Jump to content
aidan05

8 Trojans keep reinstalling after being removed! Please help!

Recommended Posts

So, I have multiple threats that keep coming back after they have been removed. It's always backdoor. bladabindis. I have used Malwarebytes, Adwcleaner and hitman pro yet they always come back. I've even tried this in safe mode yet the same thing happens. They are making my computer lag quite a lot and when I open task manager to check the processes it instantly closes. I've also found that when I'm signed in as another user (Not admin) the computer runs like there's nothing wrong and I can access the task manager. Hitman pro told me that the three main malware viruses were CPU64.exe process.exe and desktop-64.exe which I later found were mining trojans. any help would be much appreciated as I use this computer for work daily.

Kind regards, Aidan.

Share this post


Link to post
Share on other sites

I have multiple threats that keep coming back after they have been removed. I have used Malwarebytes, Adwcleaner and hitman pro yet the trojans always come back. They are making my computer lag a lot and when I open task manager to check the processes it instantly closes. I've also found that when I'm signed in as another user (Not admin) the computer runs like there's nothing wrong and I can access the task manager. The trojans are called CPU64.exe process.exe and desktop-64.exe which I later found were mining trojans. any help would be much appreciated as I use this computer for work daily.

Share this post


Link to post
Share on other sites
Hello aidan05 and welcome to Malwarebytes,

Please do not open other threads related to the same problem, keep all replies to this thread. Continue with the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Malwarebytes Log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/18/19
Scan Time: 10:52 PM
Log File: 0812485c-c1b7-11e9-9565-e0d55e26dd73.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12069
License: Trial

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 331718
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
Generic.Malware/Suspicious, HKU\S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CPU64, Quarantined, [0], [392686],1.0.12069

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Generic.Malware/Suspicious, C:\WLNDOWS\SYSTEM32\CPU64.EXE, Quarantined, [0], [392686],1.0.12069

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

AdwCleaner Log

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-19-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1796 octets] - [17/08/2019 13:04:51]
AdwCleaner[C00].txt - [1834 octets] - [17/08/2019 13:05:33]
AdwCleaner[S01].txt - [1447 octets] - [17/08/2019 13:07:22]
AdwCleaner[C01].txt - [1635 octets] - [17/08/2019 13:07:37]
AdwCleaner[S02].txt - [1771 octets] - [18/08/2019 03:52:13]
AdwCleaner[C02].txt - [1901 octets] - [18/08/2019 03:53:06]
AdwCleaner[S03].txt - [1733 octets] - [18/08/2019 16:50:43]
AdwCleaner[C03].txt - [1901 octets] - [18/08/2019 16:50:59]
AdwCleaner[S04].txt - [1813 octets] - [19/08/2019 00:26:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
 

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (19-08-2019 00:31:55)
Running from C:\Users\Plain Sight\Desktop
Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan)
Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] ()
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [info] => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed]
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Smart Cleaning] => \ [0 0000-00-00] ()
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [process] => C:\Wlndows\system32\process.exe
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A48043-4BA2-4A17-A8EC-4183282F3EE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450752 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31FE867F-A9E8-42A9-AC75-3945DC277B69} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe)
Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {5A33F322-C317-4E78-B3D7-DD511D2C7430} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206784 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {675601DE-10A5-4310-BB29-8A5A392E23BB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [153648 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7EDEDA80-3D13-4E30-A7CE-783BEFE9D46D} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
Task: {80B1541F-2C06-4545-A9DC-997A8D0E8B04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {8957BCE1-EED1-4CED-B54B-805AD668F8ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450752 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B66E333F-24EC-49DD-892D-78999771C978} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [153648 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D05824AB-2CCD-4029-BB9B-C40D5EF95966} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [34922040 2019-08-09] (Adlice -> )
Task: {D74F6A27-4B29-4BCD-A8FB-E42E18B0C81D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E14E6A90-0CD5-4A77-AF82-5AD343F96678} - System32\Tasks\WIN64EX => C:\Wlndows\system32\process.exe
Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EBB2455F-7017-435F-B43A-99481EA014E5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206784 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29} - System32\Tasks\infos => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed]
Task: {F4DEE80D-4D79-4D0E-A1B6-79F3E1106CBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-14] (Adobe Inc. -> Adobe)
Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://soundcloud.com/"
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-18]
CHR DownloadDir: D:\DOWNLOADS
CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05]
CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14]
CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14]
CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-08-08] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> )
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S1 bntdyoll; \??\C:\WINDOWS\system32\drivers\bntdyoll.sys [X]
S1 cfhhvaru; \??\C:\WINDOWS\system32\drivers\cfhhvaru.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-19 00:31 - 2019-08-19 00:32 - 000028998 _____ C:\Users\Plain Sight\Desktop\FRST.txt
2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe
2019-08-19 00:28 - 2019-08-19 00:28 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-19 00:28 - 2019-08-19 00:28 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-19 00:28 - 2019-08-19 00:28 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-19 00:28 - 2019-08-19 00:28 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe
2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso
2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD
2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG
2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-08-18 16:52 - 2019-08-18 18:42 - 000003568 _____ C:\WINDOWS\System32\Tasks\WIN64EX
2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk
2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub
2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT
2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup
2019-08-18 04:22 - 2019-08-18 04:31 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-18 04:22 - 2019-08-18 04:22 - 000003168 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-08-18 04:22 - 2019-08-18 04:22 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-08-18 04:22 - 2019-08-18 04:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-08-18 04:22 - 2019-08-18 04:22 - 000000000 ____D C:\Program Files\RogueKiller
2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader
2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro
2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro
2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton
2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser
2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA
2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore
2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner
2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe
2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt
2019-08-18 02:18 - 2019-08-19 00:31 - 000000000 ____D C:\FRST
2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt
2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe
2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam
2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms
2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss
2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt
2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set
2019-08-17 15:29 - 2019-08-18 19:31 - 000004608 _____ C:\Users\Plain Sight\PaceKeyChain
2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP
2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube
2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager
2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache
2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002
2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe
2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages
2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation
2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan
2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk
2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol
2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform
2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner
2019-08-17 00:42 - 2019-08-17 00:42 - 000003560 _____ C:\WINDOWS\System32\Tasks\infos
2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows
2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx
2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube
2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral
2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater
2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-19 00:30 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-19 00:28 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-19 00:28 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-19 00:28 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-19 00:23 - 2018-05-31 18:14 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-19 00:23 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-19 00:21 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office
2019-08-19 00:21 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-19 00:20 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps
2019-08-19 00:01 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-18 23:16 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9}
2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther
2019-08-18 17:38 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation
2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-18 03:12 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages
2019-08-18 02:09 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus
2019-08-17 15:32 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom
2019-08-17 15:32 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2019-08-17 15:29 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight
2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube
2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys
2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3
2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify
2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify
2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice
2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings
2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-08-17 00:42 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe
2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog
2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer
2019-08-16 20:23 - 2018-09-13 10:44 - 000002840 __RSH C:\ProgramData\ntuser.pol
2019-08-16 13:13 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files
2019-08-16 13:13 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe
2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache
2019-08-15 12:04 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance
2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance
2019-08-15 10:47 - 2019-05-02 14:48 - 000000000 ____D C:\Program Files\Common Files\Celemony
2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH
2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-08-15 10:46 - 2019-01-12 12:54 - 000003274 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe
2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects
2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft
2019-08-14 18:38 - 2018-11-28 09:19 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 15:43 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 __RHD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files
2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter
2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins
2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl
2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk
2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA
2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin

==================== Files in the root of some directories ================

2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll
2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981
2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config
2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition.txt

Share this post


Link to post
Share on other sites

Ok so right after I posted this a command window appeared for a split second. I checked the windows/system32 folder and three files had appeared called. Desktop-64.exe, CPU64.exe and process.exe 

But after I opened the folder the CPU64.exe file disappeared. I will go through the scan instructions again and provide the logs

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/19/19
Scan Time: 12:46 AM
Log File: e5d4af36-c1c6-11e9-a2a8-e0d55e26dd73.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12069
License: Trial

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: DESKTOP-OTIH9CI\Plain Sight

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 338579
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 5 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WIN64EX, Quarantined, [10104], [717806],1.0.12069
Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E14E6A90-0CD5-4A77-AF82-5AD343F96678}, Quarantined, [10104], [717806],1.0.12069
Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E14E6A90-0CD5-4A77-AF82-5AD343F96678}, Quarantined, [10104], [717806],1.0.12069

Registry Value: 1
Backdoor.Bladabindi.Generic, HKU\S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|process, Quarantined, [10104], [717806],1.0.12069

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Backdoor.Bladabindi.Generic, C:\WINDOWS\SYSTEM32\TASKS\WIN64EX, Quarantined, [10104], [717806],1.0.12069
Backdoor.Bladabindi.Generic, C:\WLNDOWS\SYSTEM32\PROCESS.EXE, Quarantined, [10104], [717806],1.0.12069

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

I did another scan after and it found more.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/19/19
Scan Time: 12:54 AM
Log File: 07794cff-c1c8-11e9-a477-e0d55e26dd73.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12069
License: Trial

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Cancelled
Objects Scanned: 251550
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 2 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WIN64EX, Quarantined, [10104], [717806],1.0.12069
Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{84E7D427-AE9C-4D7C-BA03-7D3F6B8A4FC8}, Quarantined, [10104], [717806],1.0.12069
Backdoor.Bladabindi.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{84E7D427-AE9C-4D7C-BA03-7D3F6B8A4FC8}, Quarantined, [10104], [717806],1.0.12069

Registry Value: 1
Backdoor.Bladabindi.Generic, HKU\S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|process, Quarantined, [10104], [717806],1.0.12069

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Backdoor.Bladabindi.Generic, C:\WINDOWS\SYSTEM32\TASKS\WIN64EX, Quarantined, [10104], [717806],1.0.12069
Backdoor.Bladabindi.Generic, C:\WLNDOWS\SYSTEM32\PROCESS.EXE, Quarantined, [10104], [717806],1.0.12069

