020-03-29 12:29 - 2006-07-29 04:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2020-03-29 12:29 - 2006-07-29 04:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2020-03-29 12:29 - 2006-06-01 02:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2020-03-29 12:29 - 2006-06-01 02:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2020-03-29 12:29 - 2006-04-01 07:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2020-03-29 12:29 - 2006-04-01 07:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2020-03-29 12:29 - 2006-04-01 07:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2020-03-29 12:29 - 2006-04-01 07:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2020-03-29 12:29 - 2006-04-01 07:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2020-03-29 12:29 - 2006-04-01 07:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2020-03-29 12:29 - 2006-02-04 03:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2020-03-29 12:29 - 2006-02-04 03:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2020-03-29 12:29 - 2006-02-04 03:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2020-03-29 12:29 - 2006-02-04 03:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2020-03-29 12:29 - 2006-02-04 03:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2020-03-29 12:29 - 2006-02-04 03:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2020-03-29 12:29 - 2005-12-06 13:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2020-03-29 12:29 - 2005-12-06 13:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2020-03-29 12:29 - 2005-07-23 14:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2020-03-29 12:29 - 2005-07-23 14:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2020-03-29 12:29 - 2005-05-27 10:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2020-03-29 12:29 - 2005-05-27 10:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2020-03-29 12:29 - 2005-03-19 12:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2020-03-29 12:29 - 2005-03-19 12:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2020-03-29 12:29 - 2005-02-06 14:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2020-03-29 12:29 - 2005-02-06 14:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2020-03-29 12:28 - 2020-03-29 12:28 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-03-28 02:25 - 2020-03-28 02:25 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\bizarre creations
2020-03-27 10:28 - 2020-03-27 10:28 - 000003160 _____ C:\Windows\system32\Tasks\StartCN
2020-03-27 10:28 - 2020-03-27 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2020-03-27 10:28 - 2020-03-27 10:28 - 000000000 ____D C:\Program Files\ATI Technologies
2020-03-27 10:28 - 2020-03-27 10:28 - 000000000 ____D C:\Program Files (x86)\AMD
2020-03-27 09:56 - 2020-03-27 09:56 - 028201995 _____ C:\Users\Emmanuel\Downloads\FIFA 14 N.S.P 2020 Update v1.0 Micano4u.rar
2020-03-27 09:31 - 2020-03-27 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorePack
2020-03-27 00:42 - 2020-03-27 00:42 - 000000000 ____D C:\CPY_SAVES
2020-03-25 07:49 - 2020-03-25 07:49 - 000089968 _____ C:\Windows\dxdiag.txt
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default\AppData\Local\D3DSCache
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default\AppData\Local\AMD
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default User\AppData\Local\D3DSCache
2020-03-25 07:47 - 2020-03-25 07:47 - 000000000 ____D C:\Users\Default User\AppData\Local\AMD
2020-03-25 03:47 - 2020-03-25 04:00 - 1387637884 _____ C:\Users\Emmanuel\Downloads\audio (2).zip
2020-03-24 05:35 - 2020-03-24 05:35 - 000000000 ____D C:\Users\Emmanuel\Documents\FIFA 17
2020-03-21 19:07 - 2020-04-08 22:19 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\BitTorrent
2020-03-19 20:59 - 2020-03-29 23:10 - 000000000 ____D C:\ProgramData\AMD
2020-03-18 23:14 - 2020-03-18 23:14 - 000313366 _____ C:\Users\Emmanuel\Downloads\WindowsUpdate.diagcab
2020-03-18 22:59 - 2020-03-18 22:59 - 000001428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 ransomware decryption tools.lnk
2020-03-18 22:59 - 2020-03-18 22:59 - 000001416 _____ C:\Users\Public\Desktop\360 ransomware decryption tools.lnk
2020-03-18 22:59 - 2020-03-18 22:59 - 000001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unstall 360 ransomware decryption tools.lnk
2020-03-18 20:26 - 2020-03-18 20:26 - 000000000 ____D C:\Users\Emmanuel\Downloads\Driverpack 17.7.73 Offline [TalhaSofts]
2020-03-18 20:25 - 2020-03-18 20:41 - 000000000 ____D C:\Users\Emmanuel\Downloads\Mastering Harmony Volume 1
2020-03-18 20:04 - 2020-03-18 20:04 - 000000000 ____D C:\Program Files (x86)\HP
2020-03-17 21:15 - 2020-03-17 21:16 - 018863348 _____ C:\Users\Emmanuel\Documents\[Free-scores.com]_orem-preston-ware-harmony-book-for-beginners-96515.pdf
2020-03-17 21:14 - 2020-03-17 21:14 - 000173522 _____ C:\Users\Emmanuel\Documents\Learning_About_Harmony_with_Harmony_Space_An_Overv.pdf
2020-03-17 21:13 - 2020-03-17 21:13 - 000106932 _____ C:\Users\Emmanuel\Documents\HARMONY_A_System_for_Musical_Composition.pdf
