Jump to content

aidan05

Members
  • Content Count

    13
  • Joined

  • Last visited

About aidan05

  • Rank
    New Member
  1. Hey, I ended up doing a system reset and the computer is running perfectly now.
  2. Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection did not find any integrity violations. C:\Users\Plain Sight> dism.zip CBS.zip
  3. Deployment Image Servicing and Management tool Version: 10.0.17134.1 Image Version: 10.0.17134.950 [===========================75.9%============ ] Error: 0x800f081f The source files could not be found. Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
  4. Deployment Image Servicing and Management tool Version: 10.0.17134.1 Image Version: 10.0.17134.950 [==========================100.0%==========================] The component store is repairable. The operation completed successfully.
  5. Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019 Ran by Plain Sight (20-08-2019 11:21:26) Run:2 Running from C:\Users\Plain Sight\Desktop Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe Task: {B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Adobe Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) C:\Users\Aidan\AppData\Local\Adobe C:\Users\Aidan\AppData\Roaming\Adobe C:\ProgramData\Adobe C:\Users\Plain Sight\AppData\Local\Adobe C:\Program Files\Adobe MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdobeUpdateService => 2 HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" Hosts: EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => removed successfully C:\Program Files (x86)\Common Files\Adobe => moved successfully HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. C:\WINDOWS\System32\Tasks\Adobe Uninstaller => moved successfully HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied. C:\Program Files (x86)\Adobe => moved successfully HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied. C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => moved successfully HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. "C:\WINDOWS\System32\Tasks\Adobe Uninstaller" => not found HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied. 4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) => Error: No automatic fix found for this entry. HKLM\System\CurrentControlSet\Services\AGSService => removed successfully AGSService => service removed successfully C:\Users\Aidan\AppData\Local\Adobe => moved successfully C:\Users\Aidan\AppData\Roaming\Adobe => moved successfully C:\ProgramData\Adobe => moved successfully C:\Users\Plain Sight\AppData\Local\Adobe => moved successfully C:\Program Files\Adobe => moved successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc => removed successfully HKLM\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc => not found HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeUpdateService => removed successfully HKLM\System\CurrentControlSet\Services\AdobeUpdateService => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeGCInvoker-1.0" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Adobe Creative Cloud" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Creative Cloud" => not found C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8496431 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 75349 B Edge => 28616702 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 6306 B NetworkService => 0 B Plain Sight => 15317087 B Aidan => 0 B RecycleBin => 12353 B EmptyTemp: => 60.1 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-08-2019 12:12:35) Result of scheduled keys to remove after reboot: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied. ==== End of Fixlog 12:12:35 ==== Deployment Image Servicing and Management tool Version: 10.0.17134.1 Image Version: 10.0.17134.950 The component store is repairable. The operation completed successfully.
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019 Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (20-08-2019 00:40:08) Running from C:\Users\Plain Sight\Desktop Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan) Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe Failed to access process -> CompatTelRunner.exe Failed to access process -> conhost.exe Failed to access process -> conhost.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> dwm.exe Failed to access process -> fontdrvhost.exe Failed to access process -> fontdrvhost.exe Failed to access process -> SppExtComObj.Exe Failed to access process -> wlanext.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software) Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://soundcloud.com/" CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-19] CHR DownloadDir: D:\DOWNLOADS CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14] CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05] CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14] CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14] CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14] CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14] CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16] CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08] CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-19] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru) S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited) S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project) R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. ) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> ) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.) R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-20] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed] S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-20 00:39 - 2019-08-20 00:39 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-20 00:39 - 2019-08-20 00:39 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-20 00:39 - 2019-08-20 00:39 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-20 00:39 - 2019-08-20 00:39 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-20 00:38 - 2019-08-20 00:38 - 000000000 ___HD C:\temp 2019-08-19 12:26 - 2019-08-19 12:26 - 046315064 _____ (Microsoft Corporation) C:\Users\Plain Sight\Desktop\Windows-KB890830-x64-V5.75.exe 2019-08-19 11:37 - 2019-08-19 12:25 - 000012245 _____ C:\Users\Plain Sight\Desktop\Fixlog.txt 2019-08-19 11:35 - 2019-08-19 11:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2019-08-19 01:05 - 2019-08-19 12:33 - 000048279 _____ C:\Users\Plain Sight\Desktop\Addition.txt 2019-08-19 01:03 - 2019-08-20 00:40 - 000020324 _____ C:\Users\Plain Sight\Desktop\FRST.txt 2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe 2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe 2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso 2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD 2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG 2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk 2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub 2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT 2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe 2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup 2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader 2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro 2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro 2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton 2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) 2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon) 2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser 2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA 2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore 2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner 2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe 2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt 2019-08-18 02:18 - 2019-08-20 00:40 - 000000000 ____D C:\FRST 2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt 2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe 2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam 2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms 2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss 2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt 2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set 2019-08-17 15:29 - 2019-08-19 17:08 - 000004096 _____ C:\Users\Plain Sight\PaceKeyChain 2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP 2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube 2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager 2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache 2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe 2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages 2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation 2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan 2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk 2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol 2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform 2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner 2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows 2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild 2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx 2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube 2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral 2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater 2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll 2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys 2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys 2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat 2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-20 00:39 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-20 00:39 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight 2019-08-20 00:39 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-20 00:38 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe 2019-08-20 00:38 - 2018-05-17 10:43 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-08-20 00:38 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-08-20 00:37 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-08-20 00:37 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-08-20 00:36 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files 2019-08-20 00:36 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-20 00:36 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-20 00:36 - 2018-02-14 14:41 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Packages 2019-08-20 00:35 - 2019-01-12 12:54 - 000003268 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller 2019-08-20 00:35 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe 2019-08-20 00:28 - 2018-09-08 11:14 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\MeldaProduction 2019-08-20 00:27 - 2018-09-08 11:14 - 000000000 ____D C:\ProgramData\MeldaProduction 2019-08-20 00:25 - 2018-09-12 10:55 - 000000000 ___RD C:\Program Files\Native Instruments 2019-08-20 00:24 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance 2019-08-20 00:24 - 2018-09-12 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2019-08-20 00:23 - 2018-09-08 11:20 - 000000000 ____D C:\ProgramData\Camel Audio 2019-08-20 00:23 - 2018-09-08 11:20 - 000000000 ____D C:\Program Files\Camel Audio 2019-08-20 00:23 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom 2019-08-20 00:23 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences 2019-08-20 00:17 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-20 00:06 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9} 2019-08-20 00:03 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-19 17:46 - 2018-05-31 18:14 - 000774004 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-19 17:46 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-19 17:09 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps 2019-08-19 17:04 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA 2019-08-19 12:46 - 2018-09-12 10:28 - 000000000 ___RD C:\Program Files\Common Files\Native Instruments 2019-08-19 12:27 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-19 12:25 - 2019-03-01 11:53 - 000000008 __RSH C:\Users\Plain Sight\ntuser.pol 2019-08-19 12:24 - 2018-09-13 10:44 - 000000008 __RSH C:\ProgramData\ntuser.pol 2019-08-19 11:38 - 2017-09-29 23:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2019-08-19 