Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans and Coin Miners Have Taken Over

Started by BMiles , Nov 30 2020 02:21 PM

  • Please log in to reply

#1
BMiles
Posted 30 November 2020 - 02:21 PM

BMiles

    Member

  • Member
  • PipPip
  • 30 posts

Hello Geeks

 

Yesterday I was made aware of a breach to my Amazon account and in trying to fix the issue, I also discovered my email had been too - rules had been set to automatically put any Amazon emails into the archive so that I wouldnt see them making their purchases. Too bad for them Amazon detected the suspicious activity right away and shut them down. I quickly removed all the devices that were logged into said email and changed my password on a non-infected device. Hopefully that solves that issue.

 

I had recently changed my email password on my pc, so I ran a few scans and wouldn't you know it, I've got a bunch of trojans and coin miners (among others) and more keep adding on - my bf decided try to find himself keygens for his DJ software... :bashhead: . I've scanned using Windows Defender, Dr. Web Cureit, and Malwarebytes each coming up with several infections scattering my pc. I did attempt to run them in safe mode with networking to no avail as it appears my network adaptor drivers do not support that.

 

I'd really like some assitance in getting these off of my pc. I have provided the FRST texts for your reading pleasure. Your help will be most appreciated, hope to hear from one of you soon!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2020
Ran by BevPC (administrator) on DESKTOP-HALUPV1 (ASUSTeK COMPUTER INC. GL752VW) (30-11-2020 14:02:59)
Running from C:\Users\BevPC\Desktop
Loaded Profiles: BevPC
Platform: Windows 10 Home Version 1909 18363.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Conexant Systems LLC -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\9i8Gy94oJsJ0.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\Fk2FyKaU.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\zAQjfYLkX.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\Desktop\gmf715m4.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\DriverStore\FileRepository\x40plmwa.inf_amd64_ebba65282f89f8eb\ICEsoundService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel® Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe
(Intel® Trusted Connect Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [604496 2017-11-24] (Conexant Systems LLC -> Conexant Systems, Inc.)
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\Run: [loopMIDI] => C:\Program Files (x86)\Tobias Erichsen\loopMIDI\loopMIDI.exe [5516048 2019-12-14] (Tobias Erichsen -> Tobias Erichsen)
HKLM\...\Windows x64\Print Processors\Canon TS5000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDF.DLL [30720 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\KOAXYA_P: C:\Windows\System32\spool\prtprocs\x64\KOAXYA_P.DLL [50688 2017-04-16] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\C368SeriesPS Language Monitor: C:\Windows\system32\KOAXYA_L.DLL [25600 2017-04-16] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)
Startup: C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A02DD6B-DFD7-49B6-9210-AA65B2534C3B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0B7DF887-2F15-4ADB-B433-701F4CF45D74} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {0BB71945-E115-4803-AE23-EEE42DEBDF90} - System32\Tasks\WpsExternal_20161117083023 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: {0D9766CF-B649-4DA1-8FB1-F3B890BC6FB4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1457E9E1-E4AC-463D-9352-FF79E883CD63} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1491E83A-B534-4873-96DA-572E510BD1C8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1ED735F7-59D3-4E16-99DC-4A8F5817FA6F} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-12-18] (ASUSTeK Computer Inc. -> AsusTek)
Task: {209FF29D-9451-4C00-9D4F-2443B3EB416F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {221175CE-7FC1-44F2-8C44-9CEFEDDA44B3} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {2C0D377D-C971-4B78-9C1A-891011A3347D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {39B60C32-80AB-4262-B5F9-0F89352F8769} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E3E25FE-FA55-494D-8D55-263628B4A6DE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49795CB5-EAB4-4EDA-B50A-1969C6FC18E1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1526680 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4ABE3CC4-479E-4ACE-8A87-4EF99A75FDAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CAB86E8-B0E4-4C05-A7C4-F95DAE0CA801} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D672CD7-C3B3-4D39-AA3A-0F5C21AD0665} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FE2DD07-0283-4BB9-84D2-95B991099550} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52889152-8239-4D15-A69E-8A6161535A0F} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {67DEF075-04B6-4DAF-8EBB-7EA98D3D08CD} - System32\Tasks\GoogleUpdateTaskMachineUA1d6a4151755c76d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {78E83B8C-DE2B-4889-B8B4-326A37F4AA6F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {7BBEEC5F-B244-41A1-B8D3-31A5E5FEF6FC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7EBF0AD2-6F56-488D-9124-C4F54995480E} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {8BC0E8E9-8C27-4A09-BF54-7FD44928066C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BE34C02-CD38-48CD-8D3E-B2DB47E33B70} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe [1823232 2016-07-05] (Conexant Systems, Inc.) [File not signed]
Task: {9A8E9FE5-4490-4B46-8DB1-7878980DBDAF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9D307563-4C0B-4D95-9DB1-7961A8EEE8B1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FA4B859-6F64-406A-8740-7EAE3EF7F373} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A2574646-3D9C-43E8-9BB0-2B0CB0FBE805} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AAFC8E08-8B47-432A-9033-16DA54756031} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AF76E189-6F45-4572-9859-B90A066B5904} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B485E125-CA9B-4373-ABDF-8DEFA2240013} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7685808 2018-05-07] (Piriform Ltd -> Piriform Ltd)
Task: {C0C866DD-6452-4FB2-8CE2-A5E94BC44379} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C44C6F06-E183-4686-BEB3-DC13F88326D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C554D50C-4548-49BF-A0BC-ED20B4E5A744} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54784 2015-12-02] (ASUS) [File not signed]
Task: {C6021BE5-FADC-4872-9173-8F940A103A5F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C9334FC6-370D-46A7-A3DA-79129434E60C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CACF0392-F900-4C2D-9E08-EA1D3A5E194F} - System32\Tasks\GoogleUpdateTaskMachineCore1d6a415172add51 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {CE22A534-BB97-420D-AF2C-635A804382A8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [File not signed]
Task: {D42368BF-08B6-45AF-A397-6F0DDD81D9A9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC22DA76-FDF6-48B0-92A7-B146ED615EB4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF046283-A8C7-4C1F-95F9-294FAEB0B204} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161117083023.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0f538025-0c73-47d0-a614-4f8a1de0e904}: [DhcpNameServer] 206.248.154.22 206.248.154.170
Tcpip\..\Interfaces\{9430795c-fda5-4109-b6b7-0c6ce2fe1d0e}: [DhcpNameServer] 192.168.0.1
 
