Jump to content
DoucheMcBaggins

Powershell shortcut disguised as video file

Recommended Posts

Posted (edited)

Tried opening a video, only realising afterwards that it was a powershell shortcut. MalwareBytes isn't detecting anything but Task Manager shows a program called Hidden Start with C:\ProgramData\{07942618-BD98-47FA-BB01-A7DDC1FEC6B0} as its location.

I deleted the shortcut but I do have this shortbit link that was in the file target.

http://shortbit.xyz/psp

 

Edited by tetonbob
munged link

Share this post


Link to post
Share on other sites

Can't see an edit button for my post but I forgot to mention that the folder in ProgramData doesn't actually show up, even with hidden files and folders enabled.

Share this post


Link to post
Share on other sites
Posted (edited)

The script is complex and has has a data stealing payload which is not presently detected by MBAM but, has been submitted in;  PowerShell Script Payload - Megumin & AZORult

 

PING @nasdaq

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

I PING'd nasdaq to help you remove any malware on your system.  My submission of the actual binaries may be used to help others.  The details of the post may/may not assist nasdaq  with some pointers.  As a data stealing payload, the first objective would be to reset passwords with a new strong password for any accounts used or accessed with the PC in question.

Indications are it tries to harvest/steal...

  • Bitcoin and Crypto Currency Wallets & information
  • Browser information (history, passwords, etc)    
  • ftp login credentials    
  • Instant Messenger and Email credentials ( accounts and/or passwords )
  • Personal documents
  • Internet Explorer cookies

 

Share this post


Link to post
Share on other sites

Will I need to worry about it grabbing the new passwords or would that only be possible if I set my browser to remember them?

Share this post


Link to post
Share on other sites
Posted (edited)

First get the assistance in getting any/all malware removed from the system.  However, the trojans harvest data that is on the PC.  Not the information changed on a web site.  So if a password is stored in a Browser, it is safe to change that password on the web site but do NOT store it in the Browser until the system is cleaned.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

Hi,

Lets see what I can do to help.

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Wait for further instructions
====