00:53 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-19 00:41 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office 2019-08-19 00:40 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther 2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation 2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages 2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus 2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube 2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys 2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3 2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify 2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify 2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice 2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings 2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog 2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer 2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache 2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance 2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH 2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe 2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects 2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft 2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 ___RD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files 2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter 2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins 2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins 2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl 2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com 2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer 2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk 2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA 2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin ==================== Files in the root of some directories ================ 2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll 2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf 2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf 2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981 2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config 2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019 Ran by Plain Sight (20-08-2019 00:41:21) Running from C:\Users\Plain Sight\Desktop Windows 10 Pro Version 1803 17134.950 (X64) (2018-05-31 08:11:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2762709790-200231504-3683108907-500 - Administrator - Disabled) Aidan (S-1-5-21-2762709790-200231504-3683108907-1002 - Limited - Enabled) => C:\Users\Aidan DefaultAccount (S-1-5-21-2762709790-200231504-3683108907-503 - Limited - Disabled) Guest (S-1-5-21-2762709790-200231504-3683108907-501 - Limited - Disabled) Plain Sight (S-1-5-21-2762709790-200231504-3683108907-1001 - Administrator - Enabled) => C:\Users\Plain Sight WDAGUtilityAccount (S-1-5-21-2762709790-200231504-3683108907-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov) Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton) Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brainworx Plugins Bundle (HKLM\...\Brainworx Plugins Bundle_is1) (Version: 2.0.0 - Brainworx) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.21.0 - Piriform Software) Hidden DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden Endless Smile 1.0.0 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Endless Smile) (Version: 1.0.0 - Dada Life) FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) FXpansion DCAMFreeComp (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\FXpansion DCAMFreeComp) (Version: 1.0.1.7 - FXpansion Audio UK Ltd) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.15.306 - SurfRight B.V.) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation) JBridge (HKLM-x32\...\JBridge) (Version: - JBridge) KClip3 (HKLM\...\KClip3 3.1.3) (Version: 3.1.3 - Kazrog Inc) Kick 2 version 1.1.1 (HKLM\...\Kick 2_is1) (Version: 1.1.1 - Sonic Academy) Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.0.2 - Hermann Schinagl) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Massive (HKLM\...\Massive_is1) (Version: 1.5.5 - Native Instruments & Team V.R) MeldaProduction Audio Plugins 12 (HKLM-x32\...\MeldaProduction Audio Plugins 12) (Version: - MeldaProduction) Melodyne 3.2 (HKLM-x32\...\{2E337869-756A-4E46-A936-0E67FE043A5E}) (Version: 3.2.0202 - Celemony Software GmbH) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang) Mixed in Key (HKLM-x32\...\{F3A4E720-26AE-4EA0-BBCC-9480EAE753EC}) (Version: 8.0.2325.0 - Mixed In Key LLC) Hidden Mixed In Key 8 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\{85c3a10f-312f-40ef-b9ae-21bdd4e92f16}) (Version: 8.0.2325.0 - Mixed In Key LLC) Mp3tag v2.86 (HKLM-x32\...\Mp3tag) (Version: 2.86 - Florian Heidenreich) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation) NVIDIA Graphics Driver 431.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 431.60 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Ozone Imager (HKLM-x32\...\Ozone Imager) (Version: 1.00 - iZotope, Inc.) PACE License Support Win64 (HKLM\...\{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM-x32\...\InstallShield_{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.) Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 5.6.0.0017 - Pioneer DJ Corporation.) rekordbox 5.6.0 64bit (HKLM\...\Pioneer rekordbox 5.6.0) (Version: 5.6.0.0017 - Pioneer DJ) RODE-AI-1-ASIO (HKLM\...\{E54CEBF0-1B4F-4793-841F-C1ABA9F46188}) (Version: 1.1.0 - RØDE Microphones) Softube Installer Helper (HKLM\...\Softube Installer Helper) (Version: 2.4.88 - Softube AB) Softube Saturation Knob (HKLM\...\Softube Saturation Knob) (Version: 2.4.83 - Softube AB) Splice (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\splice) (Version: 3.5.41 - Distributed Creation, Inc.) Spotify (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Spotify) (Version: 1.1.12.451.gdb77255f - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sylenth1 v3.041 (HKLM\...\Sylenth1v3_is1) (Version: - ) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.51.77.1020 - Electronic Arts Inc.) TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 2.1.0 - TP-Link) Trash version 2.0.5 (HKLM-x32\...\{4C809F87-3910-4E10-BEF2-F3C6FEA94E2E}_is1) (Version: 2.0.5 - iZotope) True Iron (HKLM\...\True Iron 1.2.5) (Version: 1.2.5 - Kazrog Inc) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) ValhallaRoom version 1.5.1 (HKLM-x32\...\{A17C42DB-BF2C-4AEC-8B57-C2C3EF052902}_is1) (Version: 1.5.1 - Valhalla DSP, LLC) Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 3.1 - Voxengo) Voxengo Tube Amp (HKLM\...\Voxengo Tube Amp_is1) (Version: 2.5 - Voxengo) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.) Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited) Youlean Loudness Meter 2 version V2.2.3 (HKLM-x32\...\{57AC2129-BA28-47CC-ACC8-BDCE413849DF}_is1) (Version: V2.2.3 - Youlean) Packages: ========= iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-25] (Apple Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-15 11:33 - 2019-08-19 11:38 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2019-01-08 14:53 - 2019-01-12 02:09 - 000000627 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 168.137.173 Mitchs-MBP.mshome.net # 2019 1 2 15 5 4 24 911 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;%INTEL_DEV_REDIST%redist\ia32\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Control Panel\Desktop\\Wallpaper -> D:\Nikon D3400 Photos\Edited\DSC-0098.jpg DNS Servers: 10.0.0.138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MacriumService => 2 MSCONFIG\Services: mracsvc => 3 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NvContainerNetworkService => 3 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: NvTelemetryContainer => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: WindscribeService => 2 HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\StartupApproved\Run: => "OneDriveSetup" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B96986E2-D77C-4673-9378-CBCC13AD94CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{172CDB18-9349-47CE-8557-D6A2A388AC6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{CFE5DEA7-3D47-4F94-82CD-69B0C27ADC80}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{10C66A5A-92B3-439B-8A12-1961A1F8EE8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F263765F-6A3D-40A8-AC04-A93836C95036}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A7D36B6C-26A2-4458-8CD2-7EFB41D30E03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{230698CE-2A07-433B-AD58-8A59DEF58423}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7AC482F0-B09C-46A3-B37F-25FE20FC9748}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{6877EE3D-4300-4F02-8EC3-9C5AED80B992}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{56276421-E310-416D-9081-FAC5E188F7FF}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{4F9066EC-A4A9-4B0F-AD30-B6CFF55BD7B7}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{78D8A76D-428F-40FC-A15A-30F13F78D4A2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{FA112521-A55B-4DF5-8169-1016DF1B2C8A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{546676CD-F39D-4217-82E9-B5ED2D8B8562}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{10864890-700A-4AE1-9F6C-7B84D73F32E4}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{3C6DC639-CC62-4C17-ACDF-54EA74BCF678}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [{0CF87D95-BE64-4D86-B6DD-1B131DAABEE6}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [TCP Query User{064EB254-FCFF-459C-8547-E36BF8D13F51}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{B602DDF4-1C0F-495A-88CA-7A14711209CA}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{9C27E1CF-E117-42A2-A215-E0CC0D94D3B7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [UDP Query User{67986985-E649-4E48-B21C-3E69BC76C59A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{EC09E49B-2132-4F71-92D1-BB5902CC4D3F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{0D1C58CA-8C0D-402C-979F-89E5CC71DE7F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{0C23D427-363A-4F08-B737-AC247A0A34EE}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{760CB771-65BA-4AD4-82EA-3540D1924A9E}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{D8368532-0696-4614-9BF9-3F992C867F9D}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{08DBD07D-B52F-4771-B32E-4918CB5DF76A}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{DEFA1A3B-1F57-4B09-A424-9DE3B524DC85}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation) FirewallRules: [{558C9C11-C174-40C6-B785-B12371A9751E}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{3A4035DB-10E1-4455-8618-9446BDD588F1}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{915CD90C-8EC4-4993-8B65-6E5404A3E13D}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> ) FirewallRules: [{428037CC-F7F7-4D69-A0F2-120EFA02DD65}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> ) FirewallRules: [{A842348A-76D5-4D11-B480-4495BEBFA9C3}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> ) FirewallRules: [{73EB4E2E-556A-4C2D-888B-1405F75177D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B29DC937-137C-42CE-B6B8-5457DDE72C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4C0F8171-80C8-4625-BB93-048160AE132C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2ADC41FE-990B-45DD-A0B4-30A939780D83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{2961FE0F-9EA3-4194-8513-62DBA1CBCC3A}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{FF222A3A-AF5E-413E-9853-97C4D0EA9CFC}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe FirewallRules: [{8D74A5D2-F7E2-401A-9ECD-E37DEAABF361}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{84BD169C-1027-4F6B-841C-97D0A292B49A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{768F9EA5-6FC2-493F-8D66-79560B7BB6D2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6C8C5A9B-BD32-4C2A-BDDA-70D8FD1703BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{861A613E-B2DC-42C0-B47E-DCB5599CD4B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B146E6CD-F2C0-4F7B-A632-DB2B6962C937}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F7F06B1B-C9E0-4908-A1A6-75159D83A0AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{78C59764-B639-41EE-9A0A-201E617F0D87}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EFD255BB-15E1-4BEE-9B6C-C3C38B0FB08C}] => (Allow) D:\Music Production\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation) FirewallRules: [{C3931EE7-A974-4BC6-898B-20EE2ECBB3F1}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{A4A6B655-4C97-422E-B343-E990C3C0F2CA}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{6BF22A09-E365-4058-9527-1B251D8B5A92}] => (Allow) D:\Music Production\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> ) FirewallRules: [{C97DAE21-F8B6-4717-A590-8676060D7A88}] => (Allow) D:\Music Production\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> ) FirewallRules: [{272D851C-D5D7-44CA-A77C-32E8AA0E47D8}] => (Allow) D:\Music Production\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> ) ==================== Restore Points ========================= 18-08-2019 17:12:57 Windows Update 19-08-2019 12:37:04 Removed Melodyne Runtime 4.1 (x64) 19-08-2019 12:37:46 Removed Melodyne Runtime 4.1 (x64) 19-08-2019 12:39:12 Removed Melodyne Runtime 4.1 (x64) 19-08-2019 12:44:37 Removed Melodyne Runtime 4.1 (x64) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/20/2019 12:39:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.17134.753 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 8b0 Start Time: 01d5569be9baf54f Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: ffbd27c5-8925-4cd9-8152-8f23a52bd491 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Error: (08/19/2019 05:09:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ableton Live 10 Suite.exe, version: 1.0.0.1, time stamp: 0x5a63f107 Faulting module name: ntdll.dll, version: 10.0.17134.799, time stamp: 0x7f828745 Exception code: 0xc0000026 Fault offset: 0x000000000009a458 Faulting process id: 0x247c Faulting application start time: 0x01d5565cfc992958 Faulting application path: E:\Daw\Program\Ableton Live 10 Suite.