2020-03-17 18:52 - 2020-03-17 21:00 - 610738769 ____R C:\Users\Emmanuel\Downloads\[ FreeCourseWeb.com ] Udemy - Voice Training - Vocal Coaching for Effective Leadership.zip
2020-03-17 18:03 - 2020-03-18 02:12 - 000000000 ____D C:\Users\Emmanuel\Downloads\FIFA 17 Super Deluxe Edition [qoob RePack]
2020-03-17 17:59 - 2020-03-17 17:59 - 000000017 _____ C:\Users\Emmanuel\AppData\Local\resmon.resmoncfg
2020-03-17 17:42 - 2020-03-17 17:43 - 004827200 _____ (BitTorrent Inc.) C:\Users\Emmanuel\Downloads\BitTorrent.exe
2020-03-17 17:21 - 2020-04-09 02:35 - 000001971 _____ C:\Users\Emmanuel\Desktop\Dashlane.lnk
2020-03-17 17:21 - 2020-03-17 17:21 - 000001785 _____ C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk
2020-03-17 17:21 - 2020-03-17 17:21 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\Dashlane
2020-03-17 16:49 - 2020-03-17 16:49 - 000695044 _____ C:\Users\Emmanuel\Documents\epdf.pub_the-choir-director.mobi
2020-03-17 16:46 - 2020-03-17 16:46 - 000268756 _____ C:\Users\Emmanuel\Documents\epdf.pub_so-youre-the-new-musical-director.epub
2020-03-17 16:27 - 2020-04-09 02:35 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Dashlane
2020-03-17 16:27 - 2020-03-17 16:27 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2020-03-16 17:23 - 2020-03-16 17:23 - 000002148 _____ C:\Users\Emmanuel\Desktop\Cleanup.lnk
2020-03-16 15:29 - 2020-03-16 15:29 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2020-03-16 02:56 - 2020-03-16 03:04 - 822193972 _____ C:\Users\Emmanuel\Downloads\audio.zip
2020-03-15 00:42 - 2020-03-15 00:42 - 000000165 ____H C:\Users\Emmanuel\Desktop\~$food che 11.pptx
2020-03-14 06:56 - 2020-03-14 23:44 - 000188642 _____ C:\Users\Emmanuel\Desktop\group 4 presentation,molecular genetics.pptx
2020-03-14 02:57 - 2020-03-14 02:39 - 000103456 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2020-03-14 02:43 - 2020-03-17 17:55 - 000000000 ____D C:\Windows\LastGood
2020-03-14 02:40 - 2020-03-14 02:40 - 062866048 _____ C:\Windows\system32\amd_comgr.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 052402032 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 004583040 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 004092544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001729152 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001592448 _____ (AMD) C:\Windows\system32\coinst_19.50.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001241728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001241728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001083944 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 001083944 _____ C:\Windows\system32\vulkan-1.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000942792 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000942792 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000573056 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000490112 _____ C:\Windows\system32\GameManager64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000483968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000467584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000372864 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000240256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000207488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000182912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000161408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000157824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000151680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000136832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000134784 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000134784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000133760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000127728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000123008 _____ C:\Windows\system32\atidxx64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000119936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000106832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000105600 _____ C:\Windows\SysWOW64\atidxx32.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000069248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000045696 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000042624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000019384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-03-14 02:40 - 2020-03-14 02:40 - 000019384 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-03-14 02:39 - 2020-03-14 02:39 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-03-14 02:39 - 2020-03-14 02:39 - 001763968 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 001763968 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 001358464 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 001358464 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000940160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000767616 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000552576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000545320 _____ C:\Windows\system32\amdmiracast.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000542696 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-03-14 02:39 - 2020-03-14 02:39 - 000542696 _____ C:\Windows\system32\atiapfxx.blb