Share this post


Link to post
Share on other sites

RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : LeonM [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190603_120845, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/06/03 17:43:15 (Duration : 00:23:49)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] KMS-R@1n.exe (3432) -- C:\Windows\KMS-R@1n.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] KMS-R@1n (3432) -- C:\Windows\KMS-R@1n.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \Scheduled Updater - {07942618-bd98-47fa-bb01-a7ddc1fec6b0} -- C:\ProgramData\{07942618-BD98-47FA-BB01-A7DDC1FEC6B0}\SystemSettings.exe -> Found
[Suspicious.Path (Potentially Malicious)] \SystemMaintanceService -- C:\Users\LeonM\AppData\Roaming\Star.Wars.Battlefront.II.Classic.v1.1.REPACK\zsetgsar.exe [/upgradeid=f561932c-0bef-41b9-9289-b7d5c099b86b] -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2322255856-1445579512-3484448224-1001\Software\ProductSetup -- N/A -> Found
>>>>>> O23 - Services
  [PUP.HackTool (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n -- C:\Windows\KMS-R@1n.exe -> Found
>>>>>> O87 - Firewall
  [PUP.HackTool (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3954CDCC-E875-4F33-B9C2-40164143C151} -- v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| (C:\Windows\KMS-R@1n.exe) -> Found
  [PUP.HackTool (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{92F37B89-81E5-4F4C-B99C-D7BE91E0EDCD} -- v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| (C:\Windows\KMS-R@1n.exe) -> Found
>>>>>> XX - System Policies
  [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] (file) KMS-R@1n.exe -- C:\Windows\KMS-R@1n.exe -> Found
[PUP.HackTool (Potentially Malicious)] (file) SECOH-QAD.exe -- C:\Windows\SECOH-QAD.exe -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) PackageAware -- C:\Users\LeonM\AppData\Local\PackageAware -> Found
[PUP.ByteFence|PUP.Gen1 (Potentially Malicious)] (folder) ByteFence -- C:\ProgramData\ByteFence -> Found
[PUP.HackTool (Potentially Malicious)] (folder) KMSpico -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Found
[PUP.HackTool (Potentially Malicious)] (folder) KMSpico -- C:\Program Files\KMSpico -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2019
Ran by LeonM (administrator) on LEON-PC (Micro-Star International Co., Ltd MS-7A34) (03-06-2019 19:10:33)
Running from C:\Users\LeonM\Desktop
Loaded Profiles: LeonM (Available Profiles: LeonM)
Platform: Windows 10 Pro Version 1803 17134.766 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\FlightSupport\FlightSupport.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [FlightSupport] => C:\Program Files\Logitech\FlightSupport\FlightSupport.exe [362616 2017-05-17] (Logitech Inc -> Logitech)
HKLM\...\Run: [X52] => C:\Program Files\Logitech\X52\X52_Profiler.exe [17408 2017-05-17] (Logitech) [File not signed]
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456328 2017-06-07] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [392240 2018-11-23] (Corsair Components, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-05-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [1427848 2019-04-10] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc) [File not signed]
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1820352 2019-04-19] (SoundSwitch -> SoundSwitch)
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3933296 2019-03-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\LeonM\Desktop\INVENT~1.SCR
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2019-05-02]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054BC319-EB25-42F8-9985-C5A740BFB47F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1224EFA6-7D0A-4763-A2F8-29E8655F4BE3} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-04-10] (Nota Inc. -> Nota Inc.)
Task: {13501EBB-43F9-4821-9395-1F5423C4D8A4} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33971256 2019-05-22] (Adlice -> )
Task: {14575FF2-D294-4405-9227-0DF3F288EA29} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702504 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {19BEFE2E-A665-44D5-87E9-B8D55021AA94} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572456 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {204DD6E1-6DB2-4A04-BF58-816E80DD6AA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {20B5B2C1-6108-48A8-AED7-A9F72FD3626E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {244C0A1C-90E3-40A7-B906-5C1D7FA61774} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2CA728FA-BFBC-40EC-8805-6DFBE65A5A6E} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E894152-B907-459F-A103-ADFC031CD8A5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-05-16] (AVAST Software s.r.o. -> AVAST Software)
Task: {3D18883B-2EF3-44E4-82BC-06FC5630256D} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-04-10] (Nota Inc. -> Nota Inc.)
Task: {40E78899-8A55-4CF2-9402-A5E83A5469EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {4643E492-39A9-4B92-BC87-18F7979402C1} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 => {429BC048-379E-45E0-80E4-EB1977941B5C} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {500A6521-888C-4589-BD8D-CD9AF4CB43D3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {50DE6B25-98BC-40DF-9B5D-F77F075C007C} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [72328 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {62573B62-C559-4528-9136-AA80E1ABCD40} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 => {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {65087063-A2DD-4BF6-B11B-A30FF252E555} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {750BD6CA-6B6A-4E27-AFB7-D0BDDAB2EEAC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7D361F01-8EE8-4F04-9D48-DE967596B2E2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8057BAF3-8C25-4BEA-9BF3-4748D69AEF95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-10-04] (Google Inc -> Google Inc.)
Task: {83795B87-BDC9-4F80-A96D-48ED113712D9} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical => {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {85B67656-A53E-4DDD-8676-F3558AFCDE29} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {94B9393E-E407-4C7C-99D7-EA930A4093D5} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {9C4F4ACB-5122-40E1-9D7E-99555BC2F2C1} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical => {613FBA38-A3DF-4AB8-9674-5604984A299A} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29360 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D846470-5439-47D9-9045-9ACBDB625265} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [29305736 2018-10-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9F99298A-635D-4656-97C9-730657B6383B} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [855 2018-10-01] () [File not signed]
Task: {A3337E02-50C7-4E63-87AC-E92087DEB6CF} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {A8B0ADBC-DD56-4EC2-A7B0-12E5D5FA1A59} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A910B6BE-4EC6-415B-ACE6-06C1DDE522D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {BD1A2573-3AF5-42C1-AA1D-D45AEEB8FA4A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BEB8CC8D-233A-4C83-9A93-63E15F96AE44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-10-04] (Google Inc -> Google Inc.)
Task: {C4FE69E3-3735-4D89-B789-89CDBA85E9C8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D38B8AF3-7E2C-4C39-8D42-D4DE10697F3A} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {E532516E-9E10-4D9D-BFAB-886E2DFAF37F} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [855 2018-10-01] () [File not signed]