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: b1c0d657-3574-4b68-abeb-37602036b250 Faulting package full name: Faulting package-relative application ID: Error: (08/19/2019 01:22:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program MicrosoftEdgeCP.exe version 11.0.17134.915 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2318 Start Time: 01d5563c45073cea Termination Time: 9 Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Report Id: 55bf14d3-904a-4a6f-a2c8-1b5143bfc319 Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess Error: (08/19/2019 12:29:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/19/2019 11:38:23 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/19/2019 11:37:34 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {027aca1a-a02a-41af-b5eb-078a0805e9bf} Error: (08/19/2019 12:20:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Exception code: 0xc0000005 Fault offset: 0x000000000006822e Faulting process id: 0x26e0 Faulting application start time: 0x01d555d00df4fec9 Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: 756a2a4d-624d-474d-9910-c24c390ad84c Faulting package full name: Faulting package-relative application ID: Error: (08/19/2019 12:16:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Exception code: 0xc0000005 Fault offset: 0x000000000006822e Faulting process id: 0x2828 Faulting application start time: 0x01d555cf88d01ffe Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: b196ded3-07dd-44b6-8cd1-0f37353bf794 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/20/2019 12:41:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/20/2019 12:41:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/20/2019 12:39:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The luafv service failed to start due to the following error: This driver has been blocked from loading Error: (08/19/2019 07:12:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0xc1900130: Feature update to Windows 10, version 1903. Error: (08/19/2019 12:44:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/19/2019 12:44:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/19/2019 12:44:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The luafv service failed to start due to the following error: This driver has been blocked from loading Error: (08/19/2019 12:25:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2019-08-19 11:35:40.014 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0 Name: Trojan:VBS/Mountsi.A!ml ID: 2147726485 Severity: Severe Category: Trojan Path: amsi:_C:\Windows\System32\wscript.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: AMSI Process Name: C:\Windows\System32\wscript.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 01:02:47.677 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0 Name: Trojan:VBS/Mountsi.A!ml ID: 2147726485 Severity: Severe Category: Trojan Path: amsi:_C:\Windows\System32\wscript.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: AMSI Process Name: C:\Windows\System32\wscript.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 01:00:40.203 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0 Name: Trojan:VBS/Mountsi.A!ml ID: 2147726485 Severity: Severe Category: Trojan Path: amsi:_C:\Windows\System32\wscript.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: AMSI Process Name: C:\Windows\System32\wscript.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 00:54:26.047 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Generic.SV!ml&threatid=2147739306&enterprise=0 Name: Behavior:Win32/Generic.SV!ml ID: 2147739306 Severity: Severe Category: Suspicious Behavior Path: file:_C:\Wlndows\system32\CPU64.exe; regkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64; runkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 00:53:55.959 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Wlndows\system32\Desktop-64.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 00:27:56.986 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.299.2303.0 Previous Signature Version: 1.299.2298.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.16200.1 Previous Engine Version: 1.1.16200.1 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2019-08-19 00:27:56.986 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.299.2303.0 Previous Signature Version: 1.299.2298.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.16200.1 Previous Engine Version: 1.1.16200.1 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2019-08-18 17:37:12.196 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.2296.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2019-08-18 17:27:08.388 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-18 03:09:39.230 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =================================== Date: 2019-08-19 23:53:07.362 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-19 23:52:47.867 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-19 23:52:35.985 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-19 22:53:15.009 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-19 22:52:57.027 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-19 22:52:44.208 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-18 03:58:19.662 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-18 03:58:19.404 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: American Megatrends Inc. F8 09/01/2017 Motherboard: Gigabyte Technology Co., Ltd. AX370-Gaming 5 Processor: AMD Ryzen 7 1700 Eight-Core Processor Percentage of memory in use: 14% Total physical RAM: 16332.45 MB Available physical RAM: 13893.7 MB Total Virtual: 18764.45 MB Available Virtual: 15400.54 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:446.53 GB) (Free:330.02 GB) NTFS Drive d: (New Space) (Fixed) (Total:931.51 GB) (Free:682.72 GB) NTFS Drive e: (New Volume) (Fixed) (Total:111.19 GB) (Free:46.84 GB) NTFS \\?\Volume{a32efc1d-78c8-4d69-9554-243a67203579}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{2bc682b4-f735-407c-8e26-a64599b677ed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{bf261472-0e6a-4017-a399-46a6853c0063}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 \\?\Volume{5e21c628-89f4-43b7-9300-7e1a0d43cbbb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 447.1 GB) (Disk ID: DBE17137) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2AD450F8) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  7. The scan got stuck at 76.3% Then error 0x800f081f appeared. The source files could not be found. Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log Also after turning my computer back on another different Trojan was found by Malwarebytes. Here's the log. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/19/19 Scan Time: 11:52 PM Log File: 943ee19c-c288-11e9-939d-e0d55e26dd73.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12083 License: Trial -System Information- OS: Windows 10 (Build 17134.950) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 327322 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 2 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Agent.VBS, C:\PROGRAMDATA\ADOBE\INFO.VBS, Quarantined, [1139], [721998],1.0.12083 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  8. Hey the PC is running perfectly. There is no lag whatsoever and the task manager now stays open with only Malwarebytes running in the processes. I also scanned with Malwarebytes and no threats were detected. The command prompt results were: The component store is repairable The operation completed successfully
  9. Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019 Ran by Plain Sight (19-08-2019 11:37:34) Run:1 Running from C:\Users\Plain Sight\Desktop Loaded Profiles: Plain Sight & (Available Profiles: Plain Sight & Aidan) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] () HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] () HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [info] => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed] HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Smart Cleaning] => \ [0 0000-00-00] () GroupPolicy: Restriction - Windows Defender <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29} - System32\Tasks\infos => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed] S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru) S1 bntdyoll; \??\C:\WINDOWS\system32\drivers\bntdyoll.sys [X] S1 cfhhvaru; \??\C:\WINDOWS\system32\drivers\cfhhvaru.sys [X] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File AlternateDataStreams: C:\ProgramData:6B903AE9C7DCF017 [1] AlternateDataStreams: C:\Users\All Users:6B903AE9C7DCF017 [1] AlternateDataStreams: C:\ProgramData\Application Data:6B903AE9C7DCF017 [1] FirewallRules: [{14FE59C2-4ACF-48D0-B190-0F6DFF8C54AC}] => (Allow) 㩃啜敳獲停慬湩匠杩瑨䅜灰慄慴剜慯業杮楜普卯睩楜普卯睩攮數 No File FirewallRules: [{8AF6B2A7-C1C2-4E3D-87A5-E1396637233C}] => (Allow) 㩃啜敳獲停慬湩匠杩瑨䅜灰慄慴剜慯業杮楜普卯睩剜湵䥓攮數 No File C:\Wlndows\system32\CPU64.exe C:\Wlndows\system32\Desktop-64.exe File: C:\urls.set Hosts: CMD: winmgmt /verifyrepository CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully "HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Cleaning" => removed successfully "HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Cleaning" => not found "HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\info" => removed successfully "HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Smart Cleaning" => removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\system32\GroupPolicy\User => moved successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29}" => removed successfully C:\WINDOWS\System32\Tasks\infos => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\infos" => removed successfully HKLM\System\CurrentControlSet\Services\mracdrv => removed successfully mracdrv => service removed successfully HKLM\System\CurrentControlSet\Services\bntdyoll => removed successfully bntdyoll => service removed successfully HKLM\System\CurrentControlSet\Services\cfhhvaru => removed successfully cfhhvaru => service removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found C:\ProgramData => ":6B903AE9C7DCF017" ADS removed successfully "C:\Users\All Users" => ":6B903AE9C7DCF017" ADS not found. "C:\ProgramData\Application Data" => ":6B903AE9C7DCF017" ADS not found. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14FE59C2-4ACF-48D0-B190-0F6DFF8C54AC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AF6B2A7-C1C2-4E3D-87A5-E1396637233C}" => removed successfully "C:\Wlndows\system32\CPU64.exe" => not found "C:\Wlndows\system32\Desktop-64.exe" => not found ========================= File: C:\urls.set ======================== C:\urls.set File not signed MD5: 64547C10B84F6061686AAEB1DEF4817E Creation and modification date: 2019-08-18 01:12 - 2019-08-18 01:12 Size: 000034608 Attributes: ----A Company Name: Internal Name: Original Name: Product: Description: File Version: Product Version: Copyright: VirusTotal: 0 ====== End of File: ====== C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= winmgmt /verifyrepository ========= WMI repository is consistent ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Error: Unable to rebuild performance counter setting from system backup store, error code is 2 ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 89812075 B Java, Flash, Steam htmlcache => 298023214 B Windows/system/drivers => 5995325 B Edge => 61742062 B Chrome => 1712095 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 1760 B LocalService => 0 B NetworkService => 9750 B NetworkService => 0 B Plain Sight => 71619347 B Aidan => 5300453 B RecycleBin => 134025 B EmptyTemp: => 519.6 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-08-2019 12:25:08) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected ==== End of Fixlog 12:25:08 ==== --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.75, August 2019 (build 5.75.16236.1) Started On Mon Aug 19 12:27:21 2019 Engine: 1.1.16200.1 Signatures: 1.299.474.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 19 12:29:36 2019 Return code: 0 (0x0) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019 Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (19-08-2019 12:30:44) Running from C:\Users\Plain Sight\Desktop Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan) Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.) HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {31FE867F-A9E8-42A9-AC75-3945DC277B69} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe) Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software) Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7EDEDA80-3D13-4E30-A7CE-783BEFE9D46D} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.) Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F4DEE80D-4D79-4D0E-A1B6-79F3E1106CBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-14] (Adobe Inc. -> Adobe) Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://soundcloud.com/" CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-19] CHR DownloadDir: D:\DOWNLOADS CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14] CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05] CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14] CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14] CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14] CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14] CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16] CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08] CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-19] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru) S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited) S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project) R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. ) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> ) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.) R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed] S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-19 12:26 - 2019-08-19 12:26 - 046315064 _____ (Microsoft Corporation) C:\Users\Plain Sight\Desktop\Windows-KB890830-x64-V5.75.exe 2019-08-19 12:25 - 2019-08-19 12:25 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-19 12:24 - 2019-08-19 12:24 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-19 12:24 - 2019-08-19 12:24 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-19 11:37 - 2019-08-19 12:25 - 000012245 _____ C:\Users\Plain Sight\Desktop\Fixlog.txt 2019-08-19 11:35 - 2019-08-19 11:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2019-08-19 01:05 - 2019-08-19 01:06 - 000051914 _____ C:\Users\Plain Sight\Desktop\Addition.txt 2019-08-19 01:03 - 2019-08-19 12:31 - 000022581 _____ C:\Users\Plain Sight\Desktop\FRST.txt 2019-08-19 01:02 - 2019-08-19 12:24 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe 2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe 2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso 2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD 2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG 2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk 2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub 2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT 2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe 2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup 2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader 2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro 2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro 2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton 2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) 2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon) 2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser 2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA 2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore 2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner 2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe 2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt 2019-08-18 02:18 - 2019-08-19 12:30 - 000000000 ____D C:\FRST 2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt 2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe 2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam 2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms 2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss 2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt 2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set 2019-08-17 15:29 - 2019-08-18 19:31 - 000004608 _____ C:\Users\Plain Sight\PaceKeyChain 2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP 2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube 2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager 2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache 2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe 2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages 2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation 2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan 2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk 2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol 2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform 2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner 2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows 2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild 2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx 2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube 2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral 2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater 2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll 2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys 2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys 2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat 2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-19 12:27 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-19 12:27 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA 2019-08-19 12:25 - 2019-03-01 11:53 - 000000008 __RSH C:\Users\Plain Sight\ntuser.pol 2019-08-19 12:25 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight 2019-08-19 12:24 - 2018-09-13 10:44 - 000000008 __RSH C:\ProgramData\ntuser.pol 2019-08-19 12:24 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-19 12:24 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-19 12:24 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-19 12:24 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-19 11:40 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-08-19 11:38 - 2017-09-29 23:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2019-08-19 11:35 - 2018-05-31 18:14 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-19 00:53 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-19 00:41 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office 2019-08-19 00:40 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-19 00:20 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps 2019-08-18 23:16 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9} 2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther 2019-08-18 17:38 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation 2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-18 03:12 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages 2019-08-18 02:09 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus 2019-08-17 15:32 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom 2019-08-17 15:32 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences 2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube 2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys 2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3 2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify 2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify 2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice 2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings 2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-08-17 00:42 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe 2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog 2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer 2019-08-16 13:13 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files 2019-08-16 13:13 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe 2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache 2019-08-15 12:04 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance 2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance 2019-08-15 10:47 - 2019-05-02 14:48 - 000000000 ____D C:\Program Files\Common Files\Celemony 2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH 2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Users\Public\Documents\Adobe 2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Program Files\Common Files\Adobe 2019-08-15 10:46 - 2019-01-12 12:54 - 000003274 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller 2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe 2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects 2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft 2019-08-14 18:38 - 2018-11-28 09:19 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 __RHD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files 2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter 2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins 2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins 2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl 2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com 2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer 2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk 2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA 2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin ==================== Files in the root of some directories ================ 2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll 2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf 2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf 2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981 2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config 2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019 Ran by Plain Sight (19-08-2019 12:32:00) Running from C:\Users\Plain Sight\Desktop Windows 10 Pro Version 1803 17134.950 (X64) (2018-05-31 08:11:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2762709790-200231504-3683108907-500 - Administrator - Disabled) Aidan (S-1-5-21-2762709790-200231504-3683108907-1002 - Limited - Enabled) => C:\Users\Aidan DefaultAccount (S-1-5-21-2762709790-200231504-3683108907-503 - Limited - Disabled) Guest (S-1-5-21-2762709790-200231504-3683108907-501 - Limited - Disabled) Plain Sight (S-1-5-21-2762709790-200231504-3683108907-1001 - Administrator - Enabled) => C:\Users\Plain Sight WDAGUtilityAccount (S-1-5-21-2762709790-200231504-3683108907-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov) Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.238 - Adobe) Adobe Lightroom (HKLM-x32\...