Edge: 
======
Edge Profile: C:\Users\BevPC\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-19]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-18] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default [2020-11-30]
CHR Notifications: Default -> hxxps://watch-video.net
CHR HomePage: Default -> hxxp://google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Extension: (Slides) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-02]
CHR Extension: (YouTube) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-17]
CHR Extension: (Adobe Acrobat) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-10-17]
CHR Extension: (Sheets) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
CHR Extension: (Gmail) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-17]
CHR Extension: (Skype Calling) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2017-09-13]
CHR Profile: C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-30] (Malwarebytes Inc -> Malwarebytes)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661368 2017-07-25] (TechSmith Corporation -> TechSmith Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SystemServices; C:\Program Files\qemu\SystemServices.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 a8djavs; C:\WINDOWS\System32\Drivers\a8djavs.sys [359784 2012-12-18] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 a8djavs_x64; C:\WINDOWS\System32\Drivers\a8djavs_x64.sys [44560 2008-12-09] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 a8djusb_svc; C:\WINDOWS\System32\Drivers\a8djusb.sys [100712 2012-12-18] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 a8djusb_x64; C:\WINDOWS\System32\Drivers\a8djusb_x64.sys [233488 2008-12-09] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 asiovadpro; C:\WINDOWS\system32\DRIVERS\asiovadpro.sys [42984 2016-08-28] (John Shield -> John Shield/O Deus Audio)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-12-18] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R1 gfdriver; C:\WINDOWS\System32\drivers\gfdriver.sys [51904 2015-01-14] (TITAN ARC CORP. TAIWAN BRANCH (SAMOA) -> Titan ARC Corp.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-11-30] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [51904 2015-01-14] (TITAN ARC CORP. TAIWAN BRANCH (SAMOA) -> Titan ARC Corp.)
S3 RDID1144; C:\WINDOWS\system32\Drivers\RDWM1144.SYS [242432 2015-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Roland Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 teVirtualMIDI64; C:\WINDOWS\System32\drivers\teVirtualMIDI64.sys [53120 2019-12-07] (Tobias Erichsen -> Tobias Erichsen)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz149; \??\C:\Users\BevPC\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-30 14:02 - 2020-11-30 14:03 - 000028891 _____ C:\Users\BevPC\Desktop\FRST.txt
2020-11-30 14:02 - 2020-11-30 14:03 - 000000000 ____D C:\FRST
2020-11-30 13:59 - 2020-11-30 13:59 - 002290176 _____ (Farbar) C:\Users\BevPC\Desktop\FRST64.exe
2020-11-30 12:47 - 2020-11-30 12:47 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-11-30 12:47 - 2020-11-30 12:47 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-11-30 12:47 - 2020-11-30 12:47 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-11-30 12:47 - 2020-11-30 12:47 - 000000000 ____D C:\Users\BevPC\AppData\LocalLow\IGDump
2020-11-30 09:52 - 2020-11-30 09:52 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-11-30 09:31 - 2020-11-30 09:32 - 234940200 _____ C:\Users\BevPC\Desktop\gmf715m4.exe
2020-11-30 07:32 - 2020-11-30 07:48 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\com.spitfireaudio
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Sampleson
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\Users\BevPC\AppData\Local\Roland Cloud
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\ProgramData\Documents\NI Resources
2020-11-30 07:29 - 2020-11-30 07:45 - 000000000 ____D C:\Users\BevPC\Documents\Max 8
2020-11-30 07:29 - 2020-11-30 07:29 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Cycling '74
2020-11-30 07:29 - 2020-11-30 07:29 - 000000000 ____D C:\ProgramData\Max 8
2020-11-30 07:23 - 2020-11-30 07:23 - 000057085 _____ C:\Users\BevPC\Desktop\Authorize.auz
2020-11-30 07:15 - 2020-11-30 07:15 - 000000000 ____D C:\Users\BevPC\AppData\Local\Ableton
2020-11-30 07:15 - 2020-11-30 07:15 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2020-11-30 07:01 - 2020-11-30 07:01 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\IntelTools
2020-11-30 07:00 - 2020-11-30 07:00 - 000002647 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk
2020-11-30 07:00 - 2020-11-30 07:00 - 000001155 _____ C:\Users\Public\Desktop\Ableton Live 10 Suite.lnk
2020-11-30 07:00 - 2020-11-30 07:00 - 000001155 _____ C:\ProgramData\Desktop\Ableton Live 10 Suite.lnk
2020-11-30 06:54 - 2019-07-20 04:43 - 000000000 ____D C:\Users\BevPC\Downloads\Ableton.Live.Suite.10.1.Multilingual.x64.WIN
2020-11-30 06:41 - 2020-11-30 06:49 - 2020133181 _____ C:\Users\BevPC\Downloads\Ableton.Live.Suite.10.1.Multilingual.x64.WIN.rar
2020-11-30 06:25 - 2020-11-30 06:25 - 000003384 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b1e85a34269
2020-11-29 15:10 - 2020-11-29 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite Saffire PRO
2020-11-29 15:10 - 2020-11-29 15:10 - 000000000 ____D C:\Program Files (x86)\Focusrite Saffire PRO
2020-11-29 15:10 - 2007-03-13 11:58 - 000009728 _____ (Focusrite Audio Engineering Ltd.) C:\WINDOWS\system32\ffSaffirePro_coinst.dll
2020-11-25 13:10 - 2020-11-25 13:10 - 007370014 _____ C:\Users\BevPC\Downloads\USB_Burning_Tool_v2.0.8_x86.rar
2020-11-25 13:07 - 2020-11-25 16:41 - 653257722 _____ C:\Users\BevPC\Downloads\QBOX_905_216_QB0006.rar
2020-11-24 18:17 - 2020-11-24 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\intelligent sounds & music
2020-11-24 18:17 - 2020-11-24 18:17 - 000000000 ____D C:\Program Files\intelligent sounds & music
2020-11-24 18:15 - 2020-11-24 18:15 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\intelligent sounds & music
2020-11-24 18:15 - 2020-11-24 18:15 - 000000000 ____D C:\ProgramData\intelligent sounds & music
2020-11-24 18:08 - 2020-11-24 18:08 - 000000000 ____D C:\Users\BevPC\AppData\Local\Fyxdf
2020-11-19 07:35 - 2020-11-30 12:55 - 001388432 _____ C:\Users\Public\VOIP.dat
2020-11-19 07:34 - 2020-11-19 07:34 - 001994628 _____ C:\WINDOWS\Minidump\111920-11812-01.dmp
2020-11-19 06:45 - 2020-11-21 12:46 - 000000000 __HDC C:\ProgramData\{D2030082-F62A-402A-9456-8009276FD896}
2020-11-19 06:41 - 2020-11-30 10:01 - 000000000 ____D C:\ProgramData\Outbyte
2020-11-18 20:28 - 2020-11-18 20:28 - 001540700 _____ C:\WINDOWS\Minidump\111820-10656-01.dmp
2020-11-18 20:20 - 2020-11-18 20:20 - 001522876 _____ C:\WINDOWS\Minidump\111820-10625-01.dmp
2020-11-18 17:47 - 2020-11-18 17:47 - 002297860 _____ C:\WINDOWS\Minidump\111820-14593-01.dmp
2020-11-18 07:20 - 2020-11-18 07:20 - 000000000 ____D C:\Users\BevPC\Documents\FabFilter
2020-11-18 07:20 - 2020-11-18 07:20 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\FabFilter
2020-11-18 07:18 - 2020-11-18 07:18 - 000000454 _____ C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter Pro-Q 3 Help.lnk
2020-11-17 18:27 - 2020-11-17 18:27 - 056036410 _____ C:\Users\BevPC\Desktop\PPT for 45th Anniverary gala 1.pptx
2020-11-17 17:29 - 2020-11-17 17:29 - 000001933 _____ C:\Users\BevPC\Desktop\Zoom.lnk
2020-11-17 17:13 - 2020-11-17 17:13 - 002161300 _____ C:\WINDOWS\Minidump\111720-10578-01.dmp
2020-11-16 08:24 - 2020-11-16 08:24 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Xfer
2020-11-16 08:23 - 2020-11-16 08:23 - 000000000 ____D C:\Users\BevPC\Documents\Xfer
2020-11-16 07:53 - 2020-11-16 07:53 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Sonic Academy
2020-11-16 07:25 - 2020-11-16 07:25 - 000000000 ____D C:\ProgramData\Sonic Academy
2020-11-16 07:25 - 2020-11-16 07:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Academy
2020-11-16 07:21 - 2020-11-16 07:21 - 000000000 ____D C:\Users\BevPC\Desktop\vst
2020-11-16 07:14 - 2020-11-16 07:14 - 021432294 _____ C:\Users\BevPC\Downloads\ab0b302c-1704-4320-9d89-71e034c6eb91.tmp
2020-11-15 04:35 - 2020-11-15 04:35 - 001789396 _____ C:\WINDOWS\Minidump\111520-10375-01.dmp
2020-11-15 03:40 - 2020-11-15 03:40 - 000017671 _____ C:\Users\BevPC\Downloads\MemTest.zip
2020-11-15 03:36 - 2020-11-15 03:36 - 008234296 _____ (Piriform Software Ltd) C:\Users\BevPC\Downloads\spsetup132.exe
2020-11-15 03:36 - 2020-11-15 03:36 - 000000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2020-11-15 03:36 - 2020-11-15 03:36 - 000000839 _____ C:\ProgramData\Desktop\Speccy.lnk
2020-11-15 03:36 - 2020-11-15 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-11-15 03:36 - 2020-11-15 03:36 - 000000000 ____D C:\Program Files\Speccy
2020-11-15 00:30 - 2020-11-30 13:13 - 000000000 ____D C:\ProgramData\Doctor Web
2020-11-15 00:30 - 2020-11-15 00:54 - 000000000 ____D C:\Users\BevPC\Doctor Web
2020-11-15 00:28 - 2020-11-15 00:29 - 232596160 _____ C:\Users\BevPC\Downloads\vci0a7k1.exe
2020-11-15 00:04 - 2020-11-15 00:04 - 000000000 ____D C:\WINDOWS\pss
2020-11-14 14:24 - 2020-11-14 14:26 - 000000000 ____D C:\Users\BevPC\Documents\Reflect
2020-11-14 14:00 - 2020-11-14 14:10 - 000000000 ____D C:\ProgramData\Macrium
2020-11-14 14:00 - 2020-11-14 14:00 - 005279488 _____ (Paramount Software UK Ltd) C:\Users\BevPC\Downloads\ReflectDLHF.exe
2020-11-14 13:57 - 2020-11-14 13:57 - 000000000 ____D C:\WINDOWS\system32\Samsung
2020-11-14 13:57 - 2020-04-24 02:22 - 000043368 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver2.sys
2020-11-14 13:47 - 2020-11-14 13:54 - 002199156 _____ C:\WINDOWS\Minidump\111420-32640-01.dmp
2020-11-14 13:45 - 2020-11-30 09:25 - 000000000 ___RD C:\Users\BevPC\Desktop\BERLIN SOUNDS Project
2020-11-13 08:16 - 2020-11-30 12:06 - 001762626 _____ C:\WINDOWS\ntbtlog.txt
2020-11-13 08:16 - 2020-11-30 11:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-11-12 21:49 - 2020-11-12 21:51 - 002125660 _____ C:\WINDOWS\Minidump\111220-34296-01.dmp
2020-11-12 18:49 - 2020-11-12 18:49 - 000007622 _____ C:\Users\BevPC\AppData\Local\Resmon.ResmonCfg
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-10 13:14 - 2020-11-10 13:14 - 008540672 _____ C:\Users\BevPC\Downloads\T-JM26AUS0.exe
2020-11-08 22:40 - 2020-11-08 22:40 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-08 22:40 - 2020-11-08 22:40 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-08 22:40 - 2020-11-08 22:40 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001054936 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-11-08 21:56 - 2020-10-27 20:29 - 001054936 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-11-08 21:56 - 2020-10-27 20:29 - 000917720 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-08 21:56 - 2020-10-27 20:29 - 000917720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-11-08 21:56 - 2020-10-27 20:28 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-11-08 21:56 - 2020-10-27 20:28 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-11-08 21:56 - 2020-10-27 20:27 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-11-08 21:56 - 2020-10-27 20:27 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445709.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001584368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001484184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445709.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 006858992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 002509720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-11-08 21:56 - 2020-10-27 20:23 - 005976984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-11-08 21:30 - 2020-11-08 21:30 - 000001449 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-11-08 21:30 - 2020-10-19 00:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2020-11-08 21:30 - 2020-10-19 00:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2020-11-08 21:29 - 2020-03-04 07:54 - 000050592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2020-11-08 21:23 - 2020-11-08 21:27 - 127450288 _____ (NVIDIA Corporation New) C:\Users\BevPC\Downloads\GeForce_Experience_v3.20.5.70.exe
2020-11-08 11:16 - 2020-11-08 11:22 - 004231580 _____ C:\WINDOWS\Minidump\110820-40718-01.dmp
2020-11-05 23:47 - 2020-11-05 23:47 - 000804904 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000804392 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000799784 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000701992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000700968 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000695848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000125992 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000105000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000069672 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000057896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000055336 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000049192 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000039464 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000037928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll
2020-11-03 17:26 - 2020-11-19 07:34 - 000000000 ____D C:\WINDOWS\Minidump
2020-11-03 17:26 - 2020-11-03 17:33 - 004416628 _____ C:\WINDOWS\Minidump\110320-36312-01.dmp
2020-11-03 11:22 - 2020-11-03 11:29 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2020-11-03 11:21 - 2020-11-03 11:22 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-11-03 11:21 - 2020-11-03 11:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-11-03 11:18 - 2020-11-03 11:18 - 000000000 ____D C:\ProgramData\USOShared
2020-11-03 11:18 - 2020-11-03 11:18 - 000000000 ____D C:\ProgramData\ssh
2020-11-03 11:14 - 2020-11-03 11:14 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2020-11-03 11:14 - 2020-11-03 11:14 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2020-11-03 11:13 - 2020-11-03 11:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-11-03 11:13 - 2020-11-03 11:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-11-03 11:13 - 2020-11-03 11:13 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2020-11-03 11:13 - 2020-11-03 11:13 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-11-03 11:13 - 2020-11-03 11:13 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-11-03 11:13 - 2020-11-03 11:13 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
2020-11-03 11:13 - 2020-11-03 11:13 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-11-03 11:13 - 2020-11-03 11:13 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-11-03 11:13 - 2020-11-03 11:13 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-11-03 11:13 - 2020-11-03 11:13 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-11-03 11:13 - 2020-11-03 11:13 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000059221 _____ C:\WINDOWS\system32\srms.dat
2020-11-03 11:12 - 2020-11-03 11:12 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 001282872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-11-03 11:12 - 2020-11-03 11:12 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-11-03 11:12 - 2020-11-03 11:12 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-11-03 11:12 - 2020-11-03 11:12 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2020-11-03 11:12 - 2020-11-03 11:12 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-11-03 11:12 - 2020-11-03 11:12 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2020-11-03 11:12 - 2020-11-03 11:12 - 000110080 _____ C:\WINDOWS\system32\ResBParser.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000000357 _____ C:\WINDOWS\system32\DrtmAuthKeyDelegate_From_20190529_To_20200303.bin
2020-11-03 11:12 - 2020-11-03 11:12 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth1KeyDelegate.bin
2020-11-03 11:11 - 2020-11-03 11:11 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 002590208 _____ C:\WINDOWS\system32\dwmscene.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 001756592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-11-03 11:11 - 2020-11-03 11:11 - 001366136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-11-03 11:11 - 2020-11-03 11:11 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000811160 _____ C:\WINDOWS\SysWOW64\locale.nls
2020-11-03 11:11 - 2020-11-03 11:11 - 000811160 _____ C:\WINDOWS\system32\locale.nls
2020-11-03 11:11 - 2020-11-03 11:11 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2020-11-03 11:11 - 2020-11-03 11:11 - 000059392 _____ C:\WINDOWS\system32\runexehelper.exe
2020-11-03 11:11 - 2020-11-03 11:11 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000037888 _____ C:\WINDOWS\system32\usocoreps.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000035840 _____ C:\WINDOWS\system32\deploymentcsphelper.exe
2020-11-03 11:10 - 2020-11-03 11:10 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2020-11-03 11:10 - 2020-11-03 11:10 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2020-11-03 11:10 - 2020-11-03 11:10 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-11-03 11:10 - 2020-11-03 11:10 - 000237880 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2020-11-03 11:10 - 2020-11-03 11:10 - 000053248 _____ C:\WINDOWS\system32\Drivers\UsbPmApi.sys
2020-11-03 11:10 - 2020-11-03 11:10 - 000047616 _____ C:\WINDOWS\system32\UsbPmApi.dll
2020-11-03 11:10 - 2020-11-03 11:10 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-11-03 10:53 - 2020-11-15 01:27 - 000797340 _____ C:\WINDOWS\system32\perfh00C.dat
2020-11-03 10:53 - 2020-11-15 01:27 - 000153094 _____ C:\WINDOWS\system32\perfc00C.dat
2020-11-03 10:53 - 2020-11-03 10:53 - 000351124 _____ C:\WINDOWS\system32\perfi00C.dat
2020-11-03 10:53 - 2020-11-03 10:53 - 000040694 _____ C:\WINDOWS\system32\perfd00C.dat
2020-11-03 10:53 - 2020-11-03 10:53 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2020-11-03 10:53 - 2020-11-03 10:53 - 000000000 ____D C:\WINDOWS\SysWOW64\fr
2020-11-03 10:53 - 2020-11-03 10:53 - 000000000 ____D C:\WINDOWS\system32\fr