2020-03-14 02:39 - 2020-03-14 02:39 - 000492160 _____ C:\Windows\system32\dgtrayicon.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000482944 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000450176 _____ C:\Windows\system32\atieah64.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000382592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000372352 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000344192 _____ C:\Windows\SysWOW64\atieah32.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000343168 _____ C:\Windows\system32\clinfo.exe
2020-03-14 02:39 - 2020-03-14 02:39 - 000195776 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000165376 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000133936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000127728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2020-03-14 02:39 - 2020-03-14 02:39 - 000121168 _____ C:\Windows\system32\kapp_si.sbin
2020-03-14 02:39 - 2020-03-14 02:39 - 000119424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000118848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000106832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000104576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-03-14 02:39 - 2020-03-14 02:39 - 000069770 _____ C:\Windows\system32\AMDKernelEvents.man
2020-03-14 01:55 - 2020-03-14 01:55 - 000182800 _____ ( ) C:\Windows\system32\Drivers\xtouch.sys
2020-03-14 01:55 - 2020-03-14 01:55 - 000093240 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2020-03-14 01:55 - 2020-03-14 01:55 - 000033336 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2020-03-14 01:36 - 2020-03-14 01:36 - 001747704 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2020-03-14 01:36 - 2020-03-14 01:36 - 001028856 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2020-03-13 12:49 - 2020-01-31 18:57 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450
2020-03-13 12:46 - 2020-03-13 12:46 - 000000024 _____ C:\Windows\system32\WinUpdates105.dat
2020-03-13 12:46 - 2020-03-13 12:46 - 000000003 _____ C:\Windows\system32\wdbcache.tmp
2020-03-13 03:08 - 2020-04-09 02:07 - 000000000 ____D C:\ProgramData\ProductData
2020-03-13 03:04 - 2020-03-14 02:54 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\IObit
2020-03-13 03:03 - 2020-04-09 02:08 - 000000000 ____D C:\Program Files (x86)\IObit
2020-03-13 03:03 - 2020-03-13 03:03 - 000027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2020-03-13 03:01 - 2020-04-09 02:07 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\IObit
2020-03-13 03:01 - 2020-03-17 16:14 - 000000000 ____D C:\ProgramData\IObit
2020-03-13 02:43 - 2020-03-13 02:53 - 024820296 _____ (IObit ) C:\Users\Emmanuel\Downloads\driver_booster_setup.exe
2020-03-12 03:29 - 2020-03-12 03:29 - 000978850 _____ C:\Users\Emmanuel\Documents\UnitopsCh6.pdf
2020-03-10 03:10 - 2020-03-10 03:11 - 034980956 _____ C:\Users\Emmanuel\Downloads\The_Musical_Alphabet_Lesson___u0026_Exercises___StudyBass(360p).mp4
2020-03-10 03:10 - 2020-03-10 03:10 - 018377185 _____ C:\Users\Emmanuel\Downloads\Essential_Bass_Materials_and_Resources___StudyBass(360p).mp4
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-09 03:04 - 2019-09-28 22:01 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\360WD
2020-04-09 03:04 - 2019-09-28 20:43 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\AIMP
2020-04-09 03:03 - 2018-09-15 19:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-09 02:29 - 2020-03-04 12:08 - 000000000 ____D C:\Users\Emmanuel\Downloads\opera autoupdate
2020-04-09 02:23 - 2019-09-28 21:28 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2020-04-09 02:23 - 2019-07-30 17:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-09 02:23 - 2018-09-15 18:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-04-09 02:22 - 2019-07-30 19:54 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-04-09 02:17 - 2020-01-05 06:29 - 000000000 ____D C:\Users\Emmanuel\AppData\LocalLow\Temp
2020-04-09 02:14 - 2019-09-28 21:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-09 02:14 - 2019-08-03 02:13 - 000000000 ____D C:\Games
2020-04-09 02:00 - 2018-09-15 19:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-04-09 02:00 - 2018-09-15 19:33 - 000000000 ____D C:\Windows\system32\Macromed
2020-04-09 02:00 - 2018-09-15 19:31 - 000000000 ____D C:\Windows\INF
2020-04-09 01:23 - 2019-07-30 17:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-09 01:03 - 2020-03-04 03:20 - 000004494 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1583248820
2020-04-09 01:01 - 2019-07-31 18:03 - 000004174 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{2BE24B23-3134-48B3-BBD8-85C49EF80B89}