\LRCC_2_3) (Version: 2.3 - Adobe Systems Incorporated) Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1) (Version: 13.1 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brainworx Plugins Bundle (HKLM\...\Brainworx Plugins Bundle_is1) (Version: 2.0.0 - Brainworx) Camel Audio CamelCrusher64 (HKLM-x32\...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.21.0 - Piriform Software) Hidden DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden Endless Smile 1.0.0 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Endless Smile) (Version: 1.0.0 - Dada Life) FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) FXpansion DCAMFreeComp (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\FXpansion DCAMFreeComp) (Version: 1.0.1.7 - FXpansion Audio UK Ltd) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.15.306 - SurfRight B.V.) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation) JBridge (HKLM-x32\...\JBridge) (Version: - JBridge) KClip3 (HKLM\...\KClip3 3.1.3) (Version: 3.1.3 - Kazrog Inc) Kick 2 version 1.1.1 (HKLM\...\Kick 2_is1) (Version: 1.1.1 - Sonic Academy) Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.0.2 - Hermann Schinagl) Maag Audio EQ4 (HKLM\...\EQ4_is1) (Version: 1.9.0 - Maag Audio) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Massive (HKLM\...\Massive_is1) (Version: 1.5.5 - Native Instruments & Team V.R) MeldaProduction Audio Plugins 12 (HKLM-x32\...\MeldaProduction Audio Plugins 12) (Version: - MeldaProduction) Melodyne 3.2 (HKLM-x32\...\{2E337869-756A-4E46-A936-0E67FE043A5E}) (Version: 3.2.0202 - Celemony Software GmbH) Hidden Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang) Mixed in Key (HKLM-x32\...\{F3A4E720-26AE-4EA0-BBCC-9480EAE753EC}) (Version: 8.0.2325.0 - Mixed In Key LLC) Hidden Mixed In Key 8 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\{85c3a10f-312f-40ef-b9ae-21bdd4e92f16}) (Version: 8.0.2325.0 - Mixed In Key LLC) Mp3tag v2.86 (HKLM-x32\...\Mp3tag) (Version: 2.86 - Florian Heidenreich) Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.1.54 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation) NVIDIA Graphics Driver 431.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 431.60 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Ozone Imager (HKLM-x32\...\Ozone Imager) (Version: 1.00 - iZotope, Inc.) PACE License Support Win64 (HKLM\...\{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM-x32\...\InstallShield_{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.) Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 5.6.0.0017 - Pioneer DJ Corporation.) REFERENCE version 1.0 (HKLM\...\{07930B10-B999-4B4D-AC62-FA8891F93151}_is1) (Version: 1.0 - 29 Palms Ltd) rekordbox 5.6.0 64bit (HKLM\...\Pioneer rekordbox 5.6.0) (Version: 5.6.0.0017 - Pioneer DJ) RODE-AI-1-ASIO (HKLM\...\{E54CEBF0-1B4F-4793-841F-C1ABA9F46188}) (Version: 1.1.0 - RØDE Microphones) Softube Installer Helper (HKLM\...\Softube Installer Helper) (Version: 2.4.88 - Softube AB) Softube Saturation Knob (HKLM\...\Softube Saturation Knob) (Version: 2.4.83 - Softube AB) Sonalksis Plug-in Manager 3.01 (HKLM-x32\...\{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1) (Version: - Sienda New Media Technologies GmbH) Sonic Charge Bitspeek (HKLM-x32\...\Sonic Charge Bitspeek) (Version: 1.5 - NuEdge Development) Sonic Charge Plugins (HKLM-x32\...\Sonic Charge Plugins) (Version: 2017-02-02 - NuEdge Development) Sonic Charge Synplant (HKLM-x32\...\Sonic Charge Synplant) (Version: 1.2.2 - NuEdge Development) Splice (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\splice) (Version: 3.5.41 - Distributed Creation, Inc.) Spotify (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Spotify) (Version: 1.1.12.451.gdb77255f - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sylenth1 v3.041 (HKLM\...\Sylenth1v3_is1) (Version: - ) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.51.77.1020 - Electronic Arts Inc.) TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 2.1.0 - TP-Link) Trash version 2.0.5 (HKLM-x32\...\{4C809F87-3910-4E10-BEF2-F3C6FEA94E2E}_is1) (Version: 2.0.5 - iZotope) True Iron (HKLM\...\True Iron 1.2.5) (Version: 1.2.5 - Kazrog Inc) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) ValhallaRoom version 1.5.1 (HKLM-x32\...\{A17C42DB-BF2C-4AEC-8B57-C2C3EF052902}_is1) (Version: 1.5.1 - Valhalla DSP, LLC) Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 3.1 - Voxengo) Voxengo Tube Amp (HKLM\...\Voxengo Tube Amp_is1) (Version: 2.5 - Voxengo) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.) Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited) Youlean Loudness Meter 2 version V2.2.3 (HKLM-x32\...\{57AC2129-BA28-47CC-ACC8-BDCE413849DF}_is1) (Version: V2.2.3 - Youlean) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-17] (Adobe Systems Incorporated) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-25] (Apple Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2762709790-200231504-3683108907-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-18AA609A9867} -> [Creative Cloud Files] => C:\Users\Plain Sight\Creative Cloud Files [2018-08-02 10:07] CustomCLSID: HKU\S-1-5-21-2762709790-200231504-3683108907-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm ==================== Loaded Modules (Whitelisted) ============== 2018-12-28 20:31 - 2018-12-28 20:31 - 000488880 _____ (Hermann Schinagl -> Hermann Schinagl) [File not signed] C:\Program Files\LinkShellExtension\HardlinkShellExt.dll 2018-03-20 09:29 - 2018-01-29 01:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-15 11:33 - 2019-08-19 11:38 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2019-01-08 14:53 - 2019-01-12 02:09 - 000000627 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 168.137.173 Mitchs-MBP.mshome.net # 2019 1 2 15 5 4 24 911 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;%INTEL_DEV_REDIST%redist\ia32\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Control Panel\Desktop\\Wallpaper -> D:\Nikon D3400 Photos\Edited\DSC-0098.jpg DNS Servers: 10.0.0.138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MacriumService => 2 MSCONFIG\Services: mracsvc => 3 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NvContainerNetworkService => 3 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: NvTelemetryContainer => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: WindscribeService => 2 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B96986E2-D77C-4673-9378-CBCC13AD94CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{172CDB18-9349-47CE-8557-D6A2A388AC6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{CFE5DEA7-3D47-4F94-82CD-69B0C27ADC80}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{10C66A5A-92B3-439B-8A12-1961A1F8EE8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F263765F-6A3D-40A8-AC04-A93836C95036}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A7D36B6C-26A2-4458-8CD2-7EFB41D30E03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{230698CE-2A07-433B-AD58-8A59DEF58423}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7AC482F0-B09C-46A3-B37F-25FE20FC9748}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{6877EE3D-4300-4F02-8EC3-9C5AED80B992}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{56276421-E310-416D-9081-FAC5E188F7FF}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{4F9066EC-A4A9-4B0F-AD30-B6CFF55BD7B7}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{78D8A76D-428F-40FC-A15A-30F13F78D4A2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{FA112521-A55B-4DF5-8169-1016DF1B2C8A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{546676CD-F39D-4217-82E9-B5ED2D8B8562}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{10864890-700A-4AE1-9F6C-7B84D73F32E4}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{3C6DC639-CC62-4C17-ACDF-54EA74BCF678}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [{0CF87D95-BE64-4D86-B6DD-1B131DAABEE6}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [TCP Query User{064EB254-FCFF-459C-8547-E36BF8D13F51}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{B602DDF4-1C0F-495A-88CA-7A14711209CA}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{9C27E1CF-E117-42A2-A215-E0CC0D94D3B7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [UDP Query User{67986985-E649-4E48-B21C-3E69BC76C59A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{EC09E49B-2132-4F71-92D1-BB5902CC4D3F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{0D1C58CA-8C0D-402C-979F-89E5CC71DE7F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{0C23D427-363A-4F08-B737-AC247A0A34EE}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{760CB771-65BA-4AD4-82EA-3540D1924A9E}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{D8368532-0696-4614-9BF9-3F992C867F9D}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{08DBD07D-B52F-4771-B32E-4918CB5DF76A}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{DEFA1A3B-1F57-4B09-A424-9DE3B524DC85}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation) FirewallRules: [{558C9C11-C174-40C6-B785-B12371A9751E}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{3A4035DB-10E1-4455-8618-9446BDD588F1}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{915CD90C-8EC4-4993-8B65-6E5404A3E13D}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> ) FirewallRules: [{428037CC-F7F7-4D69-A0F2-120EFA02DD65}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> ) FirewallRules: [{A842348A-76D5-4D11-B480-4495BEBFA9C3}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> ) FirewallRules: [{73EB4E2E-556A-4C2D-888B-1405F75177D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B29DC937-137C-42CE-B6B8-5457DDE72C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4C0F8171-80C8-4625-BB93-048160AE132C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2ADC41FE-990B-45DD-A0B4-30A939780D83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{2961FE0F-9EA3-4194-8513-62DBA1CBCC3A}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{FF222A3A-AF5E-413E-9853-97C4D0EA9CFC}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe FirewallRules: [{8D74A5D2-F7E2-401A-9ECD-E37DEAABF361}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{84BD169C-1027-4F6B-841C-97D0A292B49A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{768F9EA5-6FC2-493F-8D66-79560B7BB6D2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6C8C5A9B-BD32-4C2A-BDDA-70D8FD1703BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{861A613E-B2DC-42C0-B47E-DCB5599CD4B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B146E6CD-F2C0-4F7B-A632-DB2B6962C937}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F7F06B1B-C9E0-4908-A1A6-75159D83A0AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{78C59764-B639-41EE-9A0A-201E617F0D87}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EFD255BB-15E1-4BEE-9B6C-C3C38B0FB08C}] => (Allow) D:\Music Production\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation) FirewallRules: [{C3931EE7-A974-4BC6-898B-20EE2ECBB3F1}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{A4A6B655-4C97-422E-B343-E990C3C0F2CA}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.) FirewallRules: [{6BF22A09-E365-4058-9527-1B251D8B5A92}] => (Allow) D:\Music Production\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> ) FirewallRules: [{C97DAE21-F8B6-4717-A590-8676060D7A88}] => (Allow) D:\Music Production\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> ) FirewallRules: [{272D851C-D5D7-44CA-A77C-32E8AA0E47D8}] => (Allow) D:\Music Production\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> ) ==================== Restore Points ========================= 18-08-2019 17:12:57 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2019 12:29:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/19/2019 11:38:23 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/19/2019 11:37:34 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {027aca1a-a02a-41af-b5eb-078a0805e9bf} Error: (08/19/2019 12:20:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Exception code: 0xc0000005 Fault offset: 0x000000000006822e Faulting process id: 0x26e0 Faulting application start time: 0x01d555d00df4fec9 Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: 756a2a4d-624d-474d-9910-c24c390ad84c Faulting package full name: Faulting package-relative application ID: Error: (08/19/2019 