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-19-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1796 octets] - [17/08/2019 13:04:51]
AdwCleaner[C00].txt - [1834 octets] - [17/08/2019 13:05:33]
AdwCleaner[S01].txt - [1447 octets] - [17/08/2019 13:07:22]
AdwCleaner[C01].txt - [1635 octets] - [17/08/2019 13:07:37]
AdwCleaner[S02].txt - [1771 octets] - [18/08/2019 03:52:13]
AdwCleaner[C02].txt - [1901 octets] - [18/08/2019 03:53:06]
AdwCleaner[S03].txt - [1733 octets] - [18/08/2019 16:50:43]
AdwCleaner[C03].txt - [1901 octets] - [18/08/2019 16:50:59]
AdwCleaner[S04].txt - [1813 octets] - [19/08/2019 00:26:57]
AdwCleaner[C04].txt - [2001 octets] - [19/08/2019 00:27:48]
AdwCleaner[S05].txt - [1935 octets] - [19/08/2019 00:57:05]
AdwCleaner[S06].txt - [1996 octets] - [19/08/2019 00:59:06]
AdwCleaner[C06].txt - [2184 octets] - [19/08/2019 00:59:23]
AdwCleaner[S07].txt - [2118 octets] - [19/08/2019 01:01:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (19-08-2019 01:03:54)
Running from C:\Users\Plain Sight\Desktop
Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan)
Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] ()
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [info] => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed]
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Smart Cleaning] => \ [0 0000-00-00] ()
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31FE867F-A9E8-42A9-AC75-3945DC277B69} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe)
Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7EDEDA80-3D13-4E30-A7CE-783BEFE9D46D} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29} - System32\Tasks\infos => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed]
Task: {F4DEE80D-4D79-4D0E-A1B6-79F3E1106CBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-14] (Adobe Inc. -> Adobe)
Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://soundcloud.com/"
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-18]
CHR DownloadDir: D:\DOWNLOADS
CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05]
CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14]
CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14]
CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> )
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S1 bntdyoll; \??\C:\WINDOWS\system32\drivers\bntdyoll.sys [X]
S1 cfhhvaru; \??\C:\WINDOWS\system32\drivers\cfhhvaru.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-19 01:03 - 2019-08-19 01:04 - 000023834 _____ C:\Users\Plain Sight\Desktop\FRST.txt
2019-08-19 01:02 - 2019-08-19 01:02 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-19 01:02 - 2019-08-19 01:02 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-19 01:02 - 2019-08-19 01:02 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-19 01:02 - 2019-08-19 01:02 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe
2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe
2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso
2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD
2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG
2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk
2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub
2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT
2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup
2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader
2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro
2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro
2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton
2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser
2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA
2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore
2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner
2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe
2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt
2019-08-18 02:18 - 2019-08-19 01:03 - 000000000 ____D C:\FRST
2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt
2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe
2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam
2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms
2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss
2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt
2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set
2019-08-17 15:29 - 2019-08-18 19:31 - 000004608 _____ C:\Users\Plain Sight\PaceKeyChain
2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP
2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube
2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager
2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache
2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002
2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe
2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages
2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation
2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan
2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk
2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol
2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform
2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner
2019-08-17 00:42 - 2019-08-17 00:42 - 000003560 _____ C:\WINDOWS\System32\Tasks\infos
2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows
2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx
2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube
2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral
2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater
2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-19 01:04 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-19 01:02 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-19 01:02 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-19 01:01 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-19 00:53 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-19 00:53 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-19 00:41 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office
2019-08-19 00:40 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-19 00:36 - 2018-05-31 18:14 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-19 00:36 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-19 00:20 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps
2019-08-18 23:16 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9}
2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther
2019-08-18 17:38 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation
2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-18 03:12 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages
2019-08-18 02:09 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus
2019-08-17 15:32 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom
2019-08-17 15:32 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2019-08-17 15:29 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight
2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube
2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys
2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3
2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify
2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify
2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice
2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings
2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-08-17 00:42 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe
2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog
2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer
2019-08-16 20:23 - 2018-09-13 10:44 - 000002840 __RSH C:\ProgramData\ntuser.pol
2019-08-16 13:13 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files
2019-08-16 13:13 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe
2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache
2019-08-15 12:04 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance
2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance
2019-08-15 10:47 - 2019-05-02 14:48 - 000000000 ____D C:\Program Files\Common Files\Celemony
2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH
2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-08-15 10:46 - 2019-01-12 12:54 - 000003274 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe
2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects
2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft
2019-08-14 18:38 - 2018-11-28 09:19 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 15:43 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 __RHD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files
2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter
2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins
2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl
2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk
2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA
2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin

==================== Files in the root of some directories ================

2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll
2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981
2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config
2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

Addition.txt

Share this post


Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 
Next,
 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs in your reply....

fixlist.txt

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Plain Sight (19-08-2019 11:37:34) Run:1
Running from C:\Users\Plain Sight\Desktop
Loaded Profiles: Plain Sight &  (Available Profiles: Plain Sight & Aidan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] ()
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Cleaning] => \ [0 0000-00-00] ()
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [info] => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed]
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [Smart Cleaning] => \ [0 0000-00-00] ()
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
Task: {EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29} - System32\Tasks\infos => C:\ProgramData\Adobe\info.vbs [360 2019-08-17] () [File not signed]
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru)
S1 bntdyoll; \??\C:\WINDOWS\system32\drivers\bntdyoll.sys [X]
S1 cfhhvaru; \??\C:\WINDOWS\system32\drivers\cfhhvaru.sys [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
AlternateDataStreams: C:\ProgramData:6B903AE9C7DCF017 [1]
AlternateDataStreams: C:\Users\All Users:6B903AE9C7DCF017 [1]
AlternateDataStreams: C:\ProgramData\Application Data:6B903AE9C7DCF017 [1]
FirewallRules: [{14FE59C2-4ACF-48D0-B190-0F6DFF8C54AC}] => (Allow) 㩃啜敳獲停慬湩匠杩瑨䅜灰慄慴剜慯業杮楜普卯睩楜普卯睩攮數 No File
FirewallRules: [{8AF6B2A7-C1C2-4E3D-87A5-E1396637233C}] => (Allow) 㩃啜敳獲停慬湩匠杩瑨䅜灰慄慴剜慯業杮楜普卯睩剜湵䥓攮數 No File
C:\Wlndows\system32\CPU64.exe
C:\Wlndows\system32\Desktop-64.exe 
File: C:\urls.set
Hosts:
CMD: winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Cleaning" => removed successfully
"HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Cleaning" => not found
"HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\info" => removed successfully
"HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Smart Cleaning" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF3C2FD-2DBB-48D9-8D54-72EE4A7C5D29}" => removed successfully
C:\WINDOWS\System32\Tasks\infos => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\infos" => removed successfully
HKLM\System\CurrentControlSet\Services\mracdrv => removed successfully
mracdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\bntdyoll => removed successfully
bntdyoll => service removed successfully
HKLM\System\CurrentControlSet\Services\cfhhvaru => removed successfully
cfhhvaru => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
C:\ProgramData => ":6B903AE9C7DCF017" ADS removed successfully
"C:\Users\All Users" => ":6B903AE9C7DCF017" ADS not found.
"C:\ProgramData\Application Data" => ":6B903AE9C7DCF017" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14FE59C2-4ACF-48D0-B190-0F6DFF8C54AC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AF6B2A7-C1C2-4E3D-87A5-E1396637233C}" => removed successfully
"C:\Wlndows\system32\CPU64.exe" => not found
"C:\Wlndows\system32\Desktop-64.exe" => not found

========================= File: C:\urls.set ========================

C:\urls.set
File not signed
MD5: 64547C10B84F6061686AAEB1DEF4817E
Creation and modification date: 2019-08-18 01:12 - 2019-08-18 01:12
Size: 000034608
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0

====== End of File: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= winmgmt /verifyrepository =========

WMI repository is consistent

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 89812075 B
Java, Flash, Steam htmlcache => 298023214 B
Windows/system/drivers => 5995325 B
Edge => 61742062 B
Chrome => 1712095 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1760 B
LocalService => 0 B
NetworkService => 9750 B
NetworkService => 0 B
Plain Sight => 71619347 B
Aidan => 5300453 B

RecycleBin => 134025 B
EmptyTemp: => 519.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-08-2019 12:25:08)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected

==== End of Fixlog 12:25:08 ====

 

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.75, August 2019 (build 5.75.16236.1)
Started On Mon Aug 19 12:27:21 2019

Engine: 1.1.16200.1
Signatures: 1.299.474.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 19 12:29:36 2019


Return code: 0 (0x0)
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (19-08-2019 12:30:44)
Running from C:\Users\Plain Sight\Desktop
Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan)
Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31FE867F-A9E8-42A9-AC75-3945DC277B69} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe)
Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7EDEDA80-3D13-4E30-A7CE-783BEFE9D46D} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F4DEE80D-4D79-4D0E-A1B6-79F3E1106CBF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-14] (Adobe Inc. -> Adobe)
Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://soundcloud.com/"
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-19]
CHR DownloadDir: D:\DOWNLOADS
CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05]
CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14]
CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14]
CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> )
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-19] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-19 12:26 - 2019-08-19 12:26 - 046315064 _____ (Microsoft Corporation) C:\Users\Plain Sight\Desktop\Windows-KB890830-x64-V5.75.exe
2019-08-19 12:25 - 2019-08-19 12:25 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-19 12:24 - 2019-08-19 12:24 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-19 12:24 - 2019-08-19 12:24 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-19 11:37 - 2019-08-19 12:25 - 000012245 _____ C:\Users\Plain Sight\Desktop\Fixlog.txt
2019-08-19 11:35 - 2019-08-19 11:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2019-08-19 01:05 - 2019-08-19 01:06 - 000051914 _____ C:\Users\Plain Sight\Desktop\Addition.txt
2019-08-19 01:03 - 2019-08-19 12:31 - 000022581 _____ C:\Users\Plain Sight\Desktop\FRST.txt
2019-08-19 01:02 - 2019-08-19 12:24 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe
2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe
2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso
2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD
2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG
2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk
2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub
2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT
2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup
2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader
2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro
2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro
2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton
2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser
2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA
2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore
2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner
2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe
2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt
2019-08-18 02:18 - 2019-08-19 12:30 - 000000000 ____D C:\FRST
2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt
2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe
2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam
2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms
2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss
2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt
2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set
2019-08-17 15:29 - 2019-08-18 19:31 - 000004608 _____ C:\Users\Plain Sight\PaceKeyChain
2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP
2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube
2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager
2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache
2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002
2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe
2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages
2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation
2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan
2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk
2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol
2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform
2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner
2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows
2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx
2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube
2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral
2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater
2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-19 12:27 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-19 12:27 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-19 12:25 - 2019-03-01 11:53 - 000000008 __RSH C:\Users\Plain Sight\ntuser.pol
2019-08-19 12:25 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight
2019-08-19 12:24 - 2018-09-13 10:44 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-08-19 12:24 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-19 12:24 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-19 12:24 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-19 12:24 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-19 11:40 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-19 11:38 - 2017-09-29 23:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-08-19 11:35 - 2018-05-31 18:14 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-19 00:53 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-19 00:41 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office
2019-08-19 00:40 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-19 00:20 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps
2019-08-18 23:16 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9}
2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther
2019-08-18 17:38 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation
2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-18 03:12 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages
2019-08-18 02:09 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus
2019-08-17 15:32 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom
2019-08-17 15:32 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube
2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys
2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3
2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify
2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify
2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice
2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings
2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-08-17 00:42 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe
2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog
2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer
2019-08-16 13:13 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files
2019-08-16 13:13 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe
2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache
2019-08-15 12:04 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance
2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance
2019-08-15 10:47 - 2019-05-02 14:48 - 000000000 ____D C:\Program Files\Common Files\Celemony
2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH
2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-08-15 10:46 - 2019-04-17 19:30 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-08-15 10:46 - 2019-01-12 12:54 - 000003274 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe
2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects
2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft
2019-08-14 18:38 - 2018-11-28 09:19 - 000004612 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-14 18:38 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 __RHD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files
2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter
2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins
2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl
2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk
2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA
2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin

==================== Files in the root of some directories ================

2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll
2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981
2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config
2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Plain Sight (19-08-2019 12:32:00)
Running from C:\Users\Plain Sight\Desktop
Windows 10 Pro Version 1803 17134.950 (X64) (2018-05-31 08:11:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2762709790-200231504-3683108907-500 - Administrator - Disabled)
Aidan (S-1-5-21-2762709790-200231504-3683108907-1002 - Limited - Enabled) => C:\Users\Aidan
DefaultAccount (S-1-5-21-2762709790-200231504-3683108907-503 - Limited - Disabled)
Guest (S-1-5-21-2762709790-200231504-3683108907-501 - Limited - Disabled)
Plain Sight (S-1-5-21-2762709790-200231504-3683108907-1001 - Administrator - Enabled) => C:\Users\Plain Sight
WDAGUtilityAccount (S-1-5-21-2762709790-200231504-3683108907-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Lightroom (HKLM-x32\...\LRCC_2_3) (Version: 2.3 - Adobe Systems Incorporated)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1) (Version: 13.1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brainworx Plugins Bundle (HKLM\...\Brainworx Plugins Bundle_is1) (Version: 2.0.0 - Brainworx)
Camel Audio CamelCrusher64 (HKLM-x32\...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.21.0 - Piriform Software) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Endless Smile 1.0.0 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Endless Smile) (Version: 1.0.0 - Dada Life)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FXpansion DCAMFreeComp (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\FXpansion DCAMFreeComp) (Version: 1.0.1.7 - FXpansion Audio UK Ltd)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.15.306 - SurfRight B.V.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
KClip3 (HKLM\...\KClip3 3.1.3) (Version: 3.1.3 - Kazrog Inc)
Kick 2 version 1.1.1 (HKLM\...\Kick 2_is1) (Version: 1.1.1 - Sonic Academy)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.0.2 - Hermann Schinagl)
Maag Audio EQ4 (HKLM\...\EQ4_is1) (Version: 1.9.0 - Maag Audio)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Massive (HKLM\...\Massive_is1) (Version: 1.5.5 - Native Instruments & Team V.R)
MeldaProduction Audio Plugins 12 (HKLM-x32\...\MeldaProduction Audio Plugins 12) (Version:  - MeldaProduction)
Melodyne 3.2 (HKLM-x32\...\{2E337869-756A-4E46-A936-0E67FE043A5E}) (Version: 3.2.0202 - Celemony Software GmbH) Hidden
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang)
Mixed in Key (HKLM-x32\...\{F3A4E720-26AE-4EA0-BBCC-9480EAE753EC}) (Version: 8.0.2325.0 - Mixed In Key LLC) Hidden
Mixed In Key 8 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\{85c3a10f-312f-40ef-b9ae-21bdd4e92f16}) (Version: 8.0.2325.0 - Mixed In Key LLC)
Mp3tag v2.86 (HKLM-x32\...\Mp3tag) (Version: 2.86 - Florian Heidenreich)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.1.54 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Graphics Driver 431.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 431.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Ozone Imager (HKLM-x32\...\Ozone Imager) (Version: 1.00 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.)
Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 5.6.0.0017 - Pioneer DJ Corporation.)
REFERENCE version 1.0 (HKLM\...\{07930B10-B999-4B4D-AC62-FA8891F93151}_is1) (Version: 1.0 - 29 Palms Ltd)
rekordbox 5.6.0 64bit (HKLM\...\Pioneer rekordbox 5.6.0) (Version: 5.6.0.0017 - Pioneer DJ)
RODE-AI-1-ASIO (HKLM\...\{E54CEBF0-1B4F-4793-841F-C1ABA9F46188}) (Version: 1.1.0 - RØDE Microphones)
Softube Installer Helper (HKLM\...\Softube Installer Helper) (Version: 2.4.88 - Softube AB)
Softube Saturation Knob (HKLM\...\Softube Saturation Knob) (Version: 2.4.83 - Softube AB)
Sonalksis Plug-in Manager 3.01 (HKLM-x32\...\{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1) (Version:  - Sienda New Media Technologies GmbH)
Sonic Charge Bitspeek (HKLM-x32\...\Sonic Charge Bitspeek) (Version: 1.5 - NuEdge Development)
Sonic Charge Plugins (HKLM-x32\...\Sonic Charge Plugins) (Version: 2017-02-02 - NuEdge Development)
Sonic Charge Synplant (HKLM-x32\...\Sonic Charge Synplant) (Version: 1.2.2 - NuEdge Development)
Splice (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\splice) (Version: 3.5.41 - Distributed Creation, Inc.)
Spotify (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Spotify) (Version: 1.1.12.451.gdb77255f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sylenth1 v3.041 (HKLM\...\Sylenth1v3_is1) (Version:  - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.51.77.1020 - Electronic Arts Inc.)
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 2.1.0 - TP-Link)
Trash version 2.0.5 (HKLM-x32\...\{4C809F87-3910-4E10-BEF2-F3C6FEA94E2E}_is1) (Version: 2.0.5 - iZotope)
True Iron (HKLM\...\True Iron 1.2.5) (Version: 1.2.5 - Kazrog Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
ValhallaRoom version 1.5.1 (HKLM-x32\...\{A17C42DB-BF2C-4AEC-8B57-C2C3EF052902}_is1) (Version: 1.5.1 - Valhalla DSP, LLC)
Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 3.1 - Voxengo)
Voxengo Tube Amp (HKLM\...\Voxengo Tube Amp_is1) (Version: 2.5 - Voxengo)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
Youlean Loudness Meter 2 version V2.2.3 (HKLM-x32\...\{57AC2129-BA28-47CC-ACC8-BDCE413849DF}_is1) (Version: V2.2.3 - Youlean)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-17] (Adobe Systems Incorporated)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-25] (Apple Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2762709790-200231504-3683108907-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-18AA609A9867} -> [Creative Cloud Files] => C:\Users\Plain Sight\Creative Cloud Files [2018-08-02 10:07]
CustomCLSID: HKU\S-1-5-21-2762709790-200231504-3683108907-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm

==================== Loaded Modules (Whitelisted) ==============

2018-12-28 20:31 - 2018-12-28 20:31 - 000488880 _____ (Hermann Schinagl -> Hermann Schinagl) [File not signed] C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
2018-03-20 09:29 - 2018-01-29 01:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-15 11:33 - 2019-08-19 11:38 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2019-01-08 14:53 - 2019-01-12 02:09 - 000000627 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