2020-11-03 10:44 - 2020-11-03 10:44 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2020-11-03 10:44 - 2020-11-03 10:44 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files\MSBuild
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-11-03 09:14 - 2020-11-03 09:14 - 000001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2020-11-03 09:11 - 2018-11-22 16:31 - 005939008 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001617056 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001571280 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APOMIX.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001529224 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001069480 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BPAPO.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000884568 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000598432 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CX64APO2.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000442360 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\ASpkExt64.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000113160 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\FMPropPageExt64.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000061232 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxPageMaster64.dll
2020-11-03 09:11 - 2018-11-22 12:31 - 004921304 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A195.dll
2020-11-03 09:11 - 2018-11-22 12:31 - 003463680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDRT64.sys
2020-11-03 09:11 - 2018-11-22 12:31 - 000806352 _____ (ICEpower) C:\WINDOWS\system32\ICEsoundService64.exe
2020-11-03 09:11 - 2018-11-22 12:31 - 000174488 _____ (ASUSTeK COMPUTER INC.) C:\WINDOWS\system32\ATKWMI.dll
2020-11-03 09:11 - 2018-11-22 12:31 - 000042712 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CXHDMI64.dll
2020-11-03 09:11 - 2018-11-22 12:22 - 000530396 _____ C:\WINDOWS\system32\Drivers\miceq.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000202187 _____ C:\WINDOWS\system32\ICEsoundService.bin
2020-11-03 09:11 - 2018-11-22 12:22 - 000132231 _____ C:\WINDOWS\system32\Drivers\softeq.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000065520 _____ C:\WINDOWS\system32\Drivers\MicGain.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000030893 _____ C:\WINDOWS\system32\Drivers\Mixer.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000029642 _____ C:\WINDOWS\system32\Drivers\D2Keys.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000006451 _____ C:\WINDOWS\system32\Drivers\HeadsetCtrl.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000005638 _____ C:\WINDOWS\system32\Drivers\orverbs.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000005388 _____ C:\WINDOWS\system32\Drivers\fxmisc.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000001816 _____ C:\WINDOWS\system32\Drivers\altmixer.ini
2020-11-03 09:06 - 2020-11-03 09:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-11-03 09:03 - 2020-11-03 09:03 - 000000020 ___SH C:\Users\BevPC\ntuser.ini
2020-11-03 09:02 - 2020-11-30 12:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-03 09:02 - 2020-11-30 06:25 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6a4bce37d175a
2020-11-03 09:02 - 2020-11-24 18:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-03 09:02 - 2020-11-08 21:30 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-03 09:02 - 000003438 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6815bf143b021
2020-11-03 09:02 - 2020-11-03 09:02 - 000003406 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-03 09:02 - 2020-11-03 09:02 - 000003376 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d6a4151755c76d
2020-11-03 09:02 - 2020-11-03 09:02 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-11-03 09:02 - 2020-11-03 09:02 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a4bce3704f12
2020-11-03 09:02 - 2020-11-03 09:02 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6815bf10e1ec9
2020-11-03 09:02 - 2020-11-03 09:02 - 000003182 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-03 09:02 - 2020-11-03 09:02 - 000003152 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d6a415172add51
2020-11-03 09:02 - 2020-11-03 09:02 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-11-03 09:02 - 2020-11-03 09:02 - 000003028 _____ C:\WINDOWS\system32\Tasks\WpsExternal_20161117083023
2020-11-03 09:02 - 2020-11-03 09:02 - 000002974 _____ C:\WINDOWS\system32\Tasks\Update Checker
2020-11-03 09:02 - 2020-11-03 09:02 - 000002924 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2020-11-03 09:02 - 2020-11-03 09:02 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2067428576-3587227036-2798591388-1003
2020-11-03 09:02 - 2020-11-03 09:02 - 000002862 _____ C:\WINDOWS\system32\Tasks\ASUS Smart Gesture Launcher
2020-11-03 09:02 - 2020-11-03 09:02 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2067428576-3587227036-2798591388-500
2020-11-03 09:02 - 2020-11-03 09:02 - 000002340 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2020-11-03 09:02 - 2020-11-03 09:02 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-11-03 09:02 - 2020-11-03 09:02 - 000002214 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2020-11-03 09:02 - 2020-11-03 09:02 - 000002214 _____ C:\WINDOWS\system32\Tasks\ASUS Splendid ACMON
2020-11-03 09:02 - 2020-11-03 09:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUSTek Computer Inc
2020-11-03 09:02 - 2020-11-03 09:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2020-11-03 09:00 - 2020-11-03 09:02 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2020-11-03 09:00 - 2020-11-03 09:02 - 000007623 _____ C:\WINDOWS\diagerr.xml
2020-11-03 08:51 - 2020-11-15 01:27 - 001768058 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-03 08:39 - 2020-11-30 13:13 - 000000000 ____D C:\Users\BevPC
2020-11-03 08:39 - 2019-03-18 23:46 - 000001105 _____ C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-11-03 08:30 - 2020-11-30 12:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-11-03 08:30 - 2020-11-11 08:45 - 000454928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-02 22:53 - 2020-11-02 22:53 - 000001129 _____ C:\Users\Public\Desktop\Native Access.lnk
2020-11-02 22:53 - 2020-11-02 22:53 - 000001129 _____ C:\ProgramData\Desktop\Native Access.lnk
2020-11-02 22:53 - 2020-11-02 22:53 - 000000000 __HDC C:\ProgramData\{2CD88392-6082-4B22-A91D-093567E64459}
2020-11-02 22:49 - 2020-11-15 14:37 - 000000000 ___DC C:\WINDOWS\Panther
2020-11-02 21:48 - 2020-11-03 08:43 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2020-11-02 21:48 - 2020-11-02 21:48 - 000462251 _____ C:\Users\BevPC\Downloads\ASIO4ALL_2_14_English (1).exe
2020-11-02 21:48 - 2020-11-02 21:48 - 000001213 _____ C:\Users\BevPC\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2020-11-02 21:48 - 2020-11-02 21:48 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2020-11-02 21:47 - 2020-11-02 21:47 - 000462251 _____ C:\Users\BevPC\Downloads\ASIO4ALL_2_14_English.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-30 13:18 - 2020-04-16 20:04 - 000000000 ____D C:\Program Files (x86)\App Deploy
2020-11-30 13:09 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-30 12:56 - 2017-09-13 21:16 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-30 12:54 - 2017-09-13 18:26 - 000000184 _____ C:\Users\BevPC\AppData\Roaming\sp_data.sys
2020-11-30 12:54 - 2017-09-13 18:26 - 000000000 __SHD C:\Users\BevPC\IntelGraphicsProfiles
2020-11-30 12:53 - 2019-03-18 23:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-30 12:50 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2020-11-30 12:50 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-30 11:27 - 2017-12-07 18:37 - 000000000 ____D C:\Users\BevPC\AppData\Local\ElevatedDiagnostics
2020-11-30 10:13 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-30 09:53 - 2017-11-11 23:01 - 000000000 ____D C:\Users\BevPC\AppData\Local\CrashDumps
2020-11-30 09:30 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-30 09:29 - 2019-08-08 17:17 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2020-11-30 07:32 - 2018-10-19 16:42 - 000000000 ____D C:\Users\BevPC\AppData\Local\Native Instruments
2020-11-30 07:15 - 2020-03-19 10:29 - 000000000 ____D C:\Users\BevPC\Documents\Ableton
2020-11-30 07:15 - 2020-03-19 10:29 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Ableton
2020-11-30 07:01 - 2020-04-16 18:49 - 000000000 __SHD C:\Program Files\qemu
2020-11-30 06:58 - 2020-03-19 10:28 - 000000000 ____D C:\ProgramData\Ableton
2020-11-27 22:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-11-24 18:03 - 2017-09-23 18:10 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-24 07:31 - 2020-07-31 11:22 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-24 07:31 - 2020-07-31 11:22 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-24 07:31 - 2020-07-31 11:22 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-11-19 17:33 - 2018-08-20 17:09 - 000000000 ____D C:\ProgramData\Packages
2020-11-19 07:34 - 2019-10-19 12:02 - 791170880 _____ C:\WINDOWS\MEMORY.DMP
2020-11-19 06:45 - 2018-08-04 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2020-11-19 06:45 - 2018-08-04 21:22 - 000000000 ____D C:\Program Files\Native Instruments
2020-11-17 18:27 - 2017-12-28 15:20 - 000000000 ____D C:\Users\BevPC\AppData\Local\Packages
2020-11-17 18:10 - 2019-05-16 20:55 - 000000000 ____D C:\Users\BevPC\AppData\Local\PlaceholderTileLogoFolder
2020-11-17 18:09 - 2017-09-14 13:07 - 000000000 ___RD C:\Users\BevPC\OneDrive - Algonquin College
2020-11-16 19:47 - 2020-07-29 12:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-16 16:41 - 2017-09-18 17:35 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-15 14:17 - 2020-03-22 09:36 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voltage Modular
2020-11-15 00:01 - 2017-02-28 05:43 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-14 13:57 - 2017-09-18 19:54 - 000000000 ____D C:\ProgramData\Samsung
2020-11-13 07:42 - 2018-04-16 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-11-12 19:09 - 2020-04-16 13:33 - 000000000 _____ C:\Users\BevPC\Documents\MainAppLog.txt
2020-11-12 19:08 - 2020-04-14 13:24 - 001249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\BevPC\AppData\Roaming\msvcr90-ruby191.dll
2020-11-12 11:00 - 2020-02-19 03:10 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-07-29 12:38 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-11 01:11 - 2017-09-05 20:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-11 01:07 - 2017-09-05 20:28 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-09 08:29 - 2017-09-13 21:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-11-08 23:59 - 2017-12-28 17:17 - 000000000 ___RD C:\Users\BevPC\3D Objects
2020-11-08 23:59 - 2017-02-28 05:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-08 22:46 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\servicing
2020-11-08 21:58 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Help
2020-11-08 21:58 - 2017-09-13 21:16 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-11-08 21:58 - 2017-02-28 05:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-11-08 18:49 - 2020-03-21 19:42 - 000000000 ____D C:\Users\BevPC\Documents\Rack
2020-11-08 15:46 - 2020-03-22 09:36 - 000001600 _____ C:\Users\BevPC\Desktop\Voltage Modular.lnk
2020-11-08 15:46 - 2020-03-22 09:36 - 000000000 ____D C:\ProgramData\Voltage
2020-11-06 11:16 - 2018-02-20 12:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-04 04:24 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\appcompat
2020-11-03 17:39 - 2017-09-14 09:58 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-11-03 17:34 - 2017-09-05 20:28 - 000000000 ____D C:\Program Files\UNP
2020-11-03 11:29 - 2020-04-21 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spitfire Audio
2020-11-03 11:29 - 2020-04-17 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polyverse
2020-11-03 11:29 - 2020-04-16 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2nd Sense
2020-11-03 11:29 - 2020-04-16 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infected Mushroom
2020-11-03 11:29 - 2020-04-16 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[BEN.SCHULZ]
2020-11-03 11:29 - 2020-04-14 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surge
2020-11-03 11:29 - 2020-04-14 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tone2 Gladiator full
2020-11-03 11:29 - 2020-04-14 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tone2 Firebird
2020-11-03 11:29 - 2020-04-14 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dexed
2020-11-03 11:29 - 2020-04-14 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helm
2020-11-03 11:29 - 2020-03-24 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\loopMIDI
2020-11-03 11:29 - 2020-01-15 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2020-11-03 11:29 - 2019-08-26 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jihosoft iPhone Data Recovery
2020-11-03 11:29 - 2019-05-08 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-11-03 11:29 - 2019-04-16 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2020-11-03 11:29 - 2019-03-18 23:56 - 000000000 ____D C:\WINDOWS\Setup
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 __RHD C:\Users\Public\Libraries
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\spool
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ServiceState
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Registration
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-11-03 11:29 - 2019-03-18 23:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-11-03 11:29 - 2018-10-16 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-11-03 11:29 - 2018-09-27 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-11-03 11:29 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-11-03 11:29 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-11-03 11:29 - 2018-08-11 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2020-11-03 11:29 - 2018-03-09 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texidium eReader
2020-11-03 11:29 - 2018-02-01 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Explorer
2020-11-03 11:29 - 2018-02-01 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End
2020-11-03 11:29 - 2018-02-01 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2020-11-03 11:29 - 2018-01-30 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2020-11-03 11:29 - 2017-11-16 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2020-11-03 11:29 - 2017-09-28 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-11-03 11:29 - 2017-09-18 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
2020-11-03 11:29 - 2017-09-14 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-11-03 11:29 - 2017-09-13 21:17 - 000000000 ____D C:\Program Files\Intel
2020-11-03 11:29 - 2017-09-13 21:15 - 000000000 ____D C:\Program Files (x86)\Intel
2020-11-03 11:29 - 2017-09-13 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-11-03 11:29 - 2017-02-28 05:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2020-11-03 11:29 - 2017-02-28 05:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2020-11-03 11:29 - 2017-02-28 05:28 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2020-11-03 11:29 - 2017-02-28 05:25 - 000000000 ____D C:\Program Files\CONEXANT
2020-11-03 11:24 - 2018-10-16 10:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2020-11-03 11:23 - 2020-06-13 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roland
2020-11-03 11:23 - 2020-04-16 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-he
2020-11-03 11:23 - 2020-04-16 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio
2020-11-03 11:23 - 2020-03-30 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tokyo Dawn Labs
2020-11-03 11:23 - 2020-03-20 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akai Professional
2020-11-03 11:23 - 2019-09-02 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMyFone
2020-11-03 11:23 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Resources
2020-11-03 11:23 - 2018-04-20 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2020-11-03 11:23 - 2017-02-28 05:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2020-11-03 11:23 - 2017-02-28 05:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2020-11-03 11:22 - 2020-06-13 13:23 - 000000000 ____D C:\Program Files\Roland
2020-11-03 11:18 - 2019-03-19 01:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-11-03 11:18 - 2019-03-19 01:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\PerfLogs
2020-11-03 11:17 - 2019-03-19 01:20 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2020-11-03 11:17 - 2019-03-19 01:20 - 000018903 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\winrm
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\WCN
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\slmgr
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\IME
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2020-11-03 10:41 - 2019-03-19 01:19 - 000000000 ____D C:\WINDOWS\OCR
2020-11-03 09:20 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-11-03 09:13 - 2017-02-28 05:25 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2020-11-03 09:04 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-11-03 09:02 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-11-03 09:02 - 2019-03-18 23:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-11-03 08:43 - 2020-06-11 09:01 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-11-03 08:43 - 2017-09-14 09:25 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-11-03 08:41 - 2020-04-16 14:39 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HOFA
2020-11-03 08:41 - 2020-04-14 17:20 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Extent of the Jam
2020-11-03 08:37 - 2017-09-13 21:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2020-11-02 22:52 - 2017-02-28 05:16 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-02 22:15 - 2020-03-24 18:22 - 000000000 ____D C:\Program Files (x86)\ASIOLinkPro
 