12:16:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Exception code: 0xc0000005 Fault offset: 0x000000000006822e Faulting process id: 0x2828 Faulting application start time: 0x01d555cf88d01ffe Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: b196ded3-07dd-44b6-8cd1-0f37353bf794 Faulting package full name: Faulting package-relative application ID: Error: (08/19/2019 12:12:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Exception code: 0xc0000005 Fault offset: 0x000000000006822e Faulting process id: 0x21d4 Faulting application start time: 0x01d555ceebd9a3e1 Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: 6df0404c-951d-4053-8b5d-ba06aa3817eb Faulting package full name: Faulting package-relative application ID: Error: (08/19/2019 12:07:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68 Exception code: 0xc0000005 Fault offset: 0x000000000006822e Faulting process id: 0x25e4 Faulting application start time: 0x01d555ce47084690 Faulting application path: C:\WINDOWS\System32\Taskmgr.exe Faulting module path: C:\WINDOWS\System32\Taskmgr.exe Report Id: 7b53026f-dcf2-49d8-8ce8-c5d6ed213c92 Faulting package full name: Faulting package-relative application ID: Error: (08/18/2019 07:29:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-OTIH9CI) Description: Product: Bonjour -- A later version of Bonjour is already installed on this computer. System errors: ============= Error: (08/19/2019 12:25:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/19/2019 12:25:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/19/2019 12:24:36 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Error: (08/19/2019 11:40:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (08/19/2019 11:38:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (08/19/2019 11:37:58 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OTIH9CI) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/19/2019 11:37:55 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the PACE License Services service, but this action failed with the following error: An instance of the service is already running. Error: (08/19/2019 11:37:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Remediation Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2019-08-19 11:35:40.014 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0 Name: Trojan:VBS/Mountsi.A!ml ID: 2147726485 Severity: Severe Category: Trojan Path: amsi:_C:\Windows\System32\wscript.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: AMSI Process Name: C:\Windows\System32\wscript.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 01:02:47.677 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0 Name: Trojan:VBS/Mountsi.A!ml ID: 2147726485 Severity: Severe Category: Trojan Path: amsi:_C:\Windows\System32\wscript.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: AMSI Process Name: C:\Windows\System32\wscript.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 01:00:40.203 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0 Name: Trojan:VBS/Mountsi.A!ml ID: 2147726485 Severity: Severe Category: Trojan Path: amsi:_C:\Windows\System32\wscript.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: AMSI Process Name: C:\Windows\System32\wscript.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 00:54:26.047 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Generic.SV!ml&threatid=2147739306&enterprise=0 Name: Behavior:Win32/Generic.SV!ml ID: 2147739306 Severity: Severe Category: Suspicious Behavior Path: file:_C:\Wlndows\system32\CPU64.exe; regkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64; runkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64 Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 00:53:55.959 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0 Name: Trojan:Win32/Fuerboos.C!cl ID: 2147723654 Severity: Severe Category: Trojan Path: file:_C:\Wlndows\system32\Desktop-64.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-19 00:27:56.986 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.299.2303.0 Previous Signature Version: 1.299.2298.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.16200.1 Previous Engine Version: 1.1.16200.1 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2019-08-19 00:27:56.986 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.299.2303.0 Previous Signature Version: 1.299.2298.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.16200.1 Previous Engine Version: 1.1.16200.1 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2019-08-18 17:37:12.196 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.2296.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2019-08-18 17:27:08.388 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-18 03:09:39.230 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =================================== Date: 2019-08-18 03:58:19.662 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-18 03:58:19.404 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-18 03:58:19.146 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-18 03:58:18.883 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-17 01:01:12.252 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-17 01:00:41.251 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-17 00:58:24.202 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-08-17 00:58:23.861 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. ==================== Memory info =========================== BIOS: American Megatrends Inc. F8 09/01/2017 Motherboard: Gigabyte Technology Co., Ltd. AX370-Gaming 5 Processor: AMD Ryzen 7 1700 Eight-Core Processor Percentage of memory in use: 18% Total physical RAM: 16332.45 MB Available physical RAM: 13291.25 MB Total Virtual: 18764.45 MB Available Virtual: 14756.6 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.53 GB) (Free:335.74 GB) NTFS Drive d: (New Space) (Fixed) (Total:931.51 GB) (Free:652.27 GB) NTFS Drive e: (New Volume) (Fixed) (Total:111.19 GB) (Free:37.82 GB) NTFS \\?\Volume{a32efc1d-78c8-4d69-9554-243a67203579}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{2bc682b4-f735-407c-8e26-a64599b677ed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{bf261472-0e6a-4017-a399-46a6853c0063}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 \\?\Volume{5e21c628-89f4-43b7-9300-7e1a0d43cbbb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 447.1 GB) (Disk ID: DBE17137) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2AD450F8) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  10. Ok so right after I posted this a command window appeared for a split second. I checked the windows/system32 folder and three files had appeared called. Desktop-64.exe, CPU64.exe and process.exe But after I opened the folder the CPU64.exe file disappeared. I will go through the scan instructions again and provide the logs Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/19/19 Scan Time: 12:46 AM Log File: e5d4af36-c1c6-11e9-a2a8-e0d55e26dd73.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12069 License: Trial -System Information- OS: Windows 10 (Build 17134.950) CPU: x64 File System: NTFS User: DESKTOP-OTIH9CI\Plain Sight -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 338579 Threats Detected: 6 Threats Quarantined: 6 Time Elapsed: 5 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WIN64EX, Quarantined, [10104], [717806],1.0.12069 Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E14E6A90-0CD5-4A77-AF82-5AD343F96678}, Quarantined, [10104], [717806],1.0.12069 Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E14E6A90-0CD5-4A77-AF82-5AD343F96678}, Quarantined, [10104], [717806],1.0.12069 Registry Value: 1 Backdoor.Bladabindi.Generic, HKU\S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|process, Quarantined, [10104], [717806],1.0.12069 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Backdoor.Bladabindi.Generic, C:\WINDOWS\SYSTEM32\TASKS\WIN64EX, Quarantined, [10104], [717806],1.0.12069 Backdoor.Bladabindi.Generic, C:\WLNDOWS\SYSTEM32\PROCESS.EXE, Quarantined, [10104], [717806],1.0.12069 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) I did another scan after and it found more. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/19/19 Scan Time: 12:54 AM Log File: 07794cff-c1c8-11e9-a477-e0d55e26dd73.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12069 License: Trial -System Information- OS: Windows 10 (Build 17134.950) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Cancelled Objects Scanned: 251550 Threats Detected: 6 Threats Quarantined: 6 Time Elapsed: 2 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WIN64EX, Quarantined, [10104], [717806],1.0.12069 Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{84E7D427-AE9C-4D7C-BA03-7D3F6B8A4FC8}, Quarantined, [10104], [717806],1.0.12069 Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{84E7D427-AE9C-4D7C-BA03-7D3F6B8A4FC8}, Quarantined, [10104], [717806],1.0.12069 Registry Value: 1 Backdoor.Bladabindi.Generic, HKU\S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|process, Quarantined, [10104], [717806],1.0.12069 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Backdoor.Bladabindi.Generic, C:\WINDOWS\SYSTEM32\TASKS\WIN64EX, Quarantined, [10104], [717806],1.0.12069 Backdoor.Bladabindi.Generic, C:\WLNDOWS\SYSTEM32\PROCESS.EXE, Quarantined, [10104], [717806],1.0.12069 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-08-13.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-19-2019 # Duration: 00:00:00 # OS: Windows 10 Pro # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1796 octets] - [17/08/2019 13:04:51] AdwCleaner[C00].txt - [1834 octets] - [17/08/2019 13:05:33] AdwCleaner[S01].txt - [1447 octets] - [17/08/2019 13:07:22] AdwCleaner[C01].txt - [1635 octets] - [17/08/2019 13:07:37] AdwCleaner[S02].txt - [1771 octets] - [18/08/2019 03:52:13] AdwCleaner[C02].txt - [1901 octets] - [18/08/2019 03:53:06] AdwCleaner[S03].txt - [1733 octets] - [18/08/2019 16:50:43] AdwCleaner[C03].txt - [1901 octets] - [18/08/2019 16:50:59] AdwCleaner[S04].txt - [1813 octets] - [19/08/2019 00:26:57] AdwCleaner[C04].txt - [2001 octets] - [19/08/2019 00:27:48] AdwCleaner[S05].txt - [1935 octets] - [19/08/2019 00:57:05] AdwCleaner[S06].txt - [1996 octets] - [19/08/2019 00:59:06] AdwCleaner[C06].txt - [2184 octets] - [19/08/2019 00:59:23] AdwCleaner[S07].txt - [2118 octets] - [19/08/2019 01:01:12] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019 Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (19-08-2019 01:03:54) Running from C:\Users\Plain Sight\Desktop Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan) Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] () HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [info] => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed] HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Smart Cleaning] => \ [0 0000-00-00] () HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) GroupPolicy: Restriction - Windows Defender <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {31FE867F-A9E8-42A9-AC75-3945DC277B69} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe) Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software) Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7EDEDA80-3D13-4E30-A7CE-783BEFE9D46D} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.) Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29} - System32\Tasks\infos => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed] Task: {F4DEE80D-4D79-4D0E-A1B6-79F3E1106CBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-14] (Adobe Inc. -> Adobe) Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://soundcloud.com/" CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-18] CHR DownloadDir: D:\DOWNLOADS CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14] CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05] CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14] CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14] CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14] CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14] CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16] CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08] CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-18] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru) S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited) S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project) R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. ) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> ) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.) R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed] S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S1 bntdyoll; \??