168.137.173 Mitchs-MBP.mshome.net # 2019 1 2 15 5 4 24 911

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;%INTEL_DEV_REDIST%redist\ia32\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Control Panel\Desktop\\Wallpaper -> D:\Nikon D3400 Photos\Edited\DSC-0098.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: mracsvc => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WindscribeService => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B96986E2-D77C-4673-9378-CBCC13AD94CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{172CDB18-9349-47CE-8557-D6A2A388AC6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CFE5DEA7-3D47-4F94-82CD-69B0C27ADC80}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{10C66A5A-92B3-439B-8A12-1961A1F8EE8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F263765F-6A3D-40A8-AC04-A93836C95036}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A7D36B6C-26A2-4458-8CD2-7EFB41D30E03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{230698CE-2A07-433B-AD58-8A59DEF58423}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7AC482F0-B09C-46A3-B37F-25FE20FC9748}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6877EE3D-4300-4F02-8EC3-9C5AED80B992}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{56276421-E310-416D-9081-FAC5E188F7FF}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4F9066EC-A4A9-4B0F-AD30-B6CFF55BD7B7}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{78D8A76D-428F-40FC-A15A-30F13F78D4A2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{FA112521-A55B-4DF5-8169-1016DF1B2C8A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{546676CD-F39D-4217-82E9-B5ED2D8B8562}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{10864890-700A-4AE1-9F6C-7B84D73F32E4}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{3C6DC639-CC62-4C17-ACDF-54EA74BCF678}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{0CF87D95-BE64-4D86-B6DD-1B131DAABEE6}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [TCP Query User{064EB254-FCFF-459C-8547-E36BF8D13F51}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B602DDF4-1C0F-495A-88CA-7A14711209CA}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9C27E1CF-E117-42A2-A215-E0CC0D94D3B7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{67986985-E649-4E48-B21C-3E69BC76C59A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{EC09E49B-2132-4F71-92D1-BB5902CC4D3F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0D1C58CA-8C0D-402C-979F-89E5CC71DE7F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0C23D427-363A-4F08-B737-AC247A0A34EE}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{760CB771-65BA-4AD4-82EA-3540D1924A9E}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{D8368532-0696-4614-9BF9-3F992C867F9D}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{08DBD07D-B52F-4771-B32E-4918CB5DF76A}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{DEFA1A3B-1F57-4B09-A424-9DE3B524DC85}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [{558C9C11-C174-40C6-B785-B12371A9751E}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{3A4035DB-10E1-4455-8618-9446BDD588F1}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{915CD90C-8EC4-4993-8B65-6E5404A3E13D}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> )
FirewallRules: [{428037CC-F7F7-4D69-A0F2-120EFA02DD65}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> )
FirewallRules: [{A842348A-76D5-4D11-B480-4495BEBFA9C3}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> )
FirewallRules: [{73EB4E2E-556A-4C2D-888B-1405F75177D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B29DC937-137C-42CE-B6B8-5457DDE72C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C0F8171-80C8-4625-BB93-048160AE132C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2ADC41FE-990B-45DD-A0B4-30A939780D83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{2961FE0F-9EA3-4194-8513-62DBA1CBCC3A}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{FF222A3A-AF5E-413E-9853-97C4D0EA9CFC}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{8D74A5D2-F7E2-401A-9ECD-E37DEAABF361}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84BD169C-1027-4F6B-841C-97D0A292B49A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{768F9EA5-6FC2-493F-8D66-79560B7BB6D2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6C8C5A9B-BD32-4C2A-BDDA-70D8FD1703BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{861A613E-B2DC-42C0-B47E-DCB5599CD4B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B146E6CD-F2C0-4F7B-A632-DB2B6962C937}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7F06B1B-C9E0-4908-A1A6-75159D83A0AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{78C59764-B639-41EE-9A0A-201E617F0D87}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFD255BB-15E1-4BEE-9B6C-C3C38B0FB08C}] => (Allow) D:\Music Production\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [{C3931EE7-A974-4BC6-898B-20EE2ECBB3F1}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{A4A6B655-4C97-422E-B343-E990C3C0F2CA}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{6BF22A09-E365-4058-9527-1B251D8B5A92}] => (Allow) D:\Music Production\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> )
FirewallRules: [{C97DAE21-F8B6-4717-A590-8676060D7A88}] => (Allow) D:\Music Production\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> )
FirewallRules: [{272D851C-D5D7-44CA-A77C-32E8AA0E47D8}] => (Allow) D:\Music Production\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> )

==================== Restore Points =========================

18-08-2019 17:12:57 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2019 12:29:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/19/2019 11:38:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/19/2019 11:37:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {027aca1a-a02a-41af-b5eb-078a0805e9bf}

Error: (08/19/2019 12:20:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Exception code: 0xc0000005
Fault offset: 0x000000000006822e
Faulting process id: 0x26e0
Faulting application start time: 0x01d555d00df4fec9
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 756a2a4d-624d-474d-9910-c24c390ad84c
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/19/2019 12:16:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Exception code: 0xc0000005
Fault offset: 0x000000000006822e
Faulting process id: 0x2828
Faulting application start time: 0x01d555cf88d01ffe
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: b196ded3-07dd-44b6-8cd1-0f37353bf794
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/19/2019 12:12:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Exception code: 0xc0000005
Fault offset: 0x000000000006822e
Faulting process id: 0x21d4
Faulting application start time: 0x01d555ceebd9a3e1
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 6df0404c-951d-4053-8b5d-ba06aa3817eb
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/19/2019 12:07:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Exception code: 0xc0000005
Fault offset: 0x000000000006822e
Faulting process id: 0x25e4
Faulting application start time: 0x01d555ce47084690
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 7b53026f-dcf2-49d8-8ce8-c5d6ed213c92
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/18/2019 07:29:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-OTIH9CI)
Description: Product: Bonjour -- A later version of Bonjour is already installed on this computer.


System errors:
=============
Error: (08/19/2019 12:25:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2019 12:25:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2019 12:24:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/19/2019 11:40:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (08/19/2019 11:38:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (08/19/2019 11:37:58 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OTIH9CI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/19/2019 11:37:55 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the PACE License Services service, but this action failed with the following error: 
An instance of the service is already running.

Error: (08/19/2019 11:37:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Remediation Service service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
===================================
Date: 2019-08-19 11:35:40.014
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0
Name: Trojan:VBS/Mountsi.A!ml
ID: 2147726485
Severity: Severe
Category: Trojan
Path: amsi:_C:\Windows\System32\wscript.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\wscript.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 01:02:47.677
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0
Name: Trojan:VBS/Mountsi.A!ml
ID: 2147726485
Severity: Severe
Category: Trojan
Path: amsi:_C:\Windows\System32\wscript.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\wscript.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 01:00:40.203
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0
Name: Trojan:VBS/Mountsi.A!ml
ID: 2147726485
Severity: Severe
Category: Trojan
Path: amsi:_C:\Windows\System32\wscript.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\wscript.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 00:54:26.047
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Generic.SV!ml&threatid=2147739306&enterprise=0
Name: Behavior:Win32/Generic.SV!ml
ID: 2147739306
Severity: Severe
Category: Suspicious Behavior
Path: file:_C:\Wlndows\system32\CPU64.exe; regkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64; runkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 00:53:55.959
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Wlndows\system32\Desktop-64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 00:27:56.986
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.299.2303.0
Previous Signature Version: 1.299.2298.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.16200.1
Previous Engine Version: 1.1.16200.1
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2019-08-19 00:27:56.986
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.299.2303.0
Previous Signature Version: 1.299.2298.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.16200.1
Previous Engine Version: 1.1.16200.1
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2019-08-18 17:37:12.196
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.299.2296.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16200.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 

Date: 2019-08-18 17:27:08.388
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-08-18 03:09:39.230
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2019-08-18 03:58:19.662
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-18 03:58:19.404
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-18 03:58:19.146
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-18 03:58:18.883
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-17 01:01:12.252
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-17 01:00:41.251
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-17 00:58:24.202
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-17 00:58:23.861
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F8 09/01/2017
Motherboard: Gigabyte Technology Co., Ltd. AX370-Gaming 5
Processor: AMD Ryzen 7 1700 Eight-Core Processor 
Percentage of memory in use: 18%
Total physical RAM: 16332.45 MB
Available physical RAM: 13291.25 MB
Total Virtual: 18764.45 MB
Available Virtual: 14756.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.53 GB) (Free:335.74 GB) NTFS
Drive d: (New Space) (Fixed) (Total:931.51 GB) (Free:652.27 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:111.19 GB) (Free:37.82 GB) NTFS

\\?\Volume{a32efc1d-78c8-4d69-9554-243a67203579}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{2bc682b4-f735-407c-8e26-a64599b677ed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{bf261472-0e6a-4017-a399-46a6853c0063}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{5e21c628-89f4-43b7-9300-7e1a0d43cbbb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: DBE17137)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2AD450F8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

Thanks for those logs, how is your PC responding now, any issues or concerns...

Run this please:

Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)"

At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /CheckHealth then hit the enter key. What results do you get..?

Thanks,

Kevin...

Share this post


Link to post
Share on other sites

Hey the PC is running perfectly. There is no lag whatsoever and the task manager now stays open with only Malwarebytes running in the processes.

I also scanned with Malwarebytes and no threats were detected.

The command prompt results were:

  • The component store is repairable
  • The operation completed successfully

Share this post


Link to post
Share on other sites

Thanks for that information, still need to run the following:

Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)"

At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /RestoreHealth then hit the enter key. What results do you get..?

Next,

If no remaining issues or concerns continue to clean up:

Right click on FRST here: C:\Users\Plain Sight\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points - https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point - http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

Share this post


Link to post
Share on other sites

The scan got stuck at 76.3% Then

error 0x800f081f appeared.

The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

Also after turning my computer back on another different Trojan was found by Malwarebytes. Here's the log.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/19/19
Scan Time: 11:52 PM
Log File: 943ee19c-c288-11e9-939d-e0d55e26dd73.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12083
License: Trial

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 327322
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 2 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Agent.VBS, C:\PROGRAMDATA\ADOBE\INFO.VBS, Quarantined, [1139], [721998],1.0.12083

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Share this post


Link to post
Share on other sites
Can you uninstall all programs related to Adobe...