Task: {EDE2722B-B49B-4484-9927-BDB2B47F3A07} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724328 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F5111CFB-48B6-4D4B-9F02-C075EA078A4F} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{286395b6-8942-4ad9-b841-1db84e74d0e8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2322255856-1445579512-3484448224-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-26] (Oracle America, Inc. -> Oracle Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default [2019-06-03]
CHR Extension: (Slides) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-04]
CHR Extension: (YouTube) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-04]
CHR Extension: (Improve YouTube! (Open-Source for YouTube)) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2019-05-26]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2019-02-26]
CHR Extension: (uBlock Origin) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-05-24]
CHR Extension: (Sheets) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2019-01-06]
CHR Extension: (WebSID - Commodore 64 synthesizer) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegajffeckfifipchbbnibbgncjpcjio [2018-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Social Fixer for Facebook) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2019-06-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-06-03]
CHR Extension: (Simple Material Theme) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnphgdednjnpcoeamekbogoblkdajep [2018-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\LeonM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-04-07] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-01-05] (BitRaider LLC -> BitRaider, LLC)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [47664 2018-11-23] (Corsair Components, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2019-01-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11457840 2019-06-03] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-02-01] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-02-01] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2018-09-15] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [512816 2019-06-03] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [152480 2019-02-21] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24288 2018-10-02] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31704 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2018-10-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [312480 2018-07-19] (Tages SA -> )
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2019-02-04] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [46944 2018-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [23392 2018-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz148; C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [44832 2019-06-03] (CPUID S.A.R.L.U. -> CPUID)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Power Technology -> Windows (R) Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2017-06-19] (Power Technology -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [97936 2018-01-09] (Focusrite Audio Engineering Ltd. -> Focusrite Audio Engineering Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc -> Logitech Inc.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43168 2018-07-19] (Tages SA -> )
R3 LSaiMini; C:\WINDOWS\System32\drivers\LSaiMini.sys [20720 2017-05-17] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
R3 LSaiNtBus; C:\WINDOWS\system32\drivers\LSaiBus.sys [60336 2017-05-17] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9c0cfd0baad9a756\nvlddmkm.sys [20736440 2019-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
S3 SaiK0255; C:\WINDOWS\system32\DRIVERS\SaiK0255.sys [217408 2017-05-17] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 SaiU0255; C:\WINDOWS\system32\DRIVERS\SaiU0255.sys [24816 2017-05-17] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46776 2018-12-21] (SteelSeries ApS -> )
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48032 2018-12-21] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-06-03] (Adlice -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-03 19:10 - 2019-06-03 19:12 - 000034953 _____ C:\Users\LeonM\Desktop\FRST.txt
2019-06-03 19:10 - 2019-06-03 19:10 - 000000000 ____D C:\FRST
2019-06-03 19:09 - 2019-06-03 19:09 - 002433536 _____ (Farbar) C:\Users\LeonM\Desktop\FRST64.exe
2019-06-03 19:07 - 2019-06-03 19:07 - 000006972 _____ C:\Users\LeonM\Downloads\ReportRogue.txt
2019-06-03 17:43 - 2019-06-03 17:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-06-03 17:42 - 2019-06-03 17:43 - 000000000 ____D C:\ProgramData\RogueKiller
2019-06-03 17:42 - 2019-06-03 17:42 - 000003136 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-06-03 17:41 - 2019-06-03 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-03 17:41 - 2019-06-03 17:41 - 000000000 ____D C:\Program Files\RogueKiller
2019-06-03 05:00 - 2019-06-03 05:00 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\AVAST Software
2019-06-03 05:00 - 2019-06-03 05:00 - 000000000 ____D C:\Users\LeonM\AppData\Local\AVAST Software
2019-06-03 04:56 - 2019-06-03 17:30 - 000225608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa24c484be74624a3.tmp
2019-06-03 04:56 - 2019-06-03 04:57 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw615a1e3b769e4c6d.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw750e03971f4d6b0e.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-06-03 04:56 - 2019-06-03 04:55 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw514e7df4fb735b37.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000225096 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys.155957944446801
2019-06-03 04:56 - 2019-06-03 04:55 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw0fa8b3b627e0170f.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6de0449fa399f629.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswcde1b4f82566246e.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfbd3bbf2f63699ff.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa21a186922b6a1b7.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa0138ccbca99031b.tmp
2019-06-03 04:56 - 2019-06-03 04:55 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswcce30048ef2773ea.tmp
2019-06-03 04:56 - 2019-06-03 04:54 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw77bf1d103c1b2b69.tmp
2019-06-03 04:56 - 2019-06-03 04:54 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7833afce8b257f78.tmp
2019-06-03 04:56 - 2019-06-03 04:54 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf181e56e2814467c.tmp
2019-06-03 04:56 - 2019-06-03 04:54 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw84b656017aed7106.tmp
2019-06-03 04:55 - 2019-06-03 04:55 - 000000016 _____ C:\spyhunter.fix
2019-06-03 04:54 - 2019-06-03 04:54 - 000000000 ____D C:\Program Files\AVAST Software
2019-06-03 04:48 - 2019-06-03 04:48 - 000000000 ___HD C:\uBUwMiKz7RzCKrMm
2019-06-03 04:27 - 2019-06-03 04:27 - 000000218 _____ C:\Users\LeonM\AppData\Local\recently-used.xbel
2019-06-03 03:58 - 2019-06-03 04:02 - 000001979 _____ C:\Users\LeonM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LuteBot.lnk
2019-06-03 03:57 - 2019-06-03 03:58 - 000000000 ____D C:\Users\LeonM\Documents\Lutebot 2.0 Final
2019-06-03 02:43 - 2019-06-03 02:43 - 000000000 ____D C:\sh5ldr