\C:\WINDOWS\system32\drivers\bntdyoll.sys [X] S1 cfhhvaru; \??\C:\WINDOWS\system32\drivers\cfhhvaru.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-19 01:03 - 2019-08-19 01:04 - 000023834 _____ C:\Users\Plain Sight\Desktop\FRST.txt 2019-08-19 01:02 - 2019-08-19 01:02 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-19 01:02 - 2019-08-19 01:02 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-19 01:02 - 2019-08-19 01:02 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-19 01:02 - 2019-08-19 01:02 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe 2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe 2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso 2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD 2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG 2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk 2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub 2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT 2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe 2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup 2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader 2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro 2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro 2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton 2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) 2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon) 2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser 2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA 2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore 2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner 2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe 2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt 2019-08-18 02:18 - 2019-08-19 01:03 - 000000000 ____D C:\FRST 2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt 2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe 2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam 2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms 2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss 2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt 2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set 2019-08-17 15:29 - 2019-08-18 19:31 - 000004608 _____ C:\Users\Plain Sight\PaceKeyChain 2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP 2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube 2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager 2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache 2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe 2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages 2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation 2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan 2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk 2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol 2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform 2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner 2019-08-17 00:42 - 2019-08-17 00:42 - 000003560 _____ C:\WINDOWS\System32\Tasks\infos 2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows 2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild 2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx 2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube 2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral 2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater 2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll 2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys 2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys 2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat 2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-19 01:04 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA 2019-08-19 01:02 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-19 01:02 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-19 01:01 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-08-19 00:53 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-19 00:53 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-19 00:41 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office 2019-08-19 00:40 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-19 00:36 - 2018-05-31 18:14 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-19 00:36 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-19 00:20 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps 2019-08-18 23:16 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9} 2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther 2019-08-18 17:38 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation 2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-18 03:12 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages 2019-08-18 02:09 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus 2019-08-17 15:32 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom 2019-08-17 15:32 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences 2019-08-17 15:29 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight 2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube 2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys 2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3 2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify 2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify 2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice 2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings 2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-08-17 00:42 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe 2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog 2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer 2019-08-16 20:23 - 2018-09-13 10:44 - 000002840 __RSH C:\ProgramData\ntuser.pol 2019-08-16 13:13 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files 2019-08-16 13:13 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe 2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache 2019-08-15 12:04 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance 2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance 2019-08-15 10:47 - 2019-05-02 14:48 - 000000000 ____D C:\Program Files\Common Files\Celemony 2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH 2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Users\Public\Documents\Adobe 2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Program Files\Common Files\Adobe 2019-08-15 10:46 - 2019-01-12 12:54 - 000003274 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller 2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe 2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects 2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft 2019-08-14 18:38 - 2018-11-28 09:19 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-08-14 15:43 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 __RHD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files 2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter 2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins 2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins 2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl 2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com 2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer 2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk 2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA 2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin ==================== Files in the root of some directories ================ 2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll 2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf 2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf 2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981 2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config 2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition.txt
  11. Malwarebytes Log Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/18/19 Scan Time: 10:52 PM Log File: 0812485c-c1b7-11e9-9565-e0d55e26dd73.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12069 License: Trial -System Information- OS: Windows 10 (Build 17134.950) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 331718 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 3 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Generic.Malware/Suspicious, HKU\S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CPU64, Quarantined, [0], [392686],1.0.12069 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Generic.Malware/Suspicious, C:\WLNDOWS\SYSTEM32\CPU64.EXE, Quarantined, [0], [392686],1.0.12069 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) AdwCleaner Log # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-08-13.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-19-2019 # Duration: 00:00:00 # OS: Windows 10 Pro # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1796 octets] - [17/08/2019 13:04:51] AdwCleaner[C00].txt - [1834 octets] - [17/08/2019 13:05:33] AdwCleaner[S01].txt - [1447 octets] - [17/08/2019 13:07:22] AdwCleaner[C01].txt - [1635 octets] - [17/08/2019 13:07:37] AdwCleaner[S02].txt - [1771 octets] - [18/08/2019 03:52:13] AdwCleaner[C02].txt - [1901 octets] - [18/08/2019 03:53:06] AdwCleaner[S03].txt - [1733 octets] - [18/08/2019 16:50:43] AdwCleaner[C03].txt - [1901 octets] - [18/08/2019 16:50:59] AdwCleaner[S04].txt - [1813 octets] - [19/08/2019 00:26:57] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ########## FRST Log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019 Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (19-08-2019 00:31:55) Running from C:\Users\Plain Sight\Desktop Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan) Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] () HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [info] => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed] HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Smart Cleaning] => \ [0 0000-00-00] () HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [process] => C:\Wlndows\system32\process.exe HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) GroupPolicy: Restriction - Windows Defender <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08A48043-4BA2-4A17-A8EC-4183282F3EE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450752 2019-08-19] (Microsoft Corporation -> Microsoft Corporation) Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {31FE867F-A9E8-42A9-AC75-3945DC277B69} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe) Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software) Task: {5A33F322-C317-4E78-B3D7-DD511D2C7430} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206784 2019-08-19] (Microsoft Corporation -> Microsoft Corporation) Task: {675601DE-10A5-4310-BB29-8A5A392E23BB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [153648 2019-08-19] (Microsoft Corporation -> Microsoft Corporation) Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7EDEDA80-3D13-4E30-A7CE-783BEFE9D46D} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.) Task: {80B1541F-2C06-4545-A9DC-997A8D0E8B04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation) Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {8957BCE1-EED1-4CED-B54B-805AD668F8ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450752 2019-08-19] (Microsoft Corporation -> Microsoft Corporation) Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B66E333F-24EC-49DD-892D-78999771C978} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [153648 2019-08-19] (Microsoft Corporation -> Microsoft Corporation) Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D05824AB-2CCD-4029-BB9B-C40D5EF95966} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [34922040 2019-08-09] (Adlice -> ) Task: {D74F6A27-4B29-4BCD-A8FB-E42E18B0C81D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation) Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E14E6A90-0CD5-4A77-AF82-5AD343F96678} - System32\Tasks\WIN64EX => C:\Wlndows\system32\process.exe Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EBB2455F-7017-435F-B43A-99481EA014E5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206784 2019-08-19] (Microsoft Corporation -> Microsoft Corporation) Task: {EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29} - System32\Tasks\infos => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed] Task: {F4DEE80D-4D79-4D0E-A1B6-79F3E1106CBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-14] (Adobe Inc. -> Adobe) Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://soundcloud.com/" CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-18] CHR DownloadDir: D:\DOWNLOADS CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14] CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05] CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14] CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14] CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14] CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14] CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16] CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08] CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-18] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-08-08] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru) S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited) S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project) R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc) R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. ) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> ) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.) R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-19] (Malwarebytes Corporation -> Malwarebytes) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed] S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S1 bntdyoll; \??