Adobe Creative Cloud
Adobe Flash Player
Adobe Lightroom
Adobe Premiere Pro 2019


Reboot your PC when complete.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by Plain Sight (administrator) on DESKTOP-OTIH9CI (Gigabyte Technology Co., Ltd. AX370-Gaming 5) (20-08-2019 00:40:08)
Running from C:\Users\Plain Sight\Desktop
Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan)
Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Softube AB -> ) C:\Program Files\Softube\InstallerDaemon\InstallerService.exe
Failed to access process -> CompatTelRunner.exe
Failed to access process -> conhost.exe
Failed to access process -> conhost.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dwm.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> SppExtComObj.Exe
Failed to access process -> wlanext.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D921394-47FB-407A-9AEF-DD5803635C5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {13D6644E-6F69-460F-AC4E-5E6F63DAE437} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16E9CB2E-49B6-4AF8-90DE-06D2ABEE4618} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {1A1C8488-8D90-4223-B9BE-A1058B1C908E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1FC8021A-6B0A-4577-95EB-0B8958C68299} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {22D66AA8-71BF-402B-A015-7A00E188B53C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3417C401-152D-4B40-8C82-F0BB8D2547B2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {49CBDDD5-144C-49D6-9330-93B82C00B987} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2049928 2019-08-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {74D51ACF-A975-4590-ABB3-DE333FAB999B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {758DF83D-0340-4728-8A57-AA03AF5DE9AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B6D14E4-BF93-4E74-96F0-0F5ADF7761ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84049033-1125-4532-BE47-6061D04D4B69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8447B23D-EC9C-419D-BB5B-07D0CA977128} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Plain Sight\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9097DF3C-47CB-483F-B587-13F134553106} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9E8D2A08-68D3-4F00-84DA-D723170563DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {A426EF7F-EADB-423E-8EC5-DB0C0B6316E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A7856D9F-143F-412B-93BA-530EF4E409C5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A8A29FEF-A7C3-4F13-A377-2FBFAEE76865} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {C00C228E-A362-47C6-AA4A-D4F57DFC1E89} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D89BD700-E397-423F-9B33-C886336DA429} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {DBBD79B2-77BC-492E-B32B-B92C6074CEFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {E146B2E7-AC9E-4D01-AFF8-C1317D49FFF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA157AE3-68D7-465A-9217-128E817D38B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F880CC13-9162-45DB-AE65-AD1CC0AA0BC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEFAD59A-979E-4BE0-9C09-CBDF86C0F7A7} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{44f20319-c8a6-4cc0-9e3b-ede0e80d487d}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6283b723-eae5-42ae-8255-419dc903eb73}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{996897f6-62dc-450e-a935-5e7a928015d1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2762709790-200231504-3683108907-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://soundcloud.com/"
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default [2019-08-19]
CHR DownloadDir: D:\DOWNLOADS
CHR Extension: (Slides) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-14]
CHR Extension: (Just Black) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-03-05]
CHR Extension: (Docs) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-14]
CHR Extension: (Google Drive) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-14]
CHR Extension: (YouTube) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-14]
CHR Extension: (Sheets) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\Plain Sight\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-12-12] (BattlEye Innovations e.K. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-09] (Mail.Ru LLC -> LLC Mail.Ru)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SoftubeInstallerDaemon; C:\Program Files\Softube\InstallerDaemon\InstallerService.exe [10284824 2019-07-10] (Softube AB -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S4 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-10-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [26192 2018-02-14] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2018-02-14] (ASUSTeK Computer Inc. -> )
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-18] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-20] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_547eeefb57db4499\nvlddmkm.sys [21858904 2019-07-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6839744 2017-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-20 00:39 - 2019-08-20 00:39 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-20 00:39 - 2019-08-20 00:39 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-20 00:39 - 2019-08-20 00:39 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-20 00:39 - 2019-08-20 00:39 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-20 00:38 - 2019-08-20 00:38 - 000000000 ___HD C:\temp
2019-08-19 12:26 - 2019-08-19 12:26 - 046315064 _____ (Microsoft Corporation) C:\Users\Plain Sight\Desktop\Windows-KB890830-x64-V5.75.exe
2019-08-19 11:37 - 2019-08-19 12:25 - 000012245 _____ C:\Users\Plain Sight\Desktop\Fixlog.txt
2019-08-19 11:35 - 2019-08-19 11:35 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2019-08-19 01:05 - 2019-08-19 12:33 - 000048279 _____ C:\Users\Plain Sight\Desktop\Addition.txt
2019-08-19 01:03 - 2019-08-20 00:40 - 000020324 _____ C:\Users\Plain Sight\Desktop\FRST.txt
2019-08-19 00:30 - 2019-08-19 00:30 - 001612800 _____ (Farbar) C:\Users\Plain Sight\Desktop\FRST64.exe
2019-08-19 00:23 - 2019-08-19 00:24 - 007623880 _____ (Malwarebytes) C:\Users\Plain Sight\Desktop\AdwCleaner.exe
2019-08-18 18:53 - 2019-08-18 18:53 - 4169596928 _____ C:\Users\Plain Sight\Desktop\Windows.iso
2019-08-18 18:40 - 2019-08-18 19:17 - 000000000 ____D C:\ESD
2019-08-18 17:01 - 2019-08-18 17:01 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\DBG
2019-08-18 16:57 - 2019-08-18 16:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-08-18 16:50 - 2019-08-18 16:50 - 000003520 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner_7.lnk
2019-08-18 16:50 - 2019-08-18 16:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PeerDistRepub
2019-08-18 16:42 - 2019-08-18 16:53 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-18 16:31 - 2019-08-18 16:31 - 000000000 ___HD C:\$WINDOWS.~BT
2019-08-18 04:38 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-08-18 04:23 - 2019-08-18 04:23 - 000000000 ____D C:\zoek_backup
2019-08-18 04:06 - 2019-08-18 04:13 - 000000956 _____ C:\WINDOWS\system32\.crusader
2019-08-18 03:59 - 2019-08-18 03:59 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-08-18 03:59 - 2019-08-18 03:59 - 000000000 ____D C:\Program Files\HitmanPro
2019-08-18 03:58 - 2019-08-18 04:06 - 000000000 ____D C:\ProgramData\HitmanPro
2019-08-18 03:18 - 2019-08-18 03:18 - 000000000 ____D C:\Users\Aidan\Documents\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Ableton
2019-08-18 03:17 - 2019-08-18 03:17 - 000000000 ____D C:\Users\Aidan\AppData\Local\Ableton
2019-08-18 02:27 - 2019-08-18 02:27 - 000003842 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2019-08-18 02:27 - 2019-08-18 02:27 - 000003258 _____ C:\WINDOWS\System32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2019-08-18 02:27 - 2019-08-18 02:27 - 000000000 ____D C:\Users\Aidan\AppData\Local\CCleaner Browser
2019-08-18 02:26 - 2019-08-18 17:28 - 000001044 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-18 02:26 - 2019-08-18 02:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-18 02:26 - 2019-08-18 02:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineUA
2019-08-18 02:26 - 2019-08-18 02:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\CCleanerUpdateTaskMachineCore
2019-08-18 02:26 - 2019-08-18 02:26 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-18 02:26 - 2019-08-18 02:26 - 000000000 ____D C:\Program Files\CCleaner
2019-08-18 02:25 - 2019-08-18 02:25 - 020891464 _____ (Piriform Software Ltd) C:\Users\Aidan\Downloads\ccsetup560.exe
2019-08-18 02:19 - 2019-08-18 02:20 - 000048956 _____ C:\Users\Aidan\Downloads\Addition.txt
2019-08-18 02:18 - 2019-08-20 00:40 - 000000000 ____D C:\FRST
2019-08-18 02:18 - 2019-08-18 02:20 - 000073600 _____ C:\Users\Aidan\Downloads\FRST.txt
2019-08-18 02:17 - 2019-08-18 02:17 - 001612800 _____ (Farbar) C:\Users\Aidan\Downloads\FRST64.exe
2019-08-18 02:16 - 2019-08-18 17:28 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-18 02:16 - 2019-08-18 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-18 02:16 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-18 02:16 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-18 02:15 - 2019-08-18 02:15 - 064333800 _____ (Malwarebytes ) C:\Users\Aidan\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbamtray
2019-08-18 01:55 - 2019-08-18 01:55 - 000000000 ____D C:\Users\Aidan\AppData\Local\mbam
2019-08-18 01:53 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Comms
2019-08-18 01:35 - 2019-08-18 17:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-18 01:34 - 2019-08-18 01:34 - 000000000 ____D C:\WINDOWS\pss
2019-08-18 01:13 - 2019-08-18 01:13 - 000322648 _____ C:\active_protection.txt
2019-08-18 01:12 - 2019-08-18 01:12 - 000034608 _____ C:\urls.set
2019-08-17 15:29 - 2019-08-19 17:08 - 000004096 _____ C:\Users\Plain Sight\PaceKeyChain
2019-08-17 15:28 - 2019-08-17 15:28 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\PaceAP
2019-08-17 15:27 - 2019-08-17 15:27 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube
2019-08-17 15:26 - 2019-08-18 19:30 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-18 19:30 - 000002074 _____ C:\Users\Public\Desktop\iLok License Manager.lnk
2019-08-17 15:26 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files (x86)\iLok License Manager
2019-08-17 13:45 - 2019-08-18 03:14 - 000000000 ____D C:\Users\Aidan\AppData\Local\D3DSCache
2019-08-17 13:45 - 2019-08-17 13:45 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2762709790-200231504-3683108907-1002
2019-08-17 13:45 - 2019-08-17 13:45 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ___RD C:\Users\Aidan\OneDrive
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\CEF
2019-08-17 13:45 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Local\Adobe
2019-08-17 13:44 - 2019-08-18 01:53 - 000000000 ____D C:\Users\Aidan\AppData\Local\Packages
2019-08-17 13:44 - 2019-08-17 13:46 - 000000000 ____D C:\Users\Aidan\AppData\Local\NVIDIA Corporation
2019-08-17 13:44 - 2019-08-17 13:45 - 000002363 _____ C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan\AppData\Roaming\Adobe
2019-08-17 13:44 - 2019-08-17 13:45 - 000000000 ____D C:\Users\Aidan
2019-08-17 13:44 - 2019-08-17 13:44 - 000001417 _____ C:\Users\Aidan\Desktop\Microsoft Edge.lnk
2019-08-17 13:44 - 2019-08-17 13:44 - 000000258 __RSH C:\Users\Aidan\ntuser.pol
2019-08-17 13:44 - 2019-08-17 13:44 - 000000020 ___SH C:\Users\Aidan\ntuser.ini
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___RD C:\Users\Aidan\3D Objects
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ___HD C:\Users\Aidan\MicrosoftEdgeBackups
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Publishers
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\MicrosoftEdge
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\Google
2019-08-17 13:44 - 2019-08-17 13:44 - 000000000 ____D C:\Users\Aidan\AppData\Local\ConnectedDevicesPlatform
2019-08-17 13:04 - 2019-08-17 13:05 - 000000000 ____D C:\AdwCleaner
2019-08-17 00:42 - 2019-08-17 00:42 - 000000000 ___HD C:\Wlndows
2019-08-16 20:22 - 2019-08-16 20:22 - 000000495 _____ C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files\MSBuild
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-08-16 20:20 - 2019-08-16 20:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-08-16 20:19 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-08-16 20:19 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-08-16 20:19 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-08-15 12:05 - 2019-08-15 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brainworx
2019-08-15 11:10 - 2019-08-17 15:26 - 000000000 ____D C:\Program Files\Softube
2019-08-15 11:09 - 2019-08-17 15:23 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\softubecentral
2019-08-15 11:09 - 2019-08-15 11:09 - 113501032 _____ C:\Users\Plain Sight\Downloads\Softube Installer Helper Installer (64-bit) 2.4.88 r284505.exe
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Softube Central
2019-08-15 11:09 - 2019-08-15 11:09 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\softubecentral-updater