2019-06-03 02:43 - 2019-06-03 02:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-06-03 02:43 - 2019-06-03 02:43 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-06-03 02:43 - 2019-06-03 02:43 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-06-03 02:24 - 2019-06-03 02:24 - 000003806 _____ C:\Users\LeonM\Documents\cc_20190603_022404.reg
2019-06-03 01:09 - 2019-06-03 01:09 - 000000000 ____D C:\WINDOWS\pss
2019-06-03 00:22 - 2019-06-03 00:22 - 000254226 _____ C:\Users\LeonM\Documents\cc_20190603_002233.reg
2019-06-02 23:25 - 2019-06-02 23:25 - 001799680 _____ (NTWind Software) C:\Users\Public\lcqk.exe
2019-06-02 23:25 - 2019-06-02 23:25 - 000000000 __SHD C:\ProgramData\{07942618-BD98-47FA-BB01-A7DDC1FEC6B0}
2019-06-01 13:46 - 2019-06-01 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
2019-06-01 13:46 - 2019-06-01 13:46 - 000000000 ____D C:\BOSS
2019-05-31 22:52 - 2019-05-31 22:52 - 000070416 _____ C:\Users\LeonM\Documents\foo_dsp_soundtouch.zip
2019-05-31 22:04 - 2019-05-31 22:05 - 000000000 ____D C:\Users\LeonM\Downloads\D2 audio
2019-05-31 01:26 - 2019-05-31 22:08 - 000000000 ____D C:\Users\LeonM\Documents\Notification Sounds
2019-05-30 00:14 - 2019-05-30 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Destiny 2
2019-05-29 22:32 - 2019-05-30 00:14 - 000000000 ____D C:\Program Files (x86)\Destiny 2
2019-05-29 22:30 - 2019-05-29 22:30 - 000000000 ____D C:\Users\LeonM\AppData\Local\.IdentityService
2019-05-29 20:51 - 2019-05-29 20:51 - 000000000 ____D C:\Users\LeonM\Documents\ffmpeg-win-2.2.2
2019-05-29 14:54 - 2019-05-29 15:18 - 000002092 _____ C:\Users\Public\Desktop\The Witcher.lnk
2019-05-29 14:54 - 2019-05-29 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Rise of the White Wolf
2019-05-29 14:49 - 2019-05-29 14:49 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\CD Projekt RED
2019-05-29 14:48 - 2019-05-29 15:05 - 000000000 ____D C:\Users\LeonM\Documents\Witcher 1 Mods
2019-05-23 20:10 - 2019-05-23 20:20 - 000000000 ____D C:\Users\LeonM\AppData\Local\AdiIRC
2019-05-23 20:10 - 2019-05-23 20:10 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdiIRC
2019-05-23 20:10 - 2019-05-23 20:10 - 000000000 ____D C:\Program Files\AdiIRC
2019-05-23 12:40 - 2019-05-17 13:10 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-23 12:40 - 2019-05-17 10:16 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-23 12:40 - 2019-05-17 09:12 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-23 12:40 - 2019-05-17 07:49 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-23 12:40 - 2019-05-17 07:43 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-23 12:40 - 2019-05-17 07:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-23 12:40 - 2019-05-17 07:42 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-23 12:40 - 2019-05-17 07:41 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-23 12:40 - 2019-05-17 07:41 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-23 12:40 - 2019-05-17 07:41 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-23 12:40 - 2019-05-17 07:39 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-23 12:40 - 2019-05-17 07:39 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-23 12:40 - 2019-05-17 07:39 - 002768952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-23 12:40 - 2019-05-17 07:39 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-23 12:40 - 2019-05-17 07:39 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-23 12:40 - 2019-05-17 07:39 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-23 12:40 - 2019-05-17 07:39 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-23 12:40 - 2019-05-17 07:39 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-23 12:40 - 2019-05-17 07:22 - 006568016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-23 12:40 - 2019-05-17 07:22 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-23 12:40 - 2019-05-17 07:21 - 001130784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-23 12:40 - 2019-05-17 07:07 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-23 12:40 - 2019-05-17 07:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-23 12:40 - 2019-05-17 07:06 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-23 12:40 - 2019-05-17 07:04 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-23 12:40 - 2019-05-17 07:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-23 12:40 - 2019-05-17 07:04 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-23 12:40 - 2019-05-17 07:03 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-23 12:40 - 2019-05-17 07:03 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-23 12:40 - 2019-05-17 07:03 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-23 12:40 - 2019-05-17 07:03 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-23 12:40 - 2019-05-17 07:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-23 12:40 - 2019-05-17 07:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-23 12:40 - 2019-05-17 07:00 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-23 12:40 - 2019-05-17 06:59 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-23 12:40 - 2019-05-17 06:57 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-23 12:40 - 2019-05-17 05:44 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-16 11:16 - 2019-05-16 11:16 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-05-16 11:16 - 2019-05-16 11:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-16 11:15 - 2019-05-16 11:15 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-05-16 11:14 - 2019-06-03 04:53 - 000000000 ____D C:\ProgramData\AVAST Software
2019-05-15 12:55 - 2019-05-03 13:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 12:55 - 2019-05-03 12:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 12:55 - 2019-05-03 12:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 12:55 - 2019-05-03 12:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 12:55 - 2019-05-03 12:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 12:55 - 2019-05-03 07:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 12:55 - 2019-05-03 07:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 12:55 - 2019-05-03 07:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 12:55 - 2019-05-03 07:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 12:55 - 2019-05-03 07:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 12:55 - 2019-05-03 07:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 12:55 - 2019-05-03 07:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 12:55 - 2019-05-03 07:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 12:55 - 2019-05-03 07:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 12:55 - 2019-05-03 07:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 12:55 - 2019-05-03 06:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 12:55 - 2019-05-03 06:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 12:55 - 2019-05-03 06:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 12:55 - 2019-05-03 06:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 12:55 - 2019-05-03 06:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-15 12:55 - 2019-05-03 06:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 12:55 - 2019-05-03 06:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 12:55 - 2019-05-03 06:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 12:55 - 2019-05-03 06:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 12:55 - 2019-05-03 06:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 12:55 - 2019-05-03 06:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 12:55 - 2019-05-03 06:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 12:55 - 2019-05-03 06:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 12:55 - 2019-04-19 11:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-15 12:55 - 2019-04-19 11:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-15 12:55 - 2019-04-19 10:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-15 12:55 - 2019-04-19 10:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-15 12:55 - 2019-04-19 06:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-15 12:55 - 2019-04-19 06:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-15 12:55 - 2019-04-19 06:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-15 12:55 - 2019-04-19 06:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-15 12:55 - 2019-04-19 05:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-15 12:55 - 2019-04-19 05:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-15 12:55 - 2019-04-19 05:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-15 12:55 - 2019-04-19 05:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-15 12:55 - 2019-04-19 05:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-15 12:55 - 2019-04-19 05:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-15 12:55 - 2019-04-19 05:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-15 12:55 - 2019-04-19 05:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-15 12:55 - 2019-04-19 05:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-15 12:55 - 2019-04-19 05:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-15 12:55 - 2019-04-09 02:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 12:54 - 2019-05-03 13:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 12:54 - 2019-05-03 13:14 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-15 12:54 - 2019-05-03 13:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-15 12:54 - 2019-05-03 12:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 12:54 - 2019-05-03 12:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 12:54 - 2019-05-03 12:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 12:54 - 2019-05-03 12:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 12:54 - 2019-05-03 12:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 12:54 - 2019-05-03 12:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 12:54 - 2019-05-03 12:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 12:54 - 2019-05-03 12:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 12:54 - 2019-05-03 12:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-15 12:54 - 2019-05-03 12:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 12:54 - 2019-05-03 12:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 12:54 - 2019-05-03 12:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 12:54 - 2019-05-03 12:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 12:54 - 2019-05-03 12:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 12:54 - 2019-05-03 12:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 12:54 - 2019-05-03 07:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 12:54 - 2019-05-03 07:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 12:54 - 2019-05-03 07:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-15 12:54 - 2019-05-03 07:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 12:54 - 2019-05-03 07:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-15 12:54 - 2019-05-03 07:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 12:54 - 2019-05-03 07:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 12:54 - 2019-05-03 07:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 12:54 - 2019-05-03 07:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 12:54 - 2019-05-03 07:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 12:54 - 2019-05-03 07:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 12:54 - 2019-05-03 07:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 12:54 - 2019-05-03 07:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-15 12:54 - 2019-05-03 07:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 12:54 - 2019-05-03 07:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 12:54 - 2019-05-03 07:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 12:54 - 2019-05-03 07:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 12:54 - 2019-05-03 07:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 12:54 - 2019-05-03 07:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 12:54 - 2019-05-03 07:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 12:54 - 2019-05-03 07:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 12:54 - 2019-05-03 07:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-15 12:54 - 2019-05-03 06:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 12:54 - 2019-05-03 06:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 12:54 - 2019-05-03 06:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 12:54 - 2019-05-03 06:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 12:54 - 2019-05-03 06:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-15 12:54 - 2019-05-03 06:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-15 12:54 - 2019-05-03 06:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-15 12:54 - 2019-05-03 06:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-15 12:54 - 2019-05-03 06:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 12:54 - 2019-05-03 06:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-15 12:54 - 2019-05-03 06:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 12:54 - 2019-05-03 06:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-15 12:54 - 2019-05-03 06:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-15 12:54 - 2019-05-03 06:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 12:54 - 2019-05-03 06:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-15 12:54 - 2019-05-03 06:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 12:54 - 2019-05-03 06:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 12:54 - 2019-05-03 06:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 12:54 - 2019-05-03 06:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 12:54 - 2019-05-03 06:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 12:54 - 2019-04-19 11:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-15 12:54 - 2019-04-19 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-15 12:54 - 2019-04-19 11:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-15 12:54 - 2019-04-19 11:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-15 12:54 - 2019-04-19 11:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-15 12:54 - 2019-04-19 11:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-15 12:54 - 2019-04-19 10:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-15 12:54 - 2019-04-19 10:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-15 12:54 - 2019-04-19 10:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-15 12:54 - 2019-04-19 10:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-15 12:54 - 2019-04-19 06:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-15 12:54 - 2019-04-19 06:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-15 12:54 - 2019-04-19 06:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-15 12:54 - 2019-04-19 06:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-15 12:54 - 2019-04-19 06:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-15 12:54 - 2019-04-19 06:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-15 12:54 - 2019-04-19 06:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-15 12:54 - 2019-04-19 05:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-15 12:54 - 2019-04-19 05:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-15 12:54 - 2019-04-19 05:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-15 12:54 - 2019-04-19 05:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-15 12:54 - 2019-04-19 05:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-15 12:54 - 2019-04-19 05:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-15 12:54 - 2019-04-19 05:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-15 12:54 - 2019-04-19 05:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-15 12:54 - 2019-04-19 05:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-15 12:54 - 2019-04-19 05:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-15 12:54 - 2019-04-19 05:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-15 12:54 - 2019-04-19 05:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-15 12:54 - 2019-04-19 05:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-15 12:54 - 2019-04-19 05:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-15 12:54 - 2019-04-19 05:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-15 12:54 - 2019-04-19 05:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-15 12:54 - 2019-04-19 05:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-15 12:54 - 2019-04-19 05:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-15 12:54 - 2019-04-19 05:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-15 12:54 - 2019-04-19 05:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-15 12:54 - 2019-04-19 05:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-15 12:54 - 2019-04-19 05:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-15 12:54 - 2019-04-19 05:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-15 12:54 - 2019-04-19 05:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-15 12:54 - 2019-04-19 05:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-15 12:54 - 2019-04-19 05:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-15 12:54 - 2019-04-19 05:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-15 12:54 - 2019-04-19 05:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-15 12:54 - 2019-04-19 05:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-15 12:54 - 2019-04-19 05:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-15 12:54 - 2019-04-19 05:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-15 12:54 - 2019-04-19 05:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-15 12:54 - 2019-04-19 05:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-15 12:54 - 2019-04-19 05:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-15 12:54 - 2019-04-19 05:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-15 12:54 - 2019-04-19 05:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-15 12:54 - 2019-04-19 05:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-15 12:54 - 2019-04-19 05:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-15 12:54 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-15 12:54 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-15 12:54 - 2019-04-09 02:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 12:54 - 2019-04-09 02:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 12:54 - 2019-04-09 02:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 12:54 - 2019-04-09 02:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-12 21:42 - 2019-05-12 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite Audio Engineering Ltd
2019-05-12 21:42 - 2019-05-12 21:42 - 000000000 ____D C:\Program Files\FocusriteUSB
2019-05-12 21:42 - 2018-01-09 15:28 - 001805304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2019-05-12 21:42 - 2018-01-09 15:28 - 000097936 _____ (Focusrite Audio Engineering Ltd.) C:\WINDOWS\system32\Drivers\FocusriteUSBSwRoot.sys
2019-05-12 13:03 - 2019-05-12 13:03 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\SoundSwitch
2019-05-12 13:03 - 2019-05-12 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundSwitch
2019-05-12 13:03 - 2019-05-12 13:03 - 000000000 ____D C:\Program Files\SoundSwitch
2019-05-11 06:48 - 2019-05-11 07:21 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\Cycling '74
2019-05-11 06:48 - 2019-05-11 06:48 - 000000000 ____D C:\Users\LeonM\Documents\Max 8
2019-05-11 06:48 - 2019-05-11 06:48 - 000000000 ____D C:\ProgramData\Max 8
2019-05-11 06:47 - 2019-05-11 06:47 - 000000000 ____D C:\Users\LeonM\Documents\Ableton
2019-05-11 06:47 - 2019-05-11 06:47 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\Ableton
2019-05-11 06:47 - 2019-05-11 06:47 - 000000000 ____D C:\Users\LeonM\AppData\Local\Ableton
2019-05-11 06:27 - 2019-05-11 07:22 - 000000000 ____D C:\ProgramData\Ableton
2019-05-11 06:26 - 2019-05-11 06:26 - 000000871 _____ C:\Users\LeonM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk
2019-05-11 06:17 - 2019-05-11 06:17 - 000000000 ____D C:\Users\LeonM\AppData\LocalLow\Apple Computer
2019-05-11 06:16 - 2019-05-11 06:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2019-05-11 06:16 - 2012-08-29 13:23 - 012708016 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_def.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 012474544 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_core.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 009917616 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_intel_thread.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 009410736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4m.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 009210032 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 009078960 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4p.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 009033904 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_p4m3.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 006944944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_core.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 003868848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mkl_intel_thread.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 000530608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libiomp5md.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 000529072 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\msvcp71.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 000354480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2019-05-11 06:16 - 2012-08-29 13:23 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\msvcr71.dll
2019-05-11 06:15 - 2019-05-11 06:16 - 000000000 ____D C:\Program Files (x86)\IK Multimedia
2019-05-11 06:15 - 2019-05-11 06:15 - 000000000 ____D C:\Users\LeonM\Documents\IK Multimedia
2019-05-11 06:15 - 2019-05-11 06:15 - 000000000 ____D C:\Program Files\VstPlugIns
2019-05-11 06:13 - 2012-10-19 00:00 - 000596174 _____ C:\Users\LeonM\Documents\AmpliTube_3_Unlocker_101.exe
2019-05-11 06:09 - 2019-05-11 06:09 - 000000000 __HDC C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
2019-05-11 06:07 - 2019-05-11 06:07 - 000000000 __HDC C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2019-05-11 06:07 - 2019-05-11 06:07 - 000000000 __HDC C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}
2019-05-11 06:06 - 2019-05-11 06:06 - 000000000 __HDC C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2019-05-11 06:06 - 2019-05-11 06:06 - 000000000 __HDC C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}
2019-05-11 06:05 - 2019-05-11 06:05 - 000000000 __HDC C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2019-05-05 14:59 - 2019-05-05 14:59 - 000000000 ____D C:\ProgramData\BlueStacksSetup