==================== Files in the root of some directories ========
 
2020-11-19 07:35 - 2020-11-30 12:55 - 001388432 _____ () C:\Users\Public\VOIP.dat
2020-04-14 13:24 - 2020-11-12 19:08 - 001249792 _____ (http://www.ruby-lang.org/) C:\Users\BevPC\AppData\Roaming\msvcr90-ruby191.dll
2017-09-13 18:26 - 2020-11-30 12:54 - 000000184 _____ () C:\Users\BevPC\AppData\Roaming\sp_data.sys
2020-01-15 22:12 - 2020-01-16 07:18 - 000000187 _____ () C:\Users\BevPC\AppData\Roaming\wss.ini
2018-02-01 20:01 - 2018-03-01 19:16 - 000013824 _____ () C:\Users\BevPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-11-12 18:49 - 2020-11-12 18:49 - 000007622 _____ () C:\Users\BevPC\AppData\Local\Resmon.ResmonCfg
2020-04-24 20:53 - 2020-04-24 20:53 - 000000000 _____ () C:\Users\BevPC\AppData\Local\{B7A270ED-B536-43A5-A83F-37D69EB3D982}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2020
Ran by BevPC (30-11-2020 14:05:11)
Running from C:\Users\BevPC\Desktop
Windows 10 Home Version 1909 18363.1198 (X64) (2020-11-03 14:03:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2067428576-3587227036-2798591388-500 - Administrator - Disabled)
BevPC (S-1-5-21-2067428576-3587227036-2798591388-1003 - Administrator - Enabled) => C:\Users\BevPC
DefaultAccount (S-1-5-21-2067428576-3587227036-2798591388-503 - Limited - Disabled)
Guest (S-1-5-21-2067428576-3587227036-2798591388-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2067428576-3587227036-2798591388-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2SEQ version 1.0.1 (HKLM-x32\...\{3F21368D-C290-4A49-B268-7D1C702E8FE1}_is1) (Version: 1.0.1 - 2nd Sense Audio Technology Co., Ltd.)
Ableton Live 10 Suite (HKLM\...\{82D69A09-36DC-4E62-9606-ADBA800A26C0}) (Version: 10.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
Backup and Sync from Google (HKLM\...\{3A8CD593-8CF9-45B4-9932-FC41CBC14E15}) (Version: 3.53.3404.7585 - Google, Inc.)
BitTorrent (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\BitTorrent) (Version: 7.10.5.45665 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.94.50 - Conexant)
Dada Life Pack (HKLM\...\{11C245F4-D7CE-44D7-8A66-8F397280BA82}) (Version: 2.0 - Dada Life)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Dexed version 0.9.4 (HKLM\...\Dexed_is1) (Version: 0.9.4 - Digital Suburban)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digits VST (HKLM-x32\...\DigitsVst) (Version:  - )
Diva (HKLM\...\{B00B1512-AA07-454A-9C7E-81B1815AA2BE}) (Version: 1.4.3.7422 - u-he)
Diva (HKLM\...\u-he Diva_is1) (Version: 1.4.3.7422 - Team V.R)
DUNE 3 (HKLM\...\{B446440C-10C3-47AB-8E80-1A540CD41387}) (Version: 3.0.7.0 - Synapse Audio Software)
Engineering Client Viewer 10.0 (HKLM-x32\...\SAP ECL Viewer 10.0) (Version: 10.1.4.16176 - SAP SE)
FabFilter Pro-Q 3.14 (HKLM-x32\...\FabFilter Pro-Q 3.14) (Version:  - )
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Firebird v2.1 (HKLM-x32\...\Tone2 Firebird_is1) (Version:  - Tone2)
Gladiator  full (HKLM-x32\...\Tone2 Gladiator full_is1) (Version: 3.0.0 - Tone2)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Helm (HKLM-x32\...\{03FAA295-7DC6-47CE-9F27-1E383A48B4BF}) (Version: 0.9.0.0 - Matt Tytel)
HOFA-Plugins Uninstall (HKLM-x32\...\HOFA-Plugins) (Version:  - HOFA-Plugins)
HY-Lofi2 version 1.0.4 (HKLM\...\HY-Lofi2_is1) (Version: 1.0.4 - )
iMyFone D-Back 7.2.0.5 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 7.2.0.5 - Shenzhen iMyFone Technology Co., Ltd.)
Infected Mushroom - Wider version 1.0 (HKLM\...\{A7684FCF-245F-4C90-87EE-472DC3EC3868}_is1) (Version: 1.0 - Polyverse Music, Inc.)
Infected Mushroom Manipulator (HKLM\...\{34E5CF28-0E9D-49A8-91CA-054D18802589}) (Version: 1.0.3.0 - Polyverse)
Intel® Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{754CC9DC-3DB4-4FB2-B71E-87331DB9EA17}) (Version: 7.5.4 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Jihosoft iPhone Data Recovery version 7.2.4 (HKLM-x32\...\{1E859503-2B3F-4AFC-ACA3-BFA89346E47F}_is1) (Version: 7.2.4 - HONGKONG JIHO CO., LIMITED)
JP-ME-1 (HKLM-x32\...\BBOMS_is1) (Version: 1.1.536 - [BEN/SCHULZ])
kikzilla 1.0.3 (HKLM-x32\...\kikzilla) (Version: 1.0.3 - intelligent sounds & music)
Kodi (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\Kodi) (Version:  - XBMC Foundation)
loopMIDI (HKLM-x32\...\{6b220f45-42ca-435c-95fd-1764cb849122}) (Version: 1.0.16.27 - Tobias Erichsen)
loopMIDI (HKLM-x32\...\{DF96DB4C-DB0F-4CCF-9769-464BC9EA859F}) (Version: 1.0.16.27 - Tobias Erichsen) Hidden
loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
LPK25 Editor 2.0.2 (HKLM\...\{EC52DA3A-F76D-4BBB-82D6-389295D4E76F}) (Version: 2.0.2 - Akai Professional)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
MediaHuman YouTube to MP3 Converter 3.9.9.43 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.43 - MediaHuman)
Mendeley Desktop 1.17.11 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.11 - Mendeley Ltd.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.47 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Native Instruments Audio 2 DJ (HKLM-x32\...\Native Instruments Audio 2 DJ) (Version:  - Native Instruments)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ (HKLM-x32\...\Native Instruments Audio 4 DJ) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ (HKLM-x32\...\Native Instruments Audio 8 DJ) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.4.0.445 - Native Instruments)
Native Instruments Massive (HKLM\...\{D7319DCF-46D8-44DE-9099-EFCB32CB3E16}) (Version: 1.5.5.0 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.0.133 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.11.2.11 - Native Instruments)
Native Instruments Traktor Audio 10 (HKLM-x32\...\Native Instruments Traktor Audio 10) (Version:  - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 (HKLM-x32\...\Native Instruments Traktor Audio 2) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 (HKLM-x32\...\Native Instruments Traktor Audio 6) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 (HKLM-x32\...\Native Instruments Traktor Kontrol S4) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Pro 3 (HKLM-x32\...\Native Instruments Traktor Pro 3) (Version: 3.2.0.60 - Native Instruments)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 457.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.09 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
Saffire PRO 2.6 (HKLM\...\Saffire PRO_is1) (Version: 2.6 - Focusrite Audio Engineering Ltd.)
SAP Business Client 6.5 (HKLM-x32\...\SAP_NWBC65) (Version: 6.5 PL0 - SAP SE)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.50 - SAP SE)
SAP GUI for Windows 7.50  (HKLM-x32\...\SAPGUI) (Version: 7.50 Compilation 1 - SAP SE)
Sonic Academy KICK 2 (HKLM\...\KICK 2_is1) (Version: 1.0.5 - Sonic Academy)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.1.18 - Spitfire Audio Holdings Ltd)
Steinberg VST Classics 1 (HKLM-x32\...\{9B0C30E5-776F-4F62-B9E9-414018E0D9AD}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Surge 1.6.6 version 1.6.6 (HKLM-x32\...\650E559A-2F44-44FE-861F-4108AE4BC30F_is1) (Version: 1.6.6 - Vember Audio)
TAL-NoiseMaker (32bit) (HKLM-x32\...\{6D1EC26F-1998-404F-A6B3-47017B049935}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-2 (32bit) (HKLM-x32\...\{C1C34478-D58C-4D22-A5D7-B60FDD07CF62}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-3 (32bit) (HKLM-x32\...\{3460B0B4-BC11-44A6-AD80-A17A18383764}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-4 (32bit) (HKLM-x32\...\{65E529C9-3E39-4AF0-8635-A5CE33ABAFE2}) (Version: 1.3.7 - TAL - Togu Audio Line)
TB-3 Driver (HKLM\...\RolandRDID0144) (Version:  - Roland Corporation)
TDR Nova version 2.1.0 (HKLM\...\TDR Nova_is1) (Version: 2.1.0 - Tokyo Dawn Labs)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.17057 - Microsoft Corporation)
TechSmith Relay (HKLM-x32\...\{A02B3DD1-681D-48B9-8CC5-56ADE8755264}) (Version: 5.1.4.999 - TechSmith Corporation)
teVirtualMIDI64 (HKLM\...\{2F802731-3731-453E-B30B-4381BEED22AC}) (Version: 1.3.0.43 - Tobias Erichsen) Hidden
Texidium Windows Desktop eReader (HKLM-x32\...\{312cc674-27a3-44f8-ad79-407742c8dfc1}) (Version: 2.1.1195.0 - Texidium Solutions Inc.)
Texidium Windows Desktop eReader (HKLM-x32\...\{ECB6F195-60F8-44FD-91A8-36615323375E}) (Version: 2.1.1195.0 - Texidium Solutions Inc.) Hidden
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPROR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
VCV Rack (HKLM\...\VCV Rack) (Version: 1.1.6 - VCV)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voltage Modular (HKLM\...\Voltage Modular) (Version: 2.0.17 - Cherry Audio)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (10/21/2015 8.0.0.19) (HKLM\...\DE393C6A9AB085F9E19765D003555C3D360497DB) (Version: 10/21/2015 8.0.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.13.6.0_x86__kgqvnymyfvs32 [2020-10-16] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.181.400.0_x86__kgqvnymyfvs32 [2020-11-12] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-03-07] (Canon Inc.)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.5.3.0_x86__h6adky7gbf63m [2020-11-18] (Gameloft SE)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-18] (Apple Inc.) [Startup Task]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.2.1.2_x86__h6adky7gbf63m [2020-11-10] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-25] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.10004.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-04-28] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-29] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-11-12] (Adobe Systems Incorporated)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-09-18] (Samsung Electronics Co. Ltd.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003_Classes\CLSID\{04271989-C4D2-3704-1D85-C41F96016F32} -> [OneDrive - Algonquin College] => C:\Users\BevPC\OneDrive - Algonquin College [2017-09-14 13:07]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [85504 2009-12-05] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2015-12-02 21:01 - 2015-12-02 21:01 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2020-11-03 09:13 - 2018-03-13 10:21 - 001173504 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-04-28] (SAP SE -> SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-04-28] (SAP SE -> SAP, Walldorf)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\sharepoint.com -> hxxps://algonquinlivecom.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2020-11-15 00:54 - 000000918 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\Control Panel\Desktop\\Wallpaper -> c:\users\bevpc\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{e807a349-5b30-4492-85b7-c373d1693fb2}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Host Services x64.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "FonePaw iPhone Data RecoveryAppService"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\Run: => "loopMIDI"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F36E04C7-352F-47D2-A709-7B9832B62B44}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{48441662-84AE-47E9-9D4E-F2D6454228A7}] => (Allow) C:\Users\BevPC\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D6AAA4B1-CF27-4447-A36A-EED2EECB6FD6}] => (Allow) C:\Users\BevPC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1F99B582-0901-428C-8583-40C0FCBDAB16}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01855D8D-75AF-4B26-8270-87DB6370A9DB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A13885AB-55DA-439E-B7D6-5D4A8EB9C839}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B55E547-D972-4C15-9091-D4275FB0AAD3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{946D1363-B8AC-4070-A471-9C6BF5246EDC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{38DDF7EE-310E-473F-9DEE-525BABB665EE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{2208218E-AA9D-4BA3-96A3-EC2DDB8D138E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7A28E526-BAFE-4255-8CE9-89358D3AAFE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C0A002E9-9142-4467-9FFB-3EAA5EB5D7C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{405A4A84-6DF1-4716-9704-412583FC57B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{613223D2-652B-400A-82E4-7556E9F27CBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{D8F88A2A-D1F9-4E81-B110-3C6D00258401}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe => No File
FirewallRules: [{67D9960B-9B06-483F-A544-1C10812CC6A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe => No File
FirewallRules: [{8D36E66C-79A0-4AF4-B3A9-CF7456A28E5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{684E31F5-538F-477B-9C8B-ABF30E7B952B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{21DE9962-02A5-4BA7-B21E-3AB522918B86}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{22A6A719-AD88-4A34-8F49-87042E2D7C89}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [TCP Query User{5ECD5706-0C34-4E8A-8E75-0679DB1C414F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{87205565-00B4-4706-B6EF-98EA41C9B97C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{118C7517-E262-4BB0-9D0F-AAA7AE5E3252}] => (Allow) C:\Users\BevPC\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F1D8B368-CD7B-42CB-84EE-EC0B0F208EFA}] => (Allow) C:\Users\BevPC\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{3C702B6E-BAD0-4DB7-85FA-48E194630941}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [UDP Query User{E285A81F-D106-496F-8A11-5262BE3A60B0}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [TCP Query User{36585A14-7152-4E25-9313-2FB159157E06}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [UDP Query User{AFA3B8EC-6DC2-43BA-9DF1-36CE9B7557AE}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [{A4626562-6A9A-4546-B3E8-C7332C4D0E54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{913E15D8-DCDE-4140-B9EB-CE9D52DA7AE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E5103127-F982-41E7-9874-D73BED7367A5}C:\program files\native instruments\traktor pro 3\traktor.exe] => (Block) C:\program files\native instruments\traktor pro 3\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [UDP Query User{B34864B4-12A0-4C03-A6F7-19C8E800B07D}C:\program files\native instruments\traktor pro 3\traktor.exe] => (Block) C:\program files\native instruments\traktor pro 3\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [{9F15E9C0-124B-4122-BBAF-3407161EB5B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3B20C5E8-458D-4F68-8105-6F2554A9B79A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4E95FDDC-1AEE-4147-B86C-9B20A284A08A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{12AC9660-2540-4607-8495-35E0F54B31B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1DA8220F-860E-4BD1-9FF6-0CF0465E8AC2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DBFE2F85-10BD-4C5C-8F5E-C8FADD2A61AE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{852597BF-0CC7-4609-8B3E-B89E169E82CD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82F2265C-3F9E-4CF8-9D63-003B65FD4F89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1CEE5FCA-38A5-4546-93C9-A49B1820392E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B5476C6-AE83-4DCB-A955-0F734323E63B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A6B1A7B-DF47-4CA9-9E4B-1CAB1774262D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9EAE649B-663D-4C5F-853E-407ACAB7808C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA54EE4E-6BEB-4A3D-9B7A-0A784DD8CB8A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F9064B9-ED90-4D15-B3EE-98968B9D4D33}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF54BDDF-B6E6-4D12-B161-A996991812BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1AF934BD-201B-4F80-8545-13F605BB631A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C95598F1-B452-488C-8C5D-E0789EEC4DEE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/30/2020 01:23:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7220,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (11/30/2020 01:14:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2624,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (11/30/2020 01:08:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2864,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (11/30/2020 12:51:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aesm_service.exe, version: 2.11.100.3, time stamp: 0x5fa58775
Faulting module name: MSVCP120.dll, version: 12.0.21005.1, time stamp: 0x524f8413
Exception code: 0xc0000005
Fault offset: 0x000000000003e6fd
Faulting process id: 0x2e30
Faulting application start time: 0x01d6c7415d73b6f7
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCP120.dll
Report Id: 37fc1b41-832d-4d55-a905-e78f7c180a6a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/30/2020 12:50:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aesm_service.exe, version: 2.10.100.2, time stamp: 0x5f6a3c54
Faulting module name: MSVCP120.dll, version: 12.0.21005.1, time stamp: 0x524f8413
Exception code: 0xc0000005
Fault offset: 0x000000000003e6fd
Faulting process id: 0x2884
Faulting application start time: 0x01d6c73b96183f59
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_c90305b9fc98596f\aesm_service.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCP120.dll
Report Id: f9772e9b-3fef-40c0-9198-de395760e402
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/30/2020 12:50:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wuauserv; Description = Windows Update; Error = 0x80070422).
 