\C:\WINDOWS\system32\drivers\bntdyoll.sys [X] S1 cfhhvaru; \??\C:\WINDOWS\system32\drivers\cfhhvaru.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-19 00:31 - 2019-08-19 00:32 - 000028998 _____ C:\Users\Plain Sight\Desktop\FRST.txt 2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe 2019-08-19 00:28 - 2019-08-19 00:28 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-19 00:28 - 2019-08-19 00:28 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-19 00:28 - 2019-08-19 00:28 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-19 00:28 - 2019-08-19 00:28 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe 2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso 2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD 2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG 2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2019-08-18 16:52 - 2019-08-18 18:42 - 000003568 _____ C:\WINDOWS\System32\Tasks\WIN64EX 2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk 2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub 2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT 2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe 2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup 2019-08-18 04:22 - 2019-08-18 04:31 - 000000000 ____D C:\ProgramData\RogueKiller 2019-08-18 04:22 - 2019-08-18 04:22 - 000003168 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware 2019-08-18 04:22 - 2019-08-18 04:22 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2019-08-18 04:22 - 2019-08-18 04:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2019-08-18 04:22 - 2019-08-18 04:22 - 000000000 ____D C:\Program Files\RogueKiller 2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader 2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro 2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro 2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton 2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton 2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) 2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon) 2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser 2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA 2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore 2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner 2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe 2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt 2019-08-18 02:18 - 2019-08-19 00:31 - 000000000 ____D C:\FRST 2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt 2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe 2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray 2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam 2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms 2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss 2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt 2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set 2019-08-17 15:29 - 2019-08-18 19:31 - 000004608 _____ C:\Users\Plain Sight\PaceKeyChain 2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP 2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube 2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk 2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager 2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache 2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF 2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe 2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages 2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation 2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe 2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan 2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk 2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol 2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google 2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform 2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner 2019-08-17 00:42 - 2019-08-17 00:42 - 000003560 _____ C:\WINDOWS\System32\Tasks\infos 2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows 2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild 2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx 2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube 2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral 2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central 2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater 2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll 2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll 2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll 2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll 2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll 2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll 2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll 2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys 2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys 2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll 2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat 2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-19 00:30 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA 2019-08-19 00:28 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-19 00:28 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-19 00:28 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-08-19 00:23 - 2018-05-31 18:14 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-08-19 00:23 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-19 00:21 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office 2019-08-19 00:21 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-19 00:20 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps 2019-08-19 00:01 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-18 23:16 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9} 2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther 2019-08-18 17:38 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation 2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-18 03:12 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages 2019-08-18 02:09 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus 2019-08-17 15:32 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom 2019-08-17 15:32 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences 2019-08-17 15:29 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight 2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube 2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys 2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3 2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify 2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify 2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice 2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings 2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-08-17 00:42 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe 2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog 2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer 2019-08-16 20:23 - 2018-09-13 10:44 - 000002840 __RSH C:\ProgramData\ntuser.pol 2019-08-16 13:13 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files 2019-08-16 13:13 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe 2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache 2019-08-15 12:04 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance 2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance 2019-08-15 10:47 - 2019-05-02 14:48 - 000000000 ____D C:\Program Files\Common Files\Celemony 2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH 2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Users\Public\Documents\Adobe 2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Program Files\Common Files\Adobe 2019-08-15 10:46 - 2019-01-12 12:54 - 000003274 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller 2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe 2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects 2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft 2019-08-14 18:38 - 2018-11-28 09:19 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-08-14 15:43 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 __RHD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files 2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter 2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter 2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins 2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins 2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl 2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com 2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer 2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk 2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA 2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin ==================== Files in the root of some directories ================ 2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll 2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf 2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf 2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981 2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config 2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition.txt
  12. I have multiple threats that keep coming back after they have been removed. I have used Malwarebytes, Adwcleaner and hitman pro yet the trojans always come back. They are making my computer lag a lot and when I open task manager to check the processes it instantly closes. I've also found that when I'm signed in as another user (Not admin) the computer runs like there's nothing wrong and I can access the task manager. The trojans are called CPU64.exe process.exe and desktop-64.exe which I later found were mining trojans. any help would be much appreciated as I use this computer for work daily.
  13. So, I have multiple threats that keep coming back after they have been removed. It's always backdoor. bladabindis. I have used Malwarebytes, Adwcleaner and hitman pro yet they always come back. I've even tried this in safe mode yet the same thing happens. They are making my computer lag quite a lot and when I open task manager to check the processes it instantly closes. I've also found that when I'm signed in as another user (Not admin) the computer runs like there's nothing wrong and I can access the task manager. Hitman pro told me that the three main malware viruses were CPU64.exe process.exe and desktop-64.exe which I later found were mining trojans. any help would be much appreciated as I use this computer for work daily. Kind regards, Aidan.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.