2019-08-14 15:45 - 2019-08-07 22:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 15:45 - 2019-08-07 22:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 15:45 - 2019-08-07 22:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 15:45 - 2019-08-07 22:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 15:45 - 2019-08-07 18:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 18:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 15:45 - 2019-08-07 17:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 15:45 - 2019-08-07 17:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 15:45 - 2019-08-07 17:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 15:45 - 2019-07-09 18:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 15:45 - 2019-07-09 17:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 15:45 - 2019-07-09 17:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 17:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-14 15:45 - 2019-07-09 16:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2019-08-14 15:45 - 2019-07-09 16:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-14 15:45 - 2019-07-09 13:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-14 15:45 - 2019-07-09 13:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 15:45 - 2019-07-09 13:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 15:45 - 2019-07-09 13:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 15:45 - 2019-07-09 12:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-14 15:45 - 2019-07-09 12:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 15:45 - 2019-07-09 12:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 15:45 - 2019-07-09 12:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 15:45 - 2019-07-09 12:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 15:44 - 2019-08-07 23:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-14 15:44 - 2019-08-07 23:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 15:44 - 2019-08-07 23:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 15:44 - 2019-08-07 23:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 15:44 - 2019-08-07 22:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 15:44 - 2019-08-07 22:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 22:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 15:44 - 2019-08-07 22:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 15:44 - 2019-08-07 22:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 15:44 - 2019-08-07 22:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 15:44 - 2019-08-07 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 15:44 - 2019-08-07 22:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 15:44 - 2019-08-07 22:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 15:44 - 2019-08-07 22:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 15:44 - 2019-08-07 19:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 15:44 - 2019-08-07 18:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 15:44 - 2019-08-07 18:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 15:44 - 2019-08-07 18:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 15:44 - 2019-08-07 18:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 15:44 - 2019-08-07 18:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 15:44 - 2019-08-07 18:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 15:44 - 2019-08-07 18:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 15:44 - 2019-08-07 18:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 15:44 - 2019-08-07 18:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 18:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 15:44 - 2019-08-07 17:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 15:44 - 2019-08-07 17:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 15:44 - 2019-08-07 17:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 15:44 - 2019-08-07 17:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 15:44 - 2019-08-07 17:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 15:44 - 2019-08-07 17:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 15:44 - 2019-08-07 17:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 15:44 - 2019-08-07 17:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 15:44 - 2019-08-07 17:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 15:44 - 2019-08-07 17:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 15:44 - 2019-08-07 17:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 15:44 - 2019-08-07 17:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 15:44 - 2019-08-07 17:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 15:44 - 2019-08-07 16:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 15:44 - 2019-07-11 16:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 15:44 - 2019-07-11 11:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 15:44 - 2019-07-09 18:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-14 15:44 - 2019-07-09 18:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 15:44 - 2019-07-09 18:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 15:44 - 2019-07-09 18:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 15:44 - 2019-07-09 18:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 15:44 - 2019-07-09 17:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 15:44 - 2019-07-09 17:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 15:44 - 2019-07-09 17:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-14 15:44 - 2019-07-09 17:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-14 15:44 - 2019-07-09 17:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-14 15:44 - 2019-07-09 17:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 15:44 - 2019-07-09 17:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 15:44 - 2019-07-09 16:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 15:44 - 2019-07-09 16:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 15:44 - 2019-07-09 13:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 15:44 - 2019-07-09 13:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-14 15:44 - 2019-07-09 13:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 15:44 - 2019-07-09 13:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 15:44 - 2019-07-09 13:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 15:44 - 2019-07-09 13:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-14 15:44 - 2019-07-09 13:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 15:44 - 2019-07-09 13:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 15:44 - 2019-07-09 13:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 13:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-14 15:44 - 2019-07-09 13:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-14 15:44 - 2019-07-09 13:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-14 15:44 - 2019-07-09 13:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 15:44 - 2019-07-09 12:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-14 15:44 - 2019-07-09 12:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-14 15:44 - 2019-07-09 12:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 15:44 - 2019-07-09 12:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-14 15:44 - 2019-07-09 12:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 15:44 - 2019-07-09 12:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 15:44 - 2019-07-09 12:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-14 15:44 - 2019-07-09 12:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-14 15:44 - 2019-07-09 12:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 15:44 - 2019-07-09 12:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 15:44 - 2019-07-09 12:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 15:44 - 2019-07-09 12:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 15:44 - 2019-06-20 12:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-03 12:05 - 2019-08-19 00:28 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000552144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000456912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-07-24 21:22 - 2019-07-19 05:15 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-07-24 21:22 - 2019-07-19 05:14 - 011059408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:14 - 009492680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 040411904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 035269568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 020193184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 017470416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 005426104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 004767912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 002042272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001721816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001543824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001472600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001468320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443160.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001164376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 001136024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000914520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000822016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000810912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000677256 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000633488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000543944 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-07-24 21:22 - 2019-07-19 05:13 - 000523920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-07-24 21:22 - 2019-07-19 02:11 - 004342528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-20 00:39 - 2018-05-31 18:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-20 00:39 - 2018-05-31 18:07 - 000000000 ____D C:\Users\Plain Sight
2019-08-20 00:39 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-20 00:38 - 2018-05-17 10:43 - 000000000 ____D C:\ProgramData\Adobe
2019-08-20 00:38 - 2018-05-17 10:43 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-08-20 00:38 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-20 00:37 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-20 00:37 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-20 00:36 - 2018-08-02 10:07 - 000000000 ___RD C:\Users\Plain Sight\Creative Cloud Files
2019-08-20 00:36 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-20 00:36 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-20 00:36 - 2018-02-14 14:41 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Packages
2019-08-20 00:35 - 2019-01-12 12:54 - 000003268 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2019-08-20 00:35 - 2018-05-17 10:40 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Adobe
2019-08-20 00:28 - 2018-09-08 11:14 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\MeldaProduction
2019-08-20 00:27 - 2018-09-08 11:14 - 000000000 ____D C:\ProgramData\MeldaProduction
2019-08-20 00:25 - 2018-09-12 10:55 - 000000000 ___RD C:\Program Files\Native Instruments
2019-08-20 00:24 - 2019-02-27 14:36 - 000000000 ____D C:\Program Files\Plugin Alliance
2019-08-20 00:24 - 2018-09-12 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-08-20 00:23 - 2018-09-08 11:20 - 000000000 ____D C:\ProgramData\Camel Audio
2019-08-20 00:23 - 2018-09-08 11:20 - 000000000 ____D C:\Program Files\Camel Audio
2019-08-20 00:23 - 2018-09-08 10:54 - 000000000 ____D C:\ProgramData\ValhallaRoom
2019-08-20 00:23 - 2018-05-11 11:25 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2019-08-20 00:17 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-20 00:06 - 2018-05-31 18:11 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3C9A9257-B820-4A09-9A5E-F2402A6001C9}
2019-08-20 00:03 - 2018-05-31 18:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-19 17:46 - 2018-05-31 18:14 - 000774004 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-19 17:46 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-19 17:09 - 2018-02-14 15:36 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\CrashDumps
2019-08-19 17:04 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-19 12:46 - 2018-09-12 10:28 - 000000000 ___RD C:\Program Files\Common Files\Native Instruments
2019-08-19 12:27 - 2018-02-14 18:10 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-19 12:25 - 2019-03-01 11:53 - 000000008 __RSH C:\Users\Plain Sight\ntuser.pol
2019-08-19 12:24 - 2018-09-13 10:44 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-08-19 11:38 - 2017-09-29 23:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-08-19 00:53 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-19 00:41 - 2018-12-07 12:16 - 000000000 ____D C:\Program Files\Microsoft Office
2019-08-19 00:40 - 2018-04-12 09:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-18 19:17 - 2018-05-17 11:06 - 000000000 ___DC C:\WINDOWS\Panther
2019-08-18 16:28 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA Corporation
2019-08-18 04:10 - 2018-02-14 15:21 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-18 02:16 - 2018-06-14 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-18 02:16 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-18 02:09 - 2018-06-14 20:48 - 000000000 ____D C:\ProgramData\Packages
2019-08-18 01:22 - 2018-09-08 10:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Azureus
2019-08-17 15:27 - 2019-01-11 20:35 - 000000000 ____D C:\Users\Public\Documents\Softube
2019-08-17 15:26 - 2019-04-11 21:02 - 000033544 _____ C:\WINDOWS\system32\Drivers\iLokDrvr.sys
2019-08-17 15:26 - 2018-03-20 09:09 - 000000000 ____D C:\Program Files\Common Files\VST3
2019-08-17 15:26 - 2018-02-14 17:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-17 13:44 - 2018-02-14 14:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-17 12:30 - 2019-01-10 14:50 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\Spotify
2019-08-17 11:55 - 2019-01-10 14:49 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Spotify
2019-08-17 03:08 - 2018-02-14 18:00 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Splice
2019-08-17 03:08 - 2018-02-14 16:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\SpliceSettings
2019-08-17 00:54 - 2018-02-14 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-08-16 23:16 - 2018-10-19 11:38 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\PioneerLog
2019-08-16 22:23 - 2018-02-14 16:10 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Xfer
2019-08-15 17:47 - 2018-06-13 10:30 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\D3DSCache
2019-08-15 12:03 - 2019-03-28 10:42 - 000000000 ____D C:\Program Files\Common Files\Plugin Alliance
2019-08-15 10:47 - 2019-05-02 14:38 - 000000000 ____D C:\ProgramData\Celemony Software GmbH
2019-08-15 10:46 - 2018-05-17 10:47 - 000000000 ____D C:\Program Files\Adobe
2019-08-14 21:12 - 2018-05-31 18:05 - 000277696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 21:12 - 2018-02-14 14:41 - 000000000 ___RD C:\Users\Plain Sight\3D Objects
2019-08-14 21:11 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-14 21:11 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 20:13 - 2019-07-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\.minecraft
2019-08-14 15:46 - 2018-04-12 09:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 15:44 - 2018-02-14 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-13 22:28 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-12 13:21 - 2018-06-13 10:52 - 000000000 ___RD C:\Users\Plain Sight\plainsightdj@gmail.com Creative Cloud Files
2019-08-11 17:52 - 2018-03-23 14:56 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\ElevatedDiagnostics
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\Documents\FabFilter
2019-08-09 12:16 - 2018-05-01 12:33 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\FabFilter
2019-08-09 12:14 - 2018-09-17 12:56 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2019-08-09 11:45 - 2018-06-01 11:32 - 000000000 ____D C:\Program Files\Vstplugins
2019-08-02 20:59 - 2018-11-16 15:17 - 000000000 ____D C:\Program Files\rempl
2019-07-30 12:08 - 2019-06-08 16:57 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2019-07-30 12:04 - 2018-10-19 11:26 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2019-07-30 12:03 - 2018-10-19 11:26 - 000000529 _____ C:\Users\Plain Sight\Desktop\rekordbox_x64.lnk
2019-07-30 12:02 - 2018-02-14 15:31 - 000000000 ____D C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-07-26 09:36 - 2018-02-26 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-25 11:10 - 2018-02-14 15:13 - 000000000 ____D C:\Users\Plain Sight\AppData\Local\NVIDIA
2019-07-23 15:22 - 2018-02-14 14:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-23 11:46 - 2018-10-01 18:24 - 000000000 ____D C:\Program Files (x86)\Origin