Error: (11/30/2020 12:50:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1190_none_1716e3ef2a15f08c\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
 
Error: (11/30/2020 12:50:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wuauserv; Description = Windows Update; Error = 0x80070422).
 
 
System errors:
=============
Error: (11/30/2020 12:53:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemServices service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/30/2020 12:53:27 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
 
Error: (11/30/2020 12:51:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® SGX AESM service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (11/30/2020 12:51:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® SGX AESM service terminated with the following error: 
Unspecified error
 
Error: (11/30/2020 12:50:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® SGX AESM service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.
 
Error: (11/30/2020 12:50:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® SGX AESM service terminated with the following error: 
Unspecified error
 
Error: (11/30/2020 12:07:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemServices service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/30/2020 12:07:05 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-HALUPV1)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
 
 
Windows Defender:
===================================
Date: 2020-11-30 13:17:20.075
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Linux/CoinMiner.O!MTB
ID: 2147761881
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\App Deploy\system
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\Fk2FyKaU.exe
Security intelligence Version: AV: 1.327.1834.0, AS: 1.327.1834.0, NIS: 1.327.1834.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
 
Date: 2020-11-30 07:13:08.143
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
ID: 2147725576
Severity: Severe
Category: Trojan
Path: file:_C:\Users\BevPC\AppData\Local\Temp\Rar$EXb13856.20368\Keygen by R2R\Ableton_KeyGen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security intelligence Version: AV: 1.327.1819.0, AS: 1.327.1819.0, NIS: 1.327.1819.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
 
Date: 2020-11-30 07:11:48.372
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
ID: 2147725576
Severity: Severe
Category: Trojan
Path: file:_C:\Users\BevPC\Downloads\Ableton_KeyGen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.327.1819.0, AS: 1.327.1819.0, NIS: 1.327.1819.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
 
Date: 2020-11-30 07:11:20.780
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
ID: 2147725576
Severity: Severe
Category: Trojan
Path: file:_C:\Users\BevPC\AppData\Local\Temp\Rar$DRb9220.9695\Keygen by R2R\Ableton_KeyGen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.327.1819.0, AS: 1.327.1819.0, NIS: 1.327.1819.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
 
Date: 2020-11-30 07:10:56.397
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
ID: 2147725576
Severity: Severe
Category: Trojan
Path: file:_C:\Users\BevPC\AppData\Local\Temp\Rar$EXb9220.7449\Keygen by R2R\Ableton_KeyGen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security intelligence Version: AV: 1.327.1819.0, AS: 1.327.1819.0, NIS: 1.327.1819.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5
 
Date: 2020-11-30 11:59:10.379
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2020-11-30 11:48:19.373
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2020-11-30 11:41:54.199
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1819.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
 
Date: 2020-11-30 11:31:52.475
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2020-11-30 11:25:38.442
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===================================
 
Date: 2020-11-15 00:48:32.177
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-11-15 00:48:30.587
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-11-15 00:48:19.743
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-11-15 00:48:19.463
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-11-15 00:48:18.281
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-11-15 00:48:16.731
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-11-15 00:48:10.801
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-11-15 00:48:10.587
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. GL752VW.214 04/18/2016
Motherboard: ASUSTeK COMPUTER INC. GL752VW
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 16252.02 MB
Available physical RAM: 9824.61 MB
Total Virtual: 18684.02 MB
Available Virtual: 11717.73 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:893.15 GB) (Free:420.75 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:14.83 GB) (Free:1.15 GB) FAT32
 
\\?\Volume{f423d1a8-a64d-4f8c-9ed5-a5377efafd08}\ () (Fixed) (Total:0.84 GB) (Free:0.31 GB) NTFS
\\?\Volume{ab7ea00b-0500-4ef3-a961-156e6c21598a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 894.3 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
RKinner
Posted 30 November 2020 - 05:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I would uninstall Ableton Live 10 Suite since it seems to have been installed at the same time as the virus.
Also uninstall the worthless Intel Security Assist
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   7.02KB   207 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Then run MBAR:
 
Click on Download then Save and right click on the file and Run As Admin.  Follow the instructions.
 