2020-04-08 23:31 - 2019-07-31 19:05 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\vlc
2020-04-08 09:11 - 2019-09-28 22:00 - 000000000 _RSHD C:\360SANDBOX
2020-04-08 09:10 - 2019-07-30 17:36 - 000000000 ____D C:\Users\Emmanuel
2020-04-07 08:43 - 2019-08-02 20:44 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\Free Download Manager
2020-04-07 03:23 - 2020-01-19 04:13 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\_
2020-04-07 03:15 - 2019-11-11 07:46 - 000000000 ____D C:\Users\Emmanuel\Documents\FIFA 14
2020-04-05 23:38 - 2019-08-07 07:03 - 000000000 ____D C:\Windows\Minidump
2020-04-05 20:13 - 2020-01-05 10:34 - 000000000 ____D C:\Users\Emmanuel\Documents\Sound recordings
2020-04-05 01:03 - 2019-07-30 17:32 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-04 23:01 - 2019-11-24 11:10 - 000000000 __SHD C:\$360Section
2020-04-04 23:01 - 2019-09-28 22:04 - 000000000 ____D C:\ProgramData\360Quarant
2020-04-04 21:09 - 2019-07-30 19:23 - 000004234 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1564471381
2020-04-04 21:09 - 2019-07-30 19:23 - 000001440 _____ C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-04-04 21:06 - 2019-09-28 21:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-03 19:41 - 2020-03-05 21:09 - 000317240 _____ (360安全中心) C:\Windows\system32\Drivers\360Hvm64.sys
2020-04-02 02:03 - 2019-09-28 22:01 - 000000000 ____D C:\ProgramData\360safe
2020-03-31 21:17 - 2019-07-30 19:55 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-31 04:48 - 2018-09-15 19:33 - 000000000 ____D C:\Windows\system32\NDF
2020-03-31 01:59 - 2018-09-15 19:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-03-27 23:08 - 2019-07-31 19:57 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\ElevatedDiagnostics
2020-03-27 10:28 - 2019-07-30 19:54 - 000000000 ____D C:\Program Files\AMD
2020-03-25 07:23 - 2018-09-15 19:33 - 000000000 ____D C:\ProgramData\USOPrivate
2020-03-21 19:13 - 2019-07-30 17:42 - 000003386 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3975140369-1696558351-1519201624-1001
2020-03-21 19:13 - 2019-07-30 17:42 - 000000000 ___RD C:\Users\Emmanuel\OneDrive
2020-03-21 19:13 - 2019-07-30 17:36 - 000002376 _____ C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-19 02:00 - 2020-01-04 04:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-03-19 01:47 - 2018-09-15 19:31 - 000000167 _____ C:\Windows\win.ini
2020-03-18 22:59 - 2019-09-28 21:55 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\360TotalSecurity
2020-03-18 22:59 - 2019-09-28 21:55 - 000000000 ____D C:\Program Files (x86)\360
2020-03-18 20:08 - 2019-07-30 17:17 - 000502768 _____ C:\Windows\system32\FNTCACHE.DAT
2020-03-18 20:07 - 2019-08-07 02:40 - 000011070 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2020-03-18 20:05 - 2019-07-30 20:11 - 000000000 ____D C:\SWSetup
2020-03-18 20:03 - 2019-07-30 20:16 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\DriverPack Cloud
2020-03-18 19:55 - 2019-08-07 02:40 - 000002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2020-03-18 19:53 - 2019-08-07 02:40 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2020-03-18 17:37 - 2019-09-12 17:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-03-17 18:56 - 2019-07-30 19:21 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\PlaceholderTileLogoFolder
2020-03-17 16:30 - 2020-03-05 19:49 - 129753440 _____ C:\Users\Emmanuel\Downloads\nancy.drew.s01e10.480p.mkv.opdownload
2020-03-17 16:02 - 2019-07-30 19:54 - 000000000 ____D C:\AMD
2020-03-16 00:31 - 2019-07-30 17:37 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\Packages
2020-03-15 10:02 - 2019-07-30 17:37 - 000000000 ___RD C:\Users\Emmanuel\3D Objects
2020-03-14 18:31 - 2019-07-08 20:45 - 001160280 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2020-03-14 03:15 - 2019-07-30 17:49 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\Comms
2020-03-14 02:47 - 2019-07-30 20:00 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\AMD
2020-03-14 02:40 - 2017-05-17 13:06 - 000177248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-03-14 02:40 - 2017-05-17 13:06 - 000156600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-03-14 02:39 - 2017-05-17 13:06 - 000759424 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-03-13 05:58 - 2019-07-30 17:37 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Adobe
2020-03-11 12:19 - 2019-07-30 17:37 - 000000000 ____D C:\Users\Emmanuel\AppData\Local\VirtualStore
2020-03-11 12:17 - 2019-09-28 20:43 - 000000638 _____ C:\Windows\Tasks\TrackerAutoUpdate.job
2020-03-11 03:51 - 2019-09-28 20:43 - 000002942 _____ C:\Windows\system32\Tasks\TrackerAutoUpdate
2020-03-11 03:42 - 2020-03-01 09:39 - 000000000 ____D C:\Users\Emmanuel\AppData\Roaming\Microsoft Office
==================== Files in the root of some directories ========
2020-03-17 17:59 - 2020-03-17 17:59 - 000000017 _____ () C:\Users\Emmanuel\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
 