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-03 19:06 - 2018-05-15 23:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-03 17:41 - 2019-04-09 15:47 - 000000000 ____D C:\Users\LeonM\AppData\Local\Pushbullet
2019-06-03 17:33 - 2018-03-25 19:15 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-03 17:30 - 2017-10-17 04:14 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-03 10:56 - 2017-10-04 21:49 - 000000000 ____D C:\Users\LeonM\AppData\Local\CrashDumps
2019-06-03 04:56 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-03 04:26 - 2018-01-27 23:50 - 000000000 ____D C:\Users\LeonM\AppData\LocalLow\Mozilla
2019-06-03 02:11 - 2018-07-23 17:19 - 000000000 ____D C:\Users\LeonM\AppData\Local\TSVNCache
2019-06-03 02:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-03 02:09 - 2018-10-01 18:02 - 000003314 _____ C:\WINDOWS\System32\Tasks\IORRT
2019-06-03 02:07 - 2018-05-16 00:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-03 01:44 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-03 01:43 - 2017-10-12 12:23 - 000000000 ____D C:\Users\LeonM\AppData\Local\ElevatedDiagnostics
2019-06-03 01:41 - 2019-02-24 22:34 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-06-03 01:09 - 2018-05-16 00:00 - 000000000 ____D C:\Users\LeonM
2019-06-03 00:53 - 2017-10-05 11:01 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-03 00:53 - 2017-10-05 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-03 00:53 - 2017-10-05 11:01 - 000000000 ____D C:\Program Files\WinRAR
2019-06-03 00:52 - 2017-10-08 12:27 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\foobar2000
2019-06-03 00:44 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-03 00:14 - 2018-07-23 18:26 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\TakeOwnershipEx
2019-06-02 23:24 - 2017-10-05 10:51 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\deluge
2019-06-02 06:06 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-02 05:59 - 2018-10-30 12:35 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\vlc
2019-06-01 13:55 - 2017-10-04 21:54 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-01 13:52 - 2018-08-24 20:32 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2019-06-01 13:52 - 2018-08-24 20:32 - 000000000 ____D C:\Program Files (x86)\LOOT
2019-06-01 13:51 - 2017-10-06 14:51 - 000000000 ____D C:\Users\LeonM\AppData\Local\LOOT
2019-06-01 11:01 - 2017-10-05 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager
2019-05-31 21:05 - 2018-05-19 13:05 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\audacity
2019-05-31 20:53 - 2019-01-17 17:35 - 000000000 ____D C:\Users\LeonM\Documents\GinsorD2AudioTool_v1.1_20181121
2019-05-30 14:06 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-30 13:28 - 2018-09-22 08:45 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-30 13:25 - 2018-09-22 08:46 - 000000000 ____D C:\Users\LeonM\AppData\Local\Battle.net
2019-05-29 22:32 - 2017-11-28 21:56 - 000000000 ____D C:\Users\LeonM\AppData\Local\Blizzard Entertainment
2019-05-29 22:32 - 2017-11-28 21:55 - 000000000 ____D C:\Users\LeonM\AppData\Local\Blizzard
2019-05-29 15:15 - 2017-11-11 11:33 - 000000000 ____D C:\Users\LeonM\AppData\Local\The Witcher
2019-05-29 14:52 - 2017-12-02 12:58 - 000000000 ____D C:\Users\LeonM\AppData\Local\Packages
2019-05-27 17:41 - 2017-11-10 18:50 - 000000000 ____D C:\Users\LeonM\Documents\The Witcher 3
2019-05-26 23:33 - 2018-05-06 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-05-26 23:33 - 2018-05-06 22:35 - 000000000 ____D C:\Program Files (x86)\Java
2019-05-26 23:31 - 2018-05-06 22:35 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-05-24 23:15 - 2019-02-20 20:17 - 000001200 _____ C:\Users\Public\Desktop\Ace Combat 7 - Skies Unknown.lnk
2019-05-24 23:15 - 2019-02-04 10:25 - 000001212 _____ C:\Users\Public\Desktop\Mass Effect Andromeda.lnk
2019-05-24 23:15 - 2019-02-01 07:50 - 000000976 _____ C:\Users\Public\Desktop\Star Wars Battlefront II (2017).lnk
2019-05-24 23:14 - 2019-03-04 02:42 - 000001230 _____ C:\Users\Public\Desktop\The Witcher 3 - Wild Hunt.lnk
2019-05-24 23:14 - 2019-02-25 20:06 - 000001248 _____ C:\Users\Public\Desktop\Metal Gear Solid V - The Phantom Pain.lnk
2019-05-24 23:14 - 2019-02-17 13:00 - 000001222 _____ C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings.lnk
2019-05-24 01:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-24 01:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-23 20:47 - 2017-12-22 20:41 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\discord
2019-05-23 09:41 - 2017-10-04 22:00 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-23 00:16 - 2018-05-16 00:15 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-22 13:06 - 2018-01-23 23:14 - 000000000 ____D C:\Users\LeonM\AppData\Roaming\steelseries-engine-3-client
2019-05-20 14:51 - 2017-11-23 17:56 - 000000000 ____D C:\Users\LeonM\AppData\Local\Microsoft Help
2019-05-17 13:36 - 2018-05-16 00:11 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-17 03:07 - 2017-10-05 10:12 - 000000000 ____D C:\Program Files\rempl
2019-05-16 01:40 - 2018-05-15 23:56 - 000265688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-16 01:14 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-16 01:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-16 01:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-15 12:54 - 2017-10-05 10:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-15 12:50 - 2017-10-05 10:10 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 08:51 - 2018-07-25 10:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 00:25 - 2018-05-16 00:15 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 00:25 - 2018-05-16 00:15 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 08:37 - 2019-03-21 00:49 - 066620328 _____ C:\Users\LeonM\Documents\F2.rar
2019-05-12 20:24 - 2018-07-20 08:55 - 000000032 _____ C:\Users\LeonM\AppData\Roaming\msregsvv.dll
2019-05-12 20:24 - 2018-07-20 08:55 - 000000032 _____ C:\ProgramData\autobk.inc
2019-05-11 07:16 - 2019-02-18 19:43 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2019-05-11 06:58 - 2018-09-09 15:17 - 000000000 ____D C:\Users\LeonM\Documents\Native Instruments
2019-05-11 06:44 - 2018-09-14 23:28 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2019-05-11 06:44 - 2018-02-17 21:43 - 000000862 __RSH C:\ProgramData\ntuser.pol
2019-05-11 06:15 - 2018-09-14 23:28 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2019-05-11 06:07 - 2019-02-26 01:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-05-11 06:07 - 2018-09-09 15:02 - 000000000 ____D C:\Program Files\Native Instruments
2019-05-11 06:07 - 2018-09-09 15:02 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2019-05-11 05:22 - 2017-11-23 17:57 - 000000000 ____D C:\Users\LeonM\Documents\CV
2019-05-04 00:53 - 2018-11-15 02:25 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-04 00:53 - 2018-11-15 02:25 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2019-06-02 23:25 - 2019-06-02 23:25 - 001799680 _____ (NTWind Software) C:\Users\Public\lcqk.exe
2018-07-20 08:55 - 2019-05-12 20:24 - 000000032 _____ () C:\Users\LeonM\AppData\Roaming\msregsvv.dll
2019-02-23 16:16 - 2019-02-23 19:50 - 001065984 _____ () C:\Users\LeonM\AppData\Local\file__0.localstorage
2019-06-03 04:27 - 2019-06-03 04:27 - 000000218 _____ () C:\Users\LeonM\AppData\Local\recently-used.xbel
2018-12-25 09:49 - 2019-02-23 16:34 - 000007600 _____ () C:\Users\LeonM\AppData\Local\resmon.resmoncfg
2018-11-02 03:34 - 2018-11-02 03:34 - 000000076 _____ () C:\Users\LeonM\AppData\Local\update_progress.txt