 
 

  • 0

#3
BMiles
Posted 30 November 2020 - 05:57 PM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi there and thank you for looking into my situation. Here is the fix log for now, I will return with the fresh FRST text and Addition text

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-11-2020
Ran by BevPC (30-11-2020 18:44:28) Run:1
Running from C:\Users\BevPC\Desktop
Loaded Profiles: BevPC
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\9i8Gy94oJsJ0.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\Fk2FyKaU.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\zAQjfYLkX.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\Desktop\gmf715m4.exe
C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0
Task: {9A8E9FE5-4490-4B46-8DB1-7878980DBDAF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
S2 SystemServices; C:\Program Files\qemu\SystemServices.exe [X] <==== ATTENTION
C:\Program Files\qemu
S3 cpuz149; \??\C:\Users\BevPC\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161117083023.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
2020-11-30 09:31 - 2020-11-30 09:32 - 234940200 _____ C:\Users\BevPC\Desktop\gmf715m4.exe
2020-11-30 07:01 - 2020-04-16 18:49 - 000000000 __SHD C:\Program Files\qemu
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
FirewallRules: [{48441662-84AE-47E9-9D4E-F2D6454228A7}] => (Allow) C:\Users\BevPC\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{38DDF7EE-310E-473F-9DEE-525BABB665EE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{C0A002E9-9142-4467-9FFB-3EAA5EB5D7C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{405A4A84-6DF1-4716-9704-412583FC57B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{613223D2-652B-400A-82E4-7556E9F27CBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{D8F88A2A-D1F9-4E81-B110-3C6D00258401}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe => No File
FirewallRules: [{67D9960B-9B06-483F-A544-1C10812CC6A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe => No File
FirewallRules: [{8D36E66C-79A0-4AF4-B3A9-CF7456A28E5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{684E31F5-538F-477B-9C8B-ABF30E7B952B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{21DE9962-02A5-4BA7-B21E-3AB522918B86}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{22A6A719-AD88-4A34-8F49-87042E2D7C89}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
2020-11-15 00:30 - 2020-11-30 13:13 - 000000000 ____D C:\ProgramData\Doctor Web
2020-11-15 00:30 - 2020-11-15 00:54 - 000000000 ____D C:\Users\BevPC\Doctor Web
2020-11-15 00:28 - 2020-11-15 00:29 - 232596160 _____ C:\Users\BevPC\Downloads\vci0a7k1.exe
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\9i8Gy94oJsJ0.exe => No running process found
C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\Fk2FyKaU.exe => No running process found
C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\zAQjfYLkX.exe => No running process found
C:\Users\BevPC\Desktop\gmf715m4.exe => No running process found
C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A8E9FE5-4490-4B46-8DB1-7878980DBDAF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A8E9FE5-4490-4B46-8DB1-7878980DBDAF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\System\CurrentControlSet\Services\SystemServices => removed successfully
SystemServices => service removed successfully
C:\Program Files\qemu => moved successfully
HKLM\System\CurrentControlSet\Services\cpuz149 => removed successfully
cpuz149 => service removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\WINDOWS\Tasks\WpsExternal_20161117083023.job => moved successfully
C:\Users\BevPC\Desktop\gmf715m4.exe => moved successfully
"C:\Program Files\qemu" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48441662-84AE-47E9-9D4E-F2D6454228A7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38DDF7EE-310E-473F-9DEE-525BABB665EE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0A002E9-9142-4467-9FFB-3EAA5EB5D7C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{405A4A84-6DF1-4716-9704-412583FC57B3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{613223D2-652B-400A-82E4-7556E9F27CBF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8F88A2A-D1F9-4E81-B110-3C6D00258401}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67D9960B-9B06-483F-A544-1C10812CC6A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D36E66C-79A0-4AF4-B3A9-CF7456A28E5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{684E31F5-538F-477B-9C8B-ABF30E7B952B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21DE9962-02A5-4BA7-B21E-3AB522918B86}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22A6A719-AD88-4A34-8F49-87042E2D7C89}" => removed successfully
C:\ProgramData\Doctor Web => moved successfully
C:\Users\BevPC\Doctor Web => moved successfully
C:\Users\BevPC\Downloads\vci0a7k1.exe => moved successfully
 
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer =========
 
 
========= End of CMD: =========
 
 
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database =========
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.18362.1139
 
Image Version: 10.0.18363.1198
 
 
[==                         3.8%                           ] 
 
[==                         4.1%                           ] 
 
[==                         4.8%                           ] 
 
[===                        5.7%                           ] 
 
[===                        6.4%                           ] 
 
[====                       7.3%                           ] 
 
[====                       8.3%                           ] 
 
[=====                      9.3%                           ] 
 
[=====                      9.9%                           ] 
 
[======                     10.9%                          ] 
 
[======                     11.8%                          ] 
 
[=======                    12.8%                          ] 
 
[========                   13.8%                          ] 
 
[========                   14.8%                          ] 
 
[=========                  15.8%                          ] 
 
[=========                  16.8%                          ] 
 
[==========                 17.7%                          ] 
 
[==========                 18.5%                          ] 
 
[==========                 18.8%                          ] 
 
[===========                19.3%                          ] 
 
[===========                19.7%                          ] 
 
[===========                19.8%                          ] 
 
[===========                19.9%                          ] 
 
[============               20.9%                          ] 
 
[============               21.9%                          ] 
 
[=============              22.9%                          ] 
 
[=============              23.8%                          ] 
 
[==============             24.8%                          ] 
 
[==============             25.8%                          ] 
 
[===============            26.8%                          ] 
 
[================           27.8%                          ] 
 
[================           28.8%                          ] 
 
[=================          29.7%                          ] 
 
[=================          30.7%                          ] 
 
[==================         31.1%                          ] 
 
[==================         31.3%                          ] 
 
[==================         31.4%                          ] 
 
[==================         31.6%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.1%                          ] 
 
[==================         32.4%                          ] 
 
[==================         32.4%                          ] 
 
[==================         32.7%                          ] 
 
[===================        33.0%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.6%                          ] 
 
[====================       35.3%                          ] 
 
[====================       35.8%                          ] 
 
[=====================      36.4%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.3%                          ] 
 
[=====================      37.6%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.8%                          ] 
 
[======================     39.1%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    41.1%                          ] 
 
[========================   42.0%                          ] 
 
[========================   43.0%                          ] 
 
[=========================  44.0%                          ] 
 
[========================== 45.0%                          ] 
 
[========================== 46.0%                          ] 
 
[===========================46.9%                          ] 
 
[===========================47.9%                          ] 
 
[===========================48.9%                          ] 
 
[===========================49.8%                          ] 
 
[===========================50.8%                          ] 
 
[===========================51.1%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.7%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.8%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================57.3%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================59.2%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========
 