#12 ·
For Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by Emmanuel (09-04-2020 03:05:21)
Running from C:\Users\Emmanuel\Desktop
Windows 10 Pro Version 1809 17763.973 (X64) (2019-07-30 05:32:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3975140369-1696558351-1519201624-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3975140369-1696558351-1519201624-503 - Limited - Disabled)
Emmanuel (S-1-5-21-3975140369-1696558351-1519201624-1001 - Administrator - Enabled) => C:\Users\Emmanuel
Guest (S-1-5-21-3975140369-1696558351-1519201624-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3975140369-1696558351-1519201624-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Total Security (Enabled - Up to date) {2ACC6E6C-C52C-B3B4-DA13-A43E20B1E26D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {91AD8F88-E316-BC3A-E0A3-9F4C5B36A8D0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.3.0.0 - )
360 ransomware decryption tools (HKLM-x32\...\360teslacryptdecoder) (Version: 1.0.0.1271 - 360 Security Center)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.6.0.1338 - 360 Security Center)
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_8_4_1) (Version: 8.4.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2146, 28.08.2019 - AIMP DevTeam)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Dashlane (HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Dashlane) (Version: 6.2013.0.33804 - Dashlane, Inc.)
FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.38.7312 - FreeDownloadManager.ORG)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
K-Lite Codec Pack 13.8.2 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.8.2 - KLCP)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 60.2.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 60.2.0 ESR (x64 en-US)) (Version: 60.2.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.2.0 - Mozilla)
NBA 2K14, версия 1.0.0.0 (HKLM-x32\...\NBA 2K14_is1) (Version: 1.0.0.0 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Opera Stable 67.0.3575.115 (HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Opera 67.0.3575.115) (Version: 67.0.3575.115 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.10 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8881.1 - Realtek Semiconductor Corp.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.6.2452 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Companion (HKLM-x32\...\{6e9170c3-9ca4-4479-b202-20b81732cc4e}) (Version: 4.9.2182.4042 - Lavasoft)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Packages:
=========
Asphalt 8: Airborne -> C:\Program Files\WindowsApps\GAMELOFTSA.Asphalt8Airborne_4.5.0.13_x86__0pp20fcewvvtj [2019-09-28] (GAMELOFT SA)
Bible -> C:\Program Files\WindowsApps\LifeChurch.tv.Bible_2.0.4.37_neutral__d1phjsdba8cbj [2019-08-16] (LifeChurch.tv)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-28] (Dolby Laboratories)
HD video downloader for Youtube -> C:\Program Files\WindowsApps\14531Coder15.HDvideodownloaderforYoutube_2.4.3.0_x64__qy21kws4tmpze [2020-01-31] (Coder15) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2019-08-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2019-08-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-27] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-12-01] (Netflix, Inc.)
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.7.0_x64__jb41c8remg0x2 [2019-12-27] (Polarr)
Sketchable -> C:\Program Files\WindowsApps\SiliconBendersLLC.Sketchable_5.0.13.0_x64__r2kxzpx527qgj [2020-01-23] (Silicon Benders LLC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-09-28] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-02-17] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-09-28] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-02-17] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-25] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-02-17] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-09-28 20:43 - 2019-09-28 20:43 - 000147456 _____ () [File not signed] C:\Program Files (x86)\AIMP\Plugins\aimp_sacd\libsacd.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000026624 _____ () [File not signed] C:\Program Files (x86)\AIMP\Plugins\Aorta\Aorta.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000504038 _____ () [File not signed] C:\Program Files (x86)\AIMP\sqlite3.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000811008 _____ () [File not signed] C:\Program Files (x86)\AIMP\System\Encoders\aimp_libvorbis.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000286208 _____ () [File not signed] C:\Program Files (x86)\AIMP\System\Encoders\lame_enc.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000723456 _____ () [File not signed] C:\Program Files (x86)\AIMP\System\Encoders\libFLAC.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000205824 _____ () [File not signed] C:\Program Files (x86)\AIMP\System\libsoxr.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-08-02 20:44 - 2019-01-31 16:58 - 000037376 _____ () [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2017-04-25 16:17 - 2017-04-25 16:17 - 000851456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-04-25 16:17 - 2017-04-25 16:17 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2019-09-28 21:28 - 2015-02-26 19:00 - 002403504 _____ (Aomei Technology Co., Limited -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000117696 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000289728 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000105408 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000969664 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000105408 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000281536 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000318400 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000072640 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000064448 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Device.dll
2019-09-28 21:28 - 2016-09-27 11:52 - 000179136 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2019-09-28 21:28 - 2016-09-27 11:53 - 000244672 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000031680 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000486336 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000158656 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000125888 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000256960 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000351168 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000080832 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000703424 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000388032 _____ (CHENGDU AOMEI Tech Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 001184704 _____ (CHENGDU AOMEI Tech Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AOMEI Backupper\LIBEAY32.dll
2019-09-28 21:28 - 2016-09-27 11:54 - 000278464 _____ (CHENGDU AOMEI Tech Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AOMEI Backupper\SSLEAY32.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000226304 _____ (Conifer Software) [File not signed] C:\Program Files (x86)\AIMP\System\Encoders\wavpackdll.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000214016 _____ (Florin Ghido, florin.ghido@gmail.com) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_ofr\OptimFROG.dll
2019-08-02 20:44 - 2019-01-31 16:59 - 000436224 _____ (FreeDownloadManager.org) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\common.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000149845 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_aac\bass_aac.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000015113 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_ac3\bass_ac3.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000009416 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_alac\bass_alac.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000029052 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_ape\bass_ape.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000021112 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_mpc\bass_mpc.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000005960 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_ofr\bass_ofr.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000036105 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_spx\bass_spx.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000007910 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_tta\bass_tta.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000464896 _____ (Matthew T. Ashland) [File not signed] C:\Program Files (x86)\AIMP\System\Encoders\MACDll.dll
2019-08-03 03:29 - 2019-08-03 03:29 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
2020-03-17 17:21 - 2020-03-24 02:34 - 001240064 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\libeay32.dll
2020-03-17 17:21 - 2020-03-24 02:34 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\ssleay32.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 21:59 - 2016-09-14 21:59 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-08-02 20:44 - 2019-01-31 17:01 - 005938176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Core.dll
2019-08-02 20:44 - 2018-05-16 01:35 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Gui.dll
2019-08-02 20:44 - 2018-05-16 01:35 - 001256960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Network.dll