==================== Files in the root of some directories ================

2019-01-08 16:56 - 2016-12-14 23:17 - 000003584 _____ () C:\Users\Plain Sight\Synplant.32.dll
2018-05-09 12:38 - 2018-05-09 12:38 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-05-09 12:38 - 2018-05-09 12:38 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-07-19 14:31 - 2019-07-19 14:31 - 000000038 ___SH () C:\Users\Plain Sight\AppData\Local\6eebc2b1598089f38a4759.67408981
2018-02-14 18:07 - 2018-02-14 18:07 - 000000291 _____ () C:\Users\Plain Sight\AppData\Local\ledConfiguration.config
2018-09-25 10:01 - 2018-09-25 10:01 - 000000000 _____ () C:\Users\Plain Sight\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Plain Sight (20-08-2019 00:41:21)
Running from C:\Users\Plain Sight\Desktop
Windows 10 Pro Version 1803 17134.950 (X64) (2018-05-31 08:11:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2762709790-200231504-3683108907-500 - Administrator - Disabled)
Aidan (S-1-5-21-2762709790-200231504-3683108907-1002 - Limited - Enabled) => C:\Users\Aidan
DefaultAccount (S-1-5-21-2762709790-200231504-3683108907-503 - Limited - Disabled)
Guest (S-1-5-21-2762709790-200231504-3683108907-501 - Limited - Disabled)
Plain Sight (S-1-5-21-2762709790-200231504-3683108907-1001 - Administrator - Enabled) => C:\Users\Plain Sight
WDAGUtilityAccount (S-1-5-21-2762709790-200231504-3683108907-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brainworx Plugins Bundle (HKLM\...\Brainworx Plugins Bundle_is1) (Version: 2.0.0 - Brainworx)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.21.0 - Piriform Software) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Endless Smile 1.0.0 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Endless Smile) (Version: 1.0.0 - Dada Life)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FXpansion DCAMFreeComp (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\FXpansion DCAMFreeComp) (Version: 1.0.1.7 - FXpansion Audio UK Ltd)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.15.306 - SurfRight B.V.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
KClip3 (HKLM\...\KClip3 3.1.3) (Version: 3.1.3 - Kazrog Inc)
Kick 2 version 1.1.1 (HKLM\...\Kick 2_is1) (Version: 1.1.1 - Sonic Academy)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.0.2 - Hermann Schinagl)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Massive (HKLM\...\Massive_is1) (Version: 1.5.5 - Native Instruments & Team V.R)
MeldaProduction Audio Plugins 12 (HKLM-x32\...\MeldaProduction Audio Plugins 12) (Version:  - MeldaProduction)
Melodyne 3.2 (HKLM-x32\...\{2E337869-756A-4E46-A936-0E67FE043A5E}) (Version: 3.2.0202 - Celemony Software GmbH) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang)
Mixed in Key (HKLM-x32\...\{F3A4E720-26AE-4EA0-BBCC-9480EAE753EC}) (Version: 8.0.2325.0 - Mixed In Key LLC) Hidden
Mixed In Key 8 (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\{85c3a10f-312f-40ef-b9ae-21bdd4e92f16}) (Version: 8.0.2325.0 - Mixed In Key LLC)
Mp3tag v2.86 (HKLM-x32\...\Mp3tag) (Version: 2.86 - Florian Heidenreich)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Graphics Driver 431.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 431.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Ozone Imager (HKLM-x32\...\Ozone Imager) (Version: 1.00 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{52F54766-2321-4841-A523-CA0C8261E26D}) (Version: 5.0.3.2569 - PACE Anti-Piracy, Inc.)
Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 5.6.0.0017 - Pioneer DJ Corporation.)
rekordbox 5.6.0 64bit (HKLM\...\Pioneer rekordbox 5.6.0) (Version: 5.6.0.0017 - Pioneer DJ)
RODE-AI-1-ASIO (HKLM\...\{E54CEBF0-1B4F-4793-841F-C1ABA9F46188}) (Version: 1.1.0 - RØDE Microphones)
Softube Installer Helper (HKLM\...\Softube Installer Helper) (Version: 2.4.88 - Softube AB)
Softube Saturation Knob (HKLM\...\Softube Saturation Knob) (Version: 2.4.83 - Softube AB)
Splice (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\splice) (Version: 3.5.41 - Distributed Creation, Inc.)
Spotify (HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\Spotify) (Version: 1.1.12.451.gdb77255f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sylenth1 v3.041 (HKLM\...\Sylenth1v3_is1) (Version:  - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.51.77.1020 - Electronic Arts Inc.)
TP-Link TL-WN881ND Driver (HKLM-x32\...\{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 2.1.0 - TP-Link)
Trash version 2.0.5 (HKLM-x32\...\{4C809F87-3910-4E10-BEF2-F3C6FEA94E2E}_is1) (Version: 2.0.5 - iZotope)
True Iron (HKLM\...\True Iron 1.2.5) (Version: 1.2.5 - Kazrog Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
ValhallaRoom version 1.5.1 (HKLM-x32\...\{A17C42DB-BF2C-4AEC-8B57-C2C3EF052902}_is1) (Version: 1.5.1 - Valhalla DSP, LLC)
Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 3.1 - Voxengo)
Voxengo Tube Amp (HKLM\...\Voxengo Tube Amp_is1) (Version: 2.5 - Voxengo)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
Youlean Loudness Meter 2 version V2.2.3 (HKLM-x32\...\{57AC2129-BA28-47CC-ACC8-BDCE413849DF}_is1) (Version: V2.2.3 - Youlean)

Packages:
=========
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-25] (Apple Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2018-12-28] (Hermann Schinagl -> Hermann Schinagl) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Plain Sight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-15 11:33 - 2019-08-19 11:38 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2019-01-08 14:53 - 2019-01-12 02:09 - 000000627 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

168.137.173 Mitchs-MBP.mshome.net # 2019 1 2 15 5 4 24 911

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;%INTEL_DEV_REDIST%redist\ia32\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\Control Panel\Desktop\\Wallpaper -> D:\Nikon D3400 Photos\Edited\DSC-0098.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: mracsvc => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WindscribeService => 2
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2762709790-200231504-3683108907-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B96986E2-D77C-4673-9378-CBCC13AD94CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{172CDB18-9349-47CE-8557-D6A2A388AC6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CFE5DEA7-3D47-4F94-82CD-69B0C27ADC80}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{10C66A5A-92B3-439B-8A12-1961A1F8EE8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F263765F-6A3D-40A8-AC04-A93836C95036}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A7D36B6C-26A2-4458-8CD2-7EFB41D30E03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{230698CE-2A07-433B-AD58-8A59DEF58423}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7AC482F0-B09C-46A3-B37F-25FE20FC9748}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6877EE3D-4300-4F02-8EC3-9C5AED80B992}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{56276421-E310-416D-9081-FAC5E188F7FF}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4F9066EC-A4A9-4B0F-AD30-B6CFF55BD7B7}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{78D8A76D-428F-40FC-A15A-30F13F78D4A2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{FA112521-A55B-4DF5-8169-1016DF1B2C8A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{546676CD-F39D-4217-82E9-B5ED2D8B8562}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{10864890-700A-4AE1-9F6C-7B84D73F32E4}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{3C6DC639-CC62-4C17-ACDF-54EA74BCF678}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{0CF87D95-BE64-4D86-B6DD-1B131DAABEE6}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [TCP Query User{064EB254-FCFF-459C-8547-E36BF8D13F51}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B602DDF4-1C0F-495A-88CA-7A14711209CA}C:\users\plain sight\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\plain sight\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9C27E1CF-E117-42A2-A215-E0CC0D94D3B7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{67986985-E649-4E48-B21C-3E69BC76C59A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{EC09E49B-2132-4F71-92D1-BB5902CC4D3F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0D1C58CA-8C0D-402C-979F-89E5CC71DE7F}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0C23D427-363A-4F08-B737-AC247A0A34EE}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{760CB771-65BA-4AD4-82EA-3540D1924A9E}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{D8368532-0696-4614-9BF9-3F992C867F9D}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{08DBD07D-B52F-4771-B32E-4918CB5DF76A}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{DEFA1A3B-1F57-4B09-A424-9DE3B524DC85}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [{558C9C11-C174-40C6-B785-B12371A9751E}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{3A4035DB-10E1-4455-8618-9446BDD588F1}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{915CD90C-8EC4-4993-8B65-6E5404A3E13D}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> )
FirewallRules: [{428037CC-F7F7-4D69-A0F2-120EFA02DD65}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> )
FirewallRules: [{A842348A-76D5-4D11-B480-4495BEBFA9C3}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> )
FirewallRules: [{73EB4E2E-556A-4C2D-888B-1405F75177D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B29DC937-137C-42CE-B6B8-5457DDE72C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C0F8171-80C8-4625-BB93-048160AE132C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2ADC41FE-990B-45DD-A0B4-30A939780D83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{2961FE0F-9EA3-4194-8513-62DBA1CBCC3A}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{FF222A3A-AF5E-413E-9853-97C4D0EA9CFC}D:\games\runtime\jre-x64\bin\javaw.exe] => (Block) D:\games\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{8D74A5D2-F7E2-401A-9ECD-E37DEAABF361}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84BD169C-1027-4F6B-841C-97D0A292B49A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{768F9EA5-6FC2-493F-8D66-79560B7BB6D2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6C8C5A9B-BD32-4C2A-BDDA-70D8FD1703BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{861A613E-B2DC-42C0-B47E-DCB5599CD4B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B146E6CD-F2C0-4F7B-A632-DB2B6962C937}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7F06B1B-C9E0-4908-A1A6-75159D83A0AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{78C59764-B639-41EE-9A0A-201E617F0D87}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFD255BB-15E1-4BEE-9B6C-C3C38B0FB08C}] => (Allow) D:\Music Production\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [{C3931EE7-A974-4BC6-898B-20EE2ECBB3F1}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{A4A6B655-4C97-422E-B343-E990C3C0F2CA}] => (Allow) D:\Music Production\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [{6BF22A09-E365-4058-9527-1B251D8B5A92}] => (Allow) D:\Music Production\rekordbox 5.6.0\edb_streamd.exe (Pioneer DJ Corporation -> )
FirewallRules: [{C97DAE21-F8B6-4717-A590-8676060D7A88}] => (Allow) D:\Music Production\rekordbox 5.6.0\ls-unity-rekordbox-win-64bit.exe (Pioneer DJ Corporation -> )
FirewallRules: [{272D851C-D5D7-44CA-A77C-32E8AA0E47D8}] => (Allow) D:\Music Production\rekordbox 5.6.0\rbHttpServer.exe (Pioneer DJ Corporation -> )