2020-11-15 04:18:01, Info                  CSI    00000006 [SR] Verifying 1 components
2020-11-15 04:18:01, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-11-15 04:18:01, Info                  CSI    00000008 [SR] Verify complete
2020-11-15 04:18:01, Info                  CSI    00000009 [SR] Verifying 1 components
2020-11-15 04:18:01, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-11-15 04:18:01, Info                  CSI    0000000b [SR] Verify complete
2020-11-15 04:18:01, Info                  CSI    0000000c [SR] Verifying 1 components
2020-11-15 04:18:01, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-11-15 04:18:01, Info                  CSI    0000000e [SR] Verify complete
2020-11-15 04:18:01, Info                  CSI    0000000f [SR] Verifying 1 components
2020-11-15 04:18:01, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-11-15 04:18:01, Info                  CSI    00000011 [SR] Verify complete
2020-11-15 04:18:01, Info                  CSI    00000012 [SR] Verifying 1 components
2020-11-15 04:18:01, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-11-15 04:18:01, Info                  CSI    00000014 [SR] Verify complete
2020-11-15 04:18:01, Info                  CSI    00000015 [SR] Verifying 1 components
2020-11-15 04:18:01, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-11-15 04:18:01, Info                  CSI    00000017 [SR] Verify complete
2020-11-22 09:08:39, Info                  CSI    00000006 [SR] Verifying 1 components
2020-11-22 09:08:39, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-11-22 09:08:39, Info                  CSI    00000008 [SR] Verify complete
2020-11-22 09:08:39, Info                  CSI    00000009 [SR] Verifying 1 components
2020-11-22 09:08:39, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-11-22 09:08:39, Info                  CSI    0000000b [SR] Verify complete
2020-11-22 09:08:39, Info                  CSI    0000000c [SR] Verifying 1 components
2020-11-22 09:08:39, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-11-22 09:08:39, Info                  CSI    0000000e [SR] Verify complete
2020-11-22 09:08:39, Info                  CSI    0000000f [SR] Verifying 1 components
2020-11-22 09:08:39, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-11-22 09:08:39, Info                  CSI    00000011 [SR] Verify complete
2020-11-22 09:08:39, Info                  CSI    00000012 [SR] Verifying 1 components
2020-11-22 09:08:39, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-11-22 09:08:39, Info                  CSI    00000014 [SR] Verify complete
2020-11-22 09:08:39, Info                  CSI    00000015 [SR] Verifying 1 components
2020-11-22 09:08:39, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-11-22 09:08:39, Info                  CSI    00000017 [SR] Verify complete
2020-11-29 12:40:22, Info                  CSI    00000006 [SR] Verifying 1 components
2020-11-29 12:40:22, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-11-29 12:40:23, Info                  CSI    00000008 [SR] Verify complete
2020-11-29 12:40:23, Info                  CSI    00000009 [SR] Verifying 1 components
2020-11-29 12:40:23, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-11-29 12:40:23, Info                  CSI    0000000b [SR] Verify complete
2020-11-29 12:40:23, Info                  CSI    0000000c [SR] Verifying 1 components
2020-11-29 12:40:23, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-11-29 12:40:23, Info                  CSI    0000000e [SR] Verify complete
2020-11-29 12:40:23, Info                  CSI    0000000f [SR] Verifying 1 components
2020-11-29 12:40:23, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-11-29 12:40:23, Info                  CSI    00000011 [SR] Verify complete
2020-11-29 12:40:23, Info                  CSI    00000012 [SR] Verifying 1 components
2020-11-29 12:40:23, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-11-29 12:40:23, Info                  CSI    00000014 [SR] Verify complete
2020-11-29 12:40:23, Info                  CSI    00000015 [SR] Verifying 1 components
2020-11-29 12:40:23, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-11-29 12:40:23, Info                  CSI    00000017 [SR] Verify complete
2020-11-30 18:47:43, Info                  CSI    0000000f [SR] Verifying 100 components
2020-11-30 18:47:43, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:43, Info                  CSI    00000011 [SR] Verify complete
2020-11-30 18:47:43, Info                  CSI    00000012 [SR] Verifying 100 components
2020-11-30 18:47:43, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:43, Info                  CSI    00000014 [SR] Verify complete
2020-11-30 18:47:43, Info                  CSI    00000015 [SR] Verifying 100 components
2020-11-30 18:47:43, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:44, Info                  CSI    00000018 [SR] Verify complete
2020-11-30 18:47:44, Info                  CSI    00000019 [SR] Verifying 100 components
2020-11-30 18:47:44, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:44, Info                  CSI    0000001b [SR] Verify complete
2020-11-30 18:47:44, Info                  CSI    0000001c [SR] Verifying 100 components
2020-11-30 18:47:44, Info                  CSI    0000001d [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:44, Info                  CSI    0000001e [SR] Verify complete
2020-11-30 18:47:44, Info                  CSI    0000001f [SR] Verifying 100 components
2020-11-30 18:47:44, Info                  CSI    00000020 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:45, Info                  CSI    00000021 [SR] Verify complete
2020-11-30 18:47:45, Info                  CSI    00000022 [SR] Verifying 100 components
2020-11-30 18:47:45, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:46, Info                  CSI    00000024 [SR] Verify complete
2020-11-30 18:47:46, Info                  CSI    00000025 [SR] Verifying 100 components
2020-11-30 18:47:46, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:47, Info                  CSI    00000027 [SR] Verify complete
2020-11-30 18:47:47, Info                  CSI    00000028 [SR] Verifying 100 components
2020-11-30 18:47:47, Info                  CSI    00000029 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:49, Info                  CSI    0000002a [SR] Verify complete
2020-11-30 18:47:49, Info                  CSI    0000002b [SR] Verifying 100 components
2020-11-30 18:47:49, Info                  CSI    0000002c [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:55, Info                  CSI    0000002d [SR] Verify complete
2020-11-30 18:47:55, Info                  CSI    0000002e [SR] Verifying 100 components
2020-11-30 18:47:55, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:56, Info                  CSI    00000030 [SR] Verify complete
2020-11-30 18:47:56, Info                  CSI    00000031 [SR] Verifying 100 components
2020-11-30 18:47:56, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:56, Info                  CSI    00000033 [SR] Verify complete
2020-11-30 18:47:56, Info                  CSI    00000034 [SR] Verifying 100 components
2020-11-30 18:47:56, Info                  CSI    00000035 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:57, Info                  CSI    00000036 [SR] Verify complete
2020-11-30 18:47:57, Info                  CSI    00000037 [SR] Verifying 100 components
2020-11-30 18:47:57, Info                  CSI    00000038 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:57, Info                  CSI    00000039 [SR] Verify complete
2020-11-30 18:47:57, Info                  CSI    0000003a [SR] Verifying 100 components
2020-11-30 18:47:57, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:58, Info                  CSI    0000003d [SR] Verify complete
2020-11-30 18:47:58, Info                  CSI    0000003e [SR] Verifying 100 components
2020-11-30 18:47:58, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:59, Info                  CSI    00000040 [SR] Verify complete
2020-11-30 18:47:59, Info                  CSI    00000041 [SR] Verifying 100 components
2020-11-30 18:47:59, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2020-11-30 18:47:59, Info                  CSI    00000043 [SR] Verify complete
2020-11-30 18:47:59, Info                  CSI    00000044 [SR] Verifying 100 components
2020-11-30 18:47:59, Info                  CSI    00000045 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:00, Info                  CSI    00000046 [SR] Verify complete
2020-11-30 18:48:00, Info                  CSI    00000047 [SR] Verifying 100 components
2020-11-30 18:48:00, Info                  CSI    00000048 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:00, Info                  CSI    00000049 [SR] Verify complete
2020-11-30 18:48:00, Info                  CSI    0000004a [SR] Verifying 100 components
2020-11-30 18:48:00, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:01, Info                  CSI    0000004c [SR] Verify complete
2020-11-30 18:48:01, Info                  CSI    0000004d [SR] Verifying 100 components
2020-11-30 18:48:01, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:02, Info                  CSI    0000004f [SR] Verify complete
2020-11-30 18:48:02, Info                  CSI    00000050 [SR] Verifying 100 components
2020-11-30 18:48:02, Info                  CSI    00000051 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:02, Info                  CSI    00000052 [SR] Verify complete
2020-11-30 18:48:03, Info                  CSI    00000053 [SR] Verifying 100 components
2020-11-30 18:48:03, Info                  CSI    00000054 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:03, Info                  CSI    00000055 [SR] Verify complete
2020-11-30 18:48:03, Info                  CSI    00000056 [SR] Verifying 100 components
2020-11-30 18:48:03, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:04, Info                  CSI    00000058 [SR] Verify complete
2020-11-30 18:48:04, Info                  CSI    00000059 [SR] Verifying 100 components
2020-11-30 18:48:04, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:05, Info                  CSI    0000005b [SR] Verify complete
2020-11-30 18:48:05, Info                  CSI    0000005c [SR] Verifying 100 components
2020-11-30 18:48:05, Info                  CSI    0000005d [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:05, Info                  CSI    0000005e [SR] Verify complete
2020-11-30 18:48:06, Info                  CSI    0000005f [SR] Verifying 100 components
2020-11-30 18:48:06, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:07, Info                  CSI    00000062 [SR] Verify complete
2020-11-30 18:48:07, Info                  CSI    00000063 [SR] Verifying 100 components
2020-11-30 18:48:07, Info                  CSI    00000064 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:07, Info                  CSI    00000065 [SR] Verify complete
2020-11-30 18:48:07, Info                  CSI    00000066 [SR] Verifying 100 components
2020-11-30 18:48:07, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:08, Info                  CSI    00000068 [SR] Verify complete
2020-11-30 18:48:08, Info                  CSI    00000069 [SR] Verifying 100 components
2020-11-30 18:48:08, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:09, Info                  CSI    0000006b [SR] Verify complete
2020-11-30 18:48:09, Info                  CSI    0000006c [SR] Verifying 100 components
2020-11-30 18:48:09, Info                  CSI    0000006d [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:09, Info                  CSI    0000006f [SR] Verify complete
2020-11-30 18:48:09, Info                  CSI    00000070 [SR] Verifying 100 components
2020-11-30 18:48:09, Info                  CSI    00000071 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:10, Info                  CSI    00000072 [SR] Verify complete
2020-11-30 18:48:10, Info                  CSI    00000073 [SR] Verifying 100 components
2020-11-30 18:48:10, Info                  CSI    00000074 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:10, Info                  CSI    00000075 [SR] Verify complete
2020-11-30 18:48:10, Info                  CSI    00000076 [SR] Verifying 100 components
2020-11-30 18:48:10, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:11, Info                  CSI    00000078 [SR] Verify complete
2020-11-30 18:48:11, Info                  CSI    00000079 [SR] Verifying 100 components
2020-11-30 18:48:11, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:11, Info                  CSI    0000007b [SR] Verify complete
2020-11-30 18:48:11, Info                  CSI    0000007c [SR] Verifying 100 components
2020-11-30 18:48:11, Info                  CSI    0000007d [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:12, Info                  CSI    0000007e [SR] Verify complete
2020-11-30 18:48:12, Info                  CSI    0000007f [SR] Verifying 100 components
2020-11-30 18:48:12, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:13, Info                  CSI    00000081 [SR] Verify complete
2020-11-30 18:48:13, Info                  CSI    00000082 [SR] Verifying 100 components
2020-11-30 18:48:13, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:14, Info                  CSI    00000084 [SR] Verify complete
2020-11-30 18:48:14, Info                  CSI    00000085 [SR] Verifying 100 components
2020-11-30 18:48:14, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:14, Info                  CSI    00000087 [SR] Verify complete
2020-11-30 18:48:14, Info                  CSI    00000088 [SR] Verifying 100 components
2020-11-30 18:48:14, Info                  CSI    00000089 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:15, Info                  CSI    0000008b [SR] Verify complete
2020-11-30 18:48:15, Info                  CSI    0000008c [SR] Verifying 100 components
2020-11-30 18:48:15, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:16, Info                  CSI    0000008e [SR] Verify complete
2020-11-30 18:48:16, Info                  CSI    0000008f [SR] Verifying 100 components
2020-11-30 18:48:16, Info                  CSI    00000090 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:17, Info                  CSI    00000094 [SR] Verify complete
2020-11-30 18:48:17, Info                  CSI    00000095 [SR] Verifying 100 components
2020-11-30 18:48:17, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:19, Info                  CSI    00000097 [SR] Verify complete
2020-11-30 18:48:19, Info                  CSI    00000098 [SR] Verifying 100 components
2020-11-30 18:48:19, Info                  CSI    00000099 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:21, Info                  CSI    0000009b [SR] Verify complete
2020-11-30 18:48:21, Info                  CSI    0000009c [SR] Verifying 100 components
2020-11-30 18:48:21, Info                  CSI    0000009d [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:21, Info                  CSI    0000009e [SR] Verify complete
2020-11-30 18:48:21, Info                  CSI    0000009f [SR] Verifying 100 components
2020-11-30 18:48:21, Info                  CSI    000000a0 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:23, Info                  CSI    000000a3 [SR] Verify complete
2020-11-30 18:48:23, Info                  CSI    000000a4 [SR] Verifying 100 components
2020-11-30 18:48:23, Info                  CSI    000000a5 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:24, Info                  CSI    000000a7 [SR] Verify complete
2020-11-30 18:48:24, Info                  CSI    000000a8 [SR] Verifying 100 components
2020-11-30 18:48:24, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:24, Info                  CSI    000000aa [SR] Verify complete
2020-11-30 18:48:24, Info                  CSI    000000ab [SR] Verifying 100 components
2020-11-30 18:48:24, Info                  CSI    000000ac [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:24, Info                  CSI    000000ad [SR] Verify complete
2020-11-30 18:48:25, Info                  CSI    000000ae [SR] Verifying 100 components
2020-11-30 18:48:25, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:25, Info                  CSI    000000b0 [SR] Verify complete
2020-11-30 18:48:25, Info                  CSI    000000b1 [SR] Verifying 100 components
2020-11-30 18:48:25, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:26, Info                  CSI    000000b3 [SR] Verify complete
2020-11-30 18:48:26, Info                  CSI    000000b4 [SR] Verifying 100 components
2020-11-30 18:48:26, Info                  CSI    000000b5 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:26, Info                  CSI    000000b7 [SR] Verify complete
2020-11-30 18:48:27, Info                  CSI    000000b8 [SR] Verifying 100 components
2020-11-30 18:48:27, Info                  CSI    000000b9 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:28, Info                  CSI    000000bc [SR] Verify complete
2020-11-30 18:48:28, Info                  CSI    000000bd [SR] Verifying 100 components
2020-11-30 18:48:28, Info                  CSI    000000be [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:29, Info                  CSI    000000bf [SR] Verify complete
2020-11-30 18:48:29, Info                  CSI    000000c0 [SR] Verifying 100 components
2020-11-30 18:48:29, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:29, Info                  CSI    000000c2 [SR] Verify complete
2020-11-30 18:48:29, Info                  CSI    000000c3 [SR] Verifying 100 components
2020-11-30 18:48:29, Info                  CSI    000000c4 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:30, Info                  CSI    000000c5 [SR] Verify complete
2020-11-30 18:48:30, Info                  CSI    000000c6 [SR] Verifying 100 components
2020-11-30 18:48:30, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:30, Info                  CSI    000000c8 [SR] Verify complete
2020-11-30 18:48:30, Info                  CSI    000000c9 [SR] Verifying 100 components
2020-11-30 18:48:30, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:31, Info                  CSI    000000cb [SR] Verify complete
2020-11-30 18:48:31, Info                  CSI    000000cc [SR] Verifying 100 components
2020-11-30 18:48:31, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:31, Info                  CSI    000000cf [SR] Verify complete
2020-11-30 18:48:32, Info                  CSI    000000d0 [SR] Verifying 100 components
2020-11-30 18:48:32, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:32, Info                  CSI    000000d2 [SR] Verify complete