2019-08-02 20:44 - 2018-05-16 01:33 - 000207360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Sql.dll
2019-08-02 20:44 - 2018-05-16 01:38 - 005515264 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\Qt5Widgets.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qgif.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qicns.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qico.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000298496 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qjpeg.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qsvg.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qtga.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qtiff.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qwbmp.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\imageformats\qwebp.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 001126400 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\platforms\qwindows.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 004994048 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Core.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 003637248 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Gui.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 001088512 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Network.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000280576 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Positioning.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000278016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5PrintSupport.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 002966016 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Qml.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 002796032 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Quick.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000048640 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5QuickWidgets.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000163840 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Sql.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000268288 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Svg.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000092160 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5WebChannel.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 055062528 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5WebEngineCore.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000190976 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5WebEngineWidgets.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 004590592 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\Qt5Widgets.dll
2020-04-09 02:33 - 2020-03-24 02:34 - 000122368 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Emmanuel\AppData\Roaming\Dashlane\6.2013.0.33804\bin\Qt\styles\qwindowsvistastyle.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000114688 _____ (Thomas Becker, Osnabrueck) [File not signed] C:\Program Files (x86)\AIMP\Plugins\tak_deco_lib\tak_deco_lib.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000127669 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\bass.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000018966 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\aimp_cdda\aimp_cdda_basscd.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000024844 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_flac\bass_flac.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000012000 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_hls\bass_hls.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000052643 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_midi\bass_midi.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000069388 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_opus\bass_opus.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000016652 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_webm\bass_webm.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_wma\bass_wma.dll
2019-09-28 20:43 - 2019-09-28 20:43 - 000028224 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\AIMP\Plugins\bass_wv\bass_wv.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Emmanuel\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice =>
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 19:31 - 2018-09-15 19:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2019-08-02 22:52 - 2020-02-29 12:15 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Reliable Multicast Protocol -> ms_rmcast (enabled)
Wi-Fi: Reliable Multicast Protocol -> ms_rmcast (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4BFA2BF4-7CAE-4A4A-ADDC-943B276FD6CF}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [{DE3672C8-F5F3-48B1-862E-B65FE9439683}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{CB21AFB0-C4C1-4992-A9DC-3B587270B766}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{B8EBCBD0-FBE6-4BBE-B333-BDB1FCA02441}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{DC1778A6-A5D3-4D77-AE0B-9706EFE8A9AE}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{D8605798-043D-4635-B0BB-739518178CC5}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [TCP Query User{312F660F-3EED-4F06-B87F-1C7AFD92EBA9}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [UDP Query User{32D0CE99-CF0B-4A20-AB84-83716A422F70}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe (FreeDownloadManager.org) [File not signed]
FirewallRules: [{6DA0B3EB-AB8C-4707-90DE-FCC7D4F0B090}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B18B8000-C6C2-4914-AC80-C78B9C70DF12}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A26554E6-5B18-471D-B4BC-8B72111294BD}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [{DD5F61B4-F11E-4AAD-8A85-AB69A1C7CFCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{71D555B4-A364-4BCB-A323-F28DE3D961E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{64303620-BA86-4C84-87E5-8C2A894636A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{72BBE143-3239-401C-9B34-421D99AC471A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{98E737F9-A35E-4C18-ACF6-D9ABF0F70D22}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{426F6538-1C5E-4527-BE10-936A1B587513}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4FD9D8B8-BCB4-43B9-AD82-FAFD1C82AE0C}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{75CEF20D-E28F-4375-8B5D-9F625E991FD3}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [TCP Query User{D70ED754-D68D-4A85-ABF5-2C2AC24E63A4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{1B15FE56-BA44-4AA3-B0A7-3CD83AC5E8DB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{931A9DF6-5C51-494C-853A-115D2262A3CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C780DFAD-8EB8-4751-8665-13F8AA9F1946}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0738F7EE-F909-47D0-9DE0-B094CECC62B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BE45D5F-3D7F-49B0-AC4C-23FDC65C3BF2}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{17318724-2DB0-47B6-A571-43C84C8F860E}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{139D6C7A-6A6A-462A-A154-1C7368DAB818}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAB1A8B9-B0EB-41F1-9209-B68BECF77559}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51BF2D47-A008-4AC7-AB9E-1C0F85195305}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4CA9BB7B-584B-4139-887F-8DFD57B1D893}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{864987C5-DCBC-4352-A76F-8136A95D897F}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{530AD87E-53AE-42FF-A85F-C8D2CFF15A71}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{1966DF7F-1DFB-462F-895A-7A4E92DE3E57}] => (Allow) C:\Windows\system32\winrmsrv.exe No File
FirewallRules: [{2A5A995E-8543-46AB-BE09-1972FBD59045}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\DRPSu\Alice\cloud.exe (DriverPack Solution) [File not signed]
FirewallRules: [{C5240554-B679-4525-902B-49C3E2D1B18A}] => (Allow) C:\Users\Emmanuel\AppData\Local\Programs\Opera\67.0.3575.97\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{CC37EBB2-AAA3-4AE3-ADF8-80E1A58DA819}] => (Allow) C:\Users\Emmanuel\AppData\Local\Programs\Opera\67.0.3575.115\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{BC6872AB-C741-426D-86E8-C3D62833333D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{8F25EA86-14B8-483F-822A-C127D1A7869A}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{A1CE1130-064B-43BE-888A-379D1E72A74E}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{EFE19979-3EA7-4F27-9813-0FB93300E4B5}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
==================== Restore Points =========================
02-04-2020 20:36:08 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (04/09/2020 02:14:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (04/09/2020 02:14:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (04/09/2020 02:13:54 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {581f8cf5-b8e9-45c7-92c3-8b9509a2fca2}
Error: (04/08/2020 11:59:12 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/08/2020 10:25:25 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/08/2020 10:15:23 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/08/2020 12:12:36 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]
Error: (04/08/2020 12:02:48 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=B4G3Q
ACID=?
Detailed Error[?]