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition.txt

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-06-2019
Ran by LeonM (04-06-2019 20:06:32) Run:1
Running from C:\Users\LeonM\Documents
Loaded Profiles: LeonM (Available Profiles: LeonM)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3933296 2019-03-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {A3337E02-50C7-4E63-87AC-E92087DEB6CF} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {BD1A2573-3AF5-42C1-AA1D-D45AEEB8FA4A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BD1A2573-3AF5-42C1-AA1D-D45AEEB8FA4A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
AlternateDataStreams: C:\Users\LeonM\AppData\Local\Temp:$DATA? [16]
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
FirewallRules: [{DA4AB33C-0913-467D-A6A1-A62F561223B5}] => (Block) %ProgramFiles% (x86)\IK Multimedia\AmpliTube 3\AmpliTube 3.exe No File

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3337E02-50C7-4E63-87AC-E92087DEB6CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3337E02-50C7-4E63-87AC-E92087DEB6CF}" => removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD1A2573-3AF5-42C1-AA1D-D45AEEB8FA4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD1A2573-3AF5-42C1-AA1D-D45AEEB8FA4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD1A2573-3AF5-42C1-AA1D-D45AEEB8FA4A}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
C:\Users\LeonM\AppData\Local\Temp => ":$DATA?" ADS could not remove.
HKU\S-1-5-21-2322255856-1445579512-3484448224-1001\Software\Classes\regfile => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA4AB33C-0913-467D-A6A1-A62F561223B5}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 240716704 B
Java, Flash, Steam htmlcache => 441095926 B
Windows/system/drivers => 8995088 B
Edge => 19542 B
Chrome => 587532746 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2800 B
LocalService => 0 B
NetworkService => 8210 B
NetworkService => 0 B
LeonM => 3832497966 B

RecycleBin => 0 B
EmptyTemp: => 4.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:10:48 ====

Share this post


Link to post
Share on other sites

How is the computer running now?

Share this post


Link to post
Share on other sites

A lot better, thanks! My CPU monitor on Rainmeter usually registered anywhere from 40-80% with a browser open. Now I'm rarely getting more than 20%. I've got 2-factor-authentication on all my stuff just to be sure.

Share this post


Link to post
Share on other sites

It's greatly appreciated. Getting rid of the malware has taken a lot of weight off my mind, and the performance boost is a lovely bonus.

Share this post


Link to post
Share on other sites

Please perform a scan of your PC with MBAM and check.

 

Share this post


Link to post
Share on other sites

Very Good. 

Please wait for a response from @nasdaq that this process is complete.

 

 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.