==================== Restore Points =========================

18-08-2019 17:12:57 Windows Update
19-08-2019 12:37:04 Removed Melodyne Runtime 4.1 (x64)
19-08-2019 12:37:46 Removed Melodyne Runtime 4.1 (x64)
19-08-2019 12:39:12 Removed Melodyne Runtime 4.1 (x64)
19-08-2019 12:44:37 Removed Melodyne Runtime 4.1 (x64)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2019 12:39:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.17134.753 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 8b0

Start Time: 01d5569be9baf54f

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: ffbd27c5-8925-4cd9-8152-8f23a52bd491

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (08/19/2019 05:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 10 Suite.exe, version: 1.0.0.1, time stamp: 0x5a63f107
Faulting module name: ntdll.dll, version: 10.0.17134.799, time stamp: 0x7f828745
Exception code: 0xc0000026
Fault offset: 0x000000000009a458
Faulting process id: 0x247c
Faulting application start time: 0x01d5565cfc992958
Faulting application path: E:\Daw\Program\Ableton Live 10 Suite.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: b1c0d657-3574-4b68-abeb-37602036b250
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/19/2019 01:22:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17134.915 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2318

Start Time: 01d5563c45073cea

Termination Time: 9

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 55bf14d3-904a-4a6f-a2c8-1b5143bfc319

Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (08/19/2019 12:29:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/19/2019 11:38:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/19/2019 11:37:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {027aca1a-a02a-41af-b5eb-078a0805e9bf}

Error: (08/19/2019 12:20:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Exception code: 0xc0000005
Fault offset: 0x000000000006822e
Faulting process id: 0x26e0
Faulting application start time: 0x01d555d00df4fec9
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 756a2a4d-624d-474d-9910-c24c390ad84c
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/19/2019 12:16:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Faulting module name: Taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
Exception code: 0xc0000005
Fault offset: 0x000000000006822e
Faulting process id: 0x2828
Faulting application start time: 0x01d555cf88d01ffe
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: b196ded3-07dd-44b6-8cd1-0f37353bf794
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (08/20/2019 12:41:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/20/2019 12:41:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/20/2019 12:39:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (08/19/2019 07:12:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc1900130: Feature update to Windows 10, version 1903.

Error: (08/19/2019 12:44:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2019 12:44:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2019 12:44:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (08/19/2019 12:25:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-08-19 11:35:40.014
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0
Name: Trojan:VBS/Mountsi.A!ml
ID: 2147726485
Severity: Severe
Category: Trojan
Path: amsi:_C:\Windows\System32\wscript.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\wscript.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 01:02:47.677
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0
Name: Trojan:VBS/Mountsi.A!ml
ID: 2147726485
Severity: Severe
Category: Trojan
Path: amsi:_C:\Windows\System32\wscript.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\wscript.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 01:00:40.203
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Mountsi.A!ml&threatid=2147726485&enterprise=0
Name: Trojan:VBS/Mountsi.A!ml
ID: 2147726485
Severity: Severe
Category: Trojan
Path: amsi:_C:\Windows\System32\wscript.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\wscript.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 00:54:26.047
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Generic.SV!ml&threatid=2147739306&enterprise=0
Name: Behavior:Win32/Generic.SV!ml
ID: 2147739306
Severity: Severe
Category: Suspicious Behavior
Path: file:_C:\Wlndows\system32\CPU64.exe; regkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64; runkey:_HKCU@S-1-5-21-2762709790-200231504-3683108907-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CPU64
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 00:53:55.959
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Wlndows\system32\Desktop-64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Signature Version: AV: 1.299.2303.0, AS: 1.299.2303.0, NIS: 1.299.2303.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-19 00:27:56.986
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.299.2303.0
Previous Signature Version: 1.299.2298.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.16200.1
Previous Engine Version: 1.1.16200.1
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2019-08-19 00:27:56.986
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.299.2303.0
Previous Signature Version: 1.299.2298.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.16200.1
Previous Engine Version: 1.1.16200.1
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2019-08-18 17:37:12.196
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.299.2296.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16200.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 

Date: 2019-08-18 17:27:08.388
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-08-18 03:09:39.230
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2019-08-19 23:53:07.362
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-19 23:52:47.867
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-19 23:52:35.985
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-19 22:53:15.009
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-19 22:52:57.027
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-19 22:52:44.208
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-08-18 03:58:19.662
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-08-18 03:58:19.404
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Plain Sight\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro_x64 (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F8 09/01/2017
Motherboard: Gigabyte Technology Co., Ltd. AX370-Gaming 5
Processor: AMD Ryzen 7 1700 Eight-Core Processor 
Percentage of memory in use: 14%
Total physical RAM: 16332.45 MB
Available physical RAM: 13893.7 MB
Total Virtual: 18764.45 MB
Available Virtual: 15400.54 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:446.53 GB) (Free:330.02 GB) NTFS
Drive d: (New Space) (Fixed) (Total:931.51 GB) (Free:682.72 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:111.19 GB) (Free:46.84 GB) NTFS

\\?\Volume{a32efc1d-78c8-4d69-9554-243a67203579}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{2bc682b4-f735-407c-8e26-a64599b677ed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{bf261472-0e6a-4017-a399-46a6853c0063}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{5e21c628-89f4-43b7-9300-7e1a0d43cbbb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: DBE17137)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2AD450F8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Share this post


Link to post
Share on other sites
Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)"

At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /CheckHealth then hit the enter key. What results do you get..?

Thanks,
 
Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Plain Sight (20-08-2019 11:21:26) Run:2
Running from C:\Users\Plain Sight\Desktop
Loaded Profiles: Plain Sight (Available Profiles: Plain Sight & Aidan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
C:\Program Files (x86)\Common Files\Adobe
Task: {B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe
Task: {6E20ADC6-F3E8-4304-A783-D924A3134966} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
C:\Users\Aidan\AppData\Local\Adobe
C:\Users\Aidan\AppData\Roaming\Adobe
C:\ProgramData\Adobe
C:\Users\Plain Sight\AppData\Local\Adobe
C:\Program Files\Adobe
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => removed successfully
C:\Program Files (x86)\Common Files\Adobe => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
C:\WINDOWS\System32\Tasks\Adobe Uninstaller => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied.
C:\Program Files (x86)\Adobe => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied.
C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Adobe Uninstaller" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied.
4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\AGSService => removed successfully
AGSService => service removed successfully
C:\Users\Aidan\AppData\Local\Adobe => moved successfully
C:\Users\Aidan\AppData\Roaming\Adobe => moved successfully
C:\ProgramData\Adobe => moved successfully
C:\Users\Plain Sight\AppData\Local\Adobe => moved successfully
C:\Program Files\Adobe => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc => removed successfully
HKLM\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeUpdateService => removed successfully
HKLM\System\CurrentControlSet\Services\AdobeUpdateService => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeGCInvoker-1.0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Adobe Creative Cloud" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Creative Cloud" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8496431 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 75349 B
Edge => 28616702 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 6306 B
NetworkService => 0 B
Plain Sight => 15317087 B
Aidan => 0 B

RecycleBin => 12353 B
EmptyTemp: => 60.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-08-2019 12:12:35)


Result of scheduled keys to remove after reboot:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E20ADC6-F3E8-4304-A783-D924A3134966} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0-DESKTOP-OTIH9CI-Plain Sight => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D761B8-FA5A-44CD-B2E4-2A6038A01D30} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller => could not remove. Access Denied.

==== End of Fixlog 12:12:35 ====

 

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Image Version: 10.0.17134.950

The component store is repairable.
The operation completed successfully.

Share this post


Link to post
Share on other sites

Thanks for those logs, continue:

Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)"

At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /ScanHealth then hit the enter key. What results do you get..?

Thanks....

Share this post


Link to post
Share on other sites

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Image Version: 10.0.17134.950

[==========================100.0%==========================] The component store is repairable.
The operation completed successfully.

Share this post


Link to post
Share on other sites

Select the Windows key and X key together, from the winx menu select "Command Prompt (Admin)"

At the prompt type or copy/paste :- DISM /Online /Cleanup-Image /RestoreHealth then hit the enter key.

This option can take an extended time to run, it also may seem stuck at certain times when affecting a repair. Please be patient and allow the tool time to finish.

If a repair is not possible it will report that outcome..

What results do you get..?

Thanks,

Share this post


Link to post
Share on other sites

Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Image Version: 10.0.17134.950

[===========================75.9%============              ]
Error: 0x800f081f

The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

Share this post


Link to post
Share on other sites
Posted (edited)

Can you post the DISM log from the latest run, C:\WINDOWS\Logs\DISM\dism.log copy to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

Next,

Select the Windows key and X Key together. From the produced list select::

Command Promt (Admin)

At the Command prompt, type

SFC /SCANNOW

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

 

Edited by kevinf80
added extra instruction

Share this post


Link to post
Share on other sites

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Users\Plain Sight>
 

dism.zip CBS.zip

Share this post


Link to post
Share on other sites
Posted (edited)

Hello aidan05,

There are issues showing in the DISm log, at present a fix is not available via that route..  Go to Option 1 of the following link, try step 6 to make a fix...

If we cannot make a fix that way then either system refresh or reset is the only options left...

Edited by kevinf80

Share this post


Link to post
Share on other sites

Hey,

I ended up doing a system reset and the computer is running perfectly now.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.