System errors:
=============
Error: (04/09/2020 03:07:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/09/2020 03:07:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (04/09/2020 03:05:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/09/2020 03:05:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (04/09/2020 03:03:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/09/2020 03:03:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (04/09/2020 03:01:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (04/09/2020 03:01:34 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ES3D6SG)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2020-01-31 03:36:38.631
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-31 03:35:10.103
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-31 03:34:47.627
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-30 14:42:41.943
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {72F35DB4-5329-4828-9D80-8FA33781E844}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-01-30 09:52:30.945
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D13DE47F-F617-4DA9-9489-259028B36D48}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-01-31 03:34:57.726
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.722
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.721
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.686
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-01-31 03:34:57.684
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3019.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2020-04-09 02:27:02.928
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-09 02:26:56.410
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-09 02:26:47.832
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-09 02:26:47.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-09 02:26:02.988
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-09 02:26:01.187
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-09 02:25:46.829
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
Date: 2020-04-09 02:10:16.522
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F.34 12/07/2015
Motherboard: HP 8015
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 73%
Total physical RAM: 3519.03 MB
Available physical RAM: 932.42 MB
Total Virtual: 5055.03 MB
Available Virtual: 1710.12 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:221.02 GB) (Free:74.12 GB) NTFS
Drive d: (Emma) (Fixed) (Total:244.14 GB) (Free:35.56 GB) NTFS
\\?\Volume{eef620fb-b331-4352-9671-b4e2ab4a7180}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{662200f1-5936-4614-9151-16319ea613db}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 44A650CE)
Partition: GPT.
==================== End of Addition.txt =======================
 
#13 ·
Hi, Qwacu.

Until I review your logs again:

Please reply to this question:

Did you intentionally enable notifications from these sites?

Code:
hxxps://click.infocenter.support;
hxxps://herdoperolhan.pro;
hxxps://pushmedear.com;
hxxps://xyvaw.talkreply.com
Also, don't install or uninstall anything, unless you are instructed to do so.
 
#19 ·
Hi, Qwacu.

I'm sorry for the delay.

Web Companion is supposed to be a legitimate program, but it also may have been bundled with a third party software, and has to be uninstalled, since you did not intentionally install it.

Please do not install or uninstall anything during the cleaning procedure, unless you are instructed to do so.

==========================================================================

1. Uninstall a program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
Web Companion
  • Select the above program and click Uninstall.
  • Restart the computer.

2. Run FRST fix


NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
OPR Notifications: hxxps://click.infocenter.support; hxxps://herdoperolhan.pro; hxxps://pushmedear.com; hxxps://xyvaw.talkreply.com
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8000600 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
SearchScopes: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
FF Homepage: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
FF NewTab: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> )
C:\Users\Emmanuel\AppData\LocalLow\BitTorrent
C:\Users\Emmanuel\Downloads\BitTorrent.exe
C:\Program Files (x86)\Lavasoft
C:\Windows\System32\StartupCheckLibrary.dll
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt.
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

3. Run MBAM

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) is unchecked.
Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

4. Run Adware Cleaner


Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

In your next reply, please make sure to post:

  1. The Fixlog.txt content
  2. The MBAM report
  3. AdwCleaner[S0*].txt
 
#20 ·
The fixlog.txt content
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by Emmanuel (11-04-2020 19:10:45) Run:3
Running from C:\Users\Emmanuel\Desktop
Loaded Profiles: Emmanuel (Available Profiles: Emmanuel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
OPR Notifications: hxxps://click.infocenter.support; hxxps://herdoperolhan.pro; hxxps://pushmedear.com; hxxps://xyvaw.talkreply.com
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8000600 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
SearchScopes: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
FF Homepage: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
FF NewTab: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> )
C:\Users\Emmanuel\AppData\LocalLow\BitTorrent
C:\Users\Emmanuel\Downloads\BitTorrent.exe
C:\Program Files (x86)\Lavasoft
C:\Windows\System32\StartupCheckLibrary.dll
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
"OPR Notifications:" => not found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
"HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} => not found
"FF Homepage: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=" => not found
"Firefox newtab" => removed successfully
WCAssistantService => service not found.
"C:\Users\Emmanuel\AppData\LocalLow\BitTorrent" => not found
"C:\Users\Emmanuel\Downloads\BitTorrent.exe" => not found
"C:\Program Files (x86)\Lavasoft" => not found
"C:\Windows\System32\StartupCheckLibrary.dll" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11826337 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 370855635 B
Edge => 17397840 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1814 B
NetworkService => 1814 B
Emmanuel => 2373368 B
RecycleBin => 0 B
EmptyTemp: => 391.1 MB temporary data Removed.
================================

The system needed a reboot.
==== End 2 Fixlog 19:12:52 ====
 
#21 ·
Not sure why you ran again the fixlog.

This is the first one, I received by email almost 9 hours earlier. It is good, and I'm waiting from you to run Malwarebytes and AdwCleaner, and post the requested logs. :)

fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by Emmanuel (11-04-2020 11:15:01) Run:2
Running from C:\Users\Emmanuel\Desktop
Loaded Profiles: Emmanuel (Available Profiles: Emmanuel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
OPR Notifications: hxxps://click.infocenter.support; hxxps://herdoperolhan.pro; hxxps://pushmedear.com; hxxps://xyvaw.talkreply.com
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8000600 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
SearchScopes: HKU\S-1-5-21-3975140369-1696558351-1519201624-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
FF Homepage: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
FF NewTab: Mozilla\Firefox\Profiles\mc3byqaa.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-04-08 12:54:41&bName=
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-08] (LAVASOFT SOFTWARE CANADA INC -> )
C:\Users\Emmanuel\AppData\LocalLow\BitTorrent
C:\Users\Emmanuel\Downloads\BitTorrent.exe
C:\Program Files (x86)\Lavasoft
C:\Windows\System32\StartupCheckLibrary.dll
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
"OPR Notifications" => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-3975140369-1696558351-1519201624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} => removed successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
WCAssistantService => service not found.
C:\Users\Emmanuel\AppData\LocalLow\BitTorrent => moved successfully
C:\Users\Emmanuel\Downloads\BitTorrent.exe => moved successfully
"C:\Program Files (x86)\Lavasoft" => not found
C:\Windows\System32\StartupCheckLibrary.dll => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60247429 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 15292367 B
Edge => 198208752 B
Chrome => 0 B
Firefox => 0 B
Opera => 44625268 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9062 B
NetworkService => 9062 B
Emmanuel => 2942746 B
RecycleBin => 0 B
EmptyTemp: => 313.7 MB temporary data Removed.
================================

The system needed a reboot.
==== End 1 Fixlog 11:18:07 ====
 
#25 ·
Try to temporarily disable your antivirus (360 Total Security):
  • Right click on the tray icon to bring up the menu.
  • Drag the slider at the corner in Protection: On to the left.
Then, try to install Malwarebytes again. Tell me if you are getting the same or similar error.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top