2020-11-30 18:48:32, Info                  CSI    000000d3 [SR] Verifying 100 components
2020-11-30 18:48:32, Info                  CSI    000000d4 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:33, Info                  CSI    000000d6 [SR] Verify complete
2020-11-30 18:48:33, Info                  CSI    000000d7 [SR] Verifying 100 components
2020-11-30 18:48:33, Info                  CSI    000000d8 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:35, Info                  CSI    000000db [SR] Verify complete
2020-11-30 18:48:35, Info                  CSI    000000dc [SR] Verifying 100 components
2020-11-30 18:48:35, Info                  CSI    000000dd [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:36, Info                  CSI    000000de [SR] Verify complete
2020-11-30 18:48:36, Info                  CSI    000000df [SR] Verifying 100 components
2020-11-30 18:48:36, Info                  CSI    000000e0 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:36, Info                  CSI    000000e1 [SR] Verify complete
2020-11-30 18:48:36, Info                  CSI    000000e2 [SR] Verifying 100 components
2020-11-30 18:48:36, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:37, Info                  CSI    000000e4 [SR] Verify complete
2020-11-30 18:48:37, Info                  CSI    000000e5 [SR] Verifying 100 components
2020-11-30 18:48:37, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:37, Info                  CSI    000000e7 [SR] Verify complete
2020-11-30 18:48:38, Info                  CSI    000000e8 [SR] Verifying 100 components
2020-11-30 18:48:38, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:38, Info                  CSI    000000ea [SR] Verify complete
2020-11-30 18:48:38, Info                  CSI    000000eb [SR] Verifying 100 components
2020-11-30 18:48:38, Info                  CSI    000000ec [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:39, Info                  CSI    000000ed [SR] Verify complete
2020-11-30 18:48:39, Info                  CSI    000000ee [SR] Verifying 100 components
2020-11-30 18:48:39, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:40, Info                  CSI    000000f0 [SR] Verify complete
2020-11-30 18:48:40, Info                  CSI    000000f1 [SR] Verifying 100 components
2020-11-30 18:48:40, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:40, Info                  CSI    000000f3 [SR] Verify complete
2020-11-30 18:48:40, Info                  CSI    000000f4 [SR] Verifying 100 components
2020-11-30 18:48:40, Info                  CSI    000000f5 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:41, Info                  CSI    000000f6 [SR] Verify complete
2020-11-30 18:48:41, Info                  CSI    000000f7 [SR] Verifying 100 components
2020-11-30 18:48:41, Info                  CSI    000000f8 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:41, Info                  CSI    000000f9 [SR] Verify complete
2020-11-30 18:48:41, Info                  CSI    000000fa [SR] Verifying 100 components
2020-11-30 18:48:41, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:42, Info                  CSI    000000fc [SR] Verify complete
2020-11-30 18:48:42, Info                  CSI    000000fd [SR] Verifying 100 components
2020-11-30 18:48:42, Info                  CSI    000000fe [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:42, Info                  CSI    000000ff [SR] Verify complete
2020-11-30 18:48:42, Info                  CSI    00000100 [SR] Verifying 100 components
2020-11-30 18:48:42, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:43, Info                  CSI    00000102 [SR] Verify complete
2020-11-30 18:48:43, Info                  CSI    00000103 [SR] Verifying 100 components
2020-11-30 18:48:43, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:43, Info                  CSI    00000105 [SR] Verify complete
2020-11-30 18:48:43, Info                  CSI    00000106 [SR] Verifying 100 components
2020-11-30 18:48:43, Info                  CSI    00000107 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:44, Info                  CSI    00000108 [SR] Verify complete
2020-11-30 18:48:44, Info                  CSI    00000109 [SR] Verifying 100 components
2020-11-30 18:48:44, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:44, Info                  CSI    0000010b [SR] Verify complete
2020-11-30 18:48:44, Info                  CSI    0000010c [SR] Verifying 100 components
2020-11-30 18:48:44, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:45, Info                  CSI    0000010e [SR] Verify complete
2020-11-30 18:48:45, Info                  CSI    0000010f [SR] Verifying 100 components
2020-11-30 18:48:45, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:45, Info                  CSI    00000111 [SR] Verify complete
2020-11-30 18:48:45, Info                  CSI    00000112 [SR] Verifying 100 components
2020-11-30 18:48:45, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:46, Info                  CSI    00000114 [SR] Verify complete
2020-11-30 18:48:46, Info                  CSI    00000115 [SR] Verifying 100 components
2020-11-30 18:48:46, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:47, Info                  CSI    00000117 [SR] Verify complete
2020-11-30 18:48:47, Info                  CSI    00000118 [SR] Verifying 100 components
2020-11-30 18:48:47, Info                  CSI    00000119 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:47, Info                  CSI    0000011a [SR] Verify complete
2020-11-30 18:48:47, Info                  CSI    0000011b [SR] Verifying 100 components
2020-11-30 18:48:47, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:48, Info                  CSI    0000011d [SR] Verify complete
2020-11-30 18:48:48, Info                  CSI    0000011e [SR] Verifying 100 components
2020-11-30 18:48:48, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:48, Info                  CSI    00000120 [SR] Verify complete
2020-11-30 18:48:48, Info                  CSI    00000121 [SR] Verifying 100 components
2020-11-30 18:48:48, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:50, Info                  CSI    00000124 [SR] Verify complete
2020-11-30 18:48:50, Info                  CSI    00000125 [SR] Verifying 100 components
2020-11-30 18:48:50, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:50, Info                  CSI    00000127 [SR] Verify complete
2020-11-30 18:48:50, Info                  CSI    00000128 [SR] Verifying 100 components
2020-11-30 18:48:50, Info                  CSI    00000129 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:52, Info                  CSI    0000012e [SR] Verify complete
2020-11-30 18:48:52, Info                  CSI    0000012f [SR] Verifying 100 components
2020-11-30 18:48:52, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:54, Info                  CSI    00000132 [SR] Verify complete
2020-11-30 18:48:54, Info                  CSI    00000133 [SR] Verifying 100 components
2020-11-30 18:48:54, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:54, Info                  CSI    00000135 [SR] Verify complete
2020-11-30 18:48:54, Info                  CSI    00000136 [SR] Verifying 100 components
2020-11-30 18:48:54, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:55, Info                  CSI    00000138 [SR] Verify complete
2020-11-30 18:48:55, Info                  CSI    00000139 [SR] Verifying 100 components
2020-11-30 18:48:55, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:56, Info                  CSI    0000013c [SR] Verify complete
2020-11-30 18:48:56, Info                  CSI    0000013d [SR] Verifying 100 components
2020-11-30 18:48:56, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:58, Info                  CSI    00000142 [SR] Verify complete
2020-11-30 18:48:58, Info                  CSI    00000143 [SR] Verifying 100 components
2020-11-30 18:48:58, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:59, Info                  CSI    00000145 [SR] Verify complete
2020-11-30 18:48:59, Info                  CSI    00000146 [SR] Verifying 100 components
2020-11-30 18:48:59, Info                  CSI    00000147 [SR] Beginning Verify and Repair transaction
2020-11-30 18:48:59, Info                  CSI    00000148 [SR] Verify complete
2020-11-30 18:48:59, Info                  CSI    00000149 [SR] Verifying 100 components
2020-11-30 18:48:59, Info                  CSI    0000014a [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:00, Info                  CSI    0000014b [SR] Verify complete
2020-11-30 18:49:00, Info                  CSI    0000014c [SR] Verifying 100 components
2020-11-30 18:49:00, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:01, Info                  CSI    0000014f [SR] Verify complete
2020-11-30 18:49:01, Info                  CSI    00000150 [SR] Verifying 100 components
2020-11-30 18:49:01, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:02, Info                  CSI    00000152 [SR] Verify complete
2020-11-30 18:49:02, Info                  CSI    00000153 [SR] Verifying 100 components
2020-11-30 18:49:02, Info                  CSI    00000154 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:02, Info                  CSI    00000155 [SR] Verify complete
2020-11-30 18:49:02, Info                  CSI    00000156 [SR] Verifying 100 components
2020-11-30 18:49:02, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:03, Info                  CSI    00000158 [SR] Verify complete
2020-11-30 18:49:03, Info                  CSI    00000159 [SR] Verifying 100 components
2020-11-30 18:49:03, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:03, Info                  CSI    0000015b [SR] Verify complete
2020-11-30 18:49:03, Info                  CSI    0000015c [SR] Verifying 100 components
2020-11-30 18:49:03, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:04, Info                  CSI    0000015e [SR] Verify complete
2020-11-30 18:49:04, Info                  CSI    0000015f [SR] Verifying 100 components
2020-11-30 18:49:04, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:05, Info                  CSI    00000162 [SR] Verify complete
2020-11-30 18:49:05, Info                  CSI    00000163 [SR] Verifying 100 components
2020-11-30 18:49:05, Info                  CSI    00000164 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:05, Info                  CSI    00000165 [SR] Verify complete
2020-11-30 18:49:05, Info                  CSI    00000166 [SR] Verifying 100 components
2020-11-30 18:49:05, Info                  CSI    00000167 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:06, Info                  CSI    00000168 [SR] Verify complete
2020-11-30 18:49:06, Info                  CSI    00000169 [SR] Verifying 100 components
2020-11-30 18:49:06, Info                  CSI    0000016a [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:07, Info                  CSI    0000016b [SR] Verify complete
2020-11-30 18:49:07, Info                  CSI    0000016c [SR] Verifying 100 components
2020-11-30 18:49:07, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:07, Info                  CSI    0000016e [SR] Verify complete
2020-11-30 18:49:07, Info                  CSI    0000016f [SR] Verifying 100 components
2020-11-30 18:49:07, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:08, Info                  CSI    00000171 [SR] Verify complete
2020-11-30 18:49:08, Info                  CSI    00000172 [SR] Verifying 100 components
2020-11-30 18:49:08, Info                  CSI    00000173 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:08, Info                  CSI    00000174 [SR] Verify complete
2020-11-30 18:49:08, Info                  CSI    00000175 [SR] Verifying 100 components
2020-11-30 18:49:08, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:09, Info                  CSI    00000177 [SR] Verify complete
2020-11-30 18:49:09, Info                  CSI    00000178 [SR] Verifying 100 components
2020-11-30 18:49:09, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:09, Info                  CSI    0000017a [SR] Verify complete
2020-11-30 18:49:09, Info                  CSI    0000017b [SR] Verifying 100 components
2020-11-30 18:49:09, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:10, Info                  CSI    0000017d [SR] Verify complete
2020-11-30 18:49:10, Info                  CSI    0000017e [SR] Verifying 100 components
2020-11-30 18:49:10, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:11, Info                  CSI    00000180 [SR] Verify complete
2020-11-30 18:49:11, Info                  CSI    00000181 [SR] Verifying 100 components
2020-11-30 18:49:11, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:11, Info                  CSI    00000183 [SR] Verify complete
2020-11-30 18:49:11, Info                  CSI    00000184 [SR] Verifying 100 components
2020-11-30 18:49:11, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:12, Info                  CSI    00000186 [SR] Verify complete
2020-11-30 18:49:12, Info                  CSI    00000187 [SR] Verifying 100 components
2020-11-30 18:49:12, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:13, Info                  CSI    0000018a [SR] Verify complete
2020-11-30 18:49:13, Info                  CSI    0000018b [SR] Verifying 100 components
2020-11-30 18:49:13, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:13, Info                  CSI    0000018d [SR] Verify complete
2020-11-30 18:49:13, Info                  CSI    0000018e [SR] Verifying 100 components
2020-11-30 18:49:13, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:14, Info                  CSI    00000190 [SR] Verify complete
2020-11-30 18:49:14, Info                  CSI    00000191 [SR] Verifying 100 components
2020-11-30 18:49:14, Info                  CSI    00000192 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:14, Info                  CSI    00000193 [SR] Verify complete
2020-11-30 18:49:14, Info                  CSI    00000194 [SR] Verifying 100 components
2020-11-30 18:49:14, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:15, Info                  CSI    00000196 [SR] Verify complete
2020-11-30 18:49:15, Info                  CSI    00000197 [SR] Verifying 100 components
2020-11-30 18:49:15, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:15, Info                  CSI    00000199 [SR] Verify complete
2020-11-30 18:49:16, Info                  CSI    0000019a [SR] Verifying 100 components
2020-11-30 18:49:16, Info                  CSI    0000019b [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:16, Info                  CSI    0000019c [SR] Verify complete
2020-11-30 18:49:16, Info                  CSI    0000019d [SR] Verifying 100 components
2020-11-30 18:49:16, Info                  CSI    0000019e [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:16, Info                  CSI    0000019f [SR] Verify complete
2020-11-30 18:49:17, Info                  CSI    000001a0 [SR] Verifying 100 components
2020-11-30 18:49:17, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:17, Info                  CSI    000001a2 [SR] Verify complete
2020-11-30 18:49:17, Info                  CSI    000001a3 [SR] Verifying 100 components
2020-11-30 18:49:17, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:18, Info                  CSI    000001a5 [SR] Verify complete
2020-11-30 18:49:18, Info                  CSI    000001a6 [SR] Verifying 100 components
2020-11-30 18:49:18, Info                  CSI    000001a7 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:18, Info                  CSI    000001a8 [SR] Verify complete
2020-11-30 18:49:18, Info                  CSI    000001a9 [SR] Verifying 100 components
2020-11-30 18:49:18, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:18, Info                  CSI    000001ab [SR] Verify complete
2020-11-30 18:49:18, Info                  CSI    000001ac [SR] Verifying 100 components
2020-11-30 18:49:18, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:19, Info                  CSI    000001ae [SR] Verify complete
2020-11-30 18:49:19, Info                  CSI    000001af [SR] Verifying 100 components
2020-11-30 18:49:19, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:20, Info                  CSI    000001b1 [SR] Verify complete
2020-11-30 18:49:20, Info                  CSI    000001b2 [SR] Verifying 100 components
2020-11-30 18:49:20, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:20, Info                  CSI    000001b4 [SR] Verify complete
2020-11-30 18:49:20, Info                  CSI    000001b5 [SR] Verifying 100 components
2020-11-30 18:49:20, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:21, Info                  CSI    000001b7 [SR] Verify complete
2020-11-30 18:49:21, Info                  CSI    000001b8 [SR] Verifying 100 components
2020-11-30 18:49:21, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:21, Info                  CSI    000001ba [SR] Verify complete
2020-11-30 18:49:21, Info                  CSI    000001bb [SR] Verifying 100 components
2020-11-30 18:49:21, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:21, Info                  CSI    000001bd [SR] Verify complete
2020-11-30 18:49:21, Info                  CSI    000001be [SR] Verifying 100 components
2020-11-30 18:49:21, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:22, Info                  CSI    000001c0 [SR] Verify complete
2020-11-30 18:49:22, Info                  CSI    000001c1 [SR] Verifying 100 components
2020-11-30 18:49:22, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:22, Info                  CSI    000001c3 [SR] Verify complete
2020-11-30 18:49:22, Info                  CSI    000001c4 [SR] Verifying 100 components
2020-11-30 18:49:22, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:23, Info                  CSI    000001c6 [SR] Verify complete
2020-11-30 18:49:23, Info                  CSI    000001c7 [SR] Verifying 100 components
2020-11-30 18:49:23, Info                  CSI    000001c8 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:23, Info                  CSI    000001c9 [SR] Verify complete
2020-11-30 18:49:23, Info                  CSI    000001ca [SR] Verifying 100 components
2020-11-30 18:49:23, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:24, Info                  CSI    000001cc [SR] Verify complete
2020-11-30 18:49:24, Info                  CSI    000001cd [SR] Verifying 100 components
2020-11-30 18:49:24, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:25, Info                  CSI    000001cf [SR] Verify complete
2020-11-30 18:49:25, Info                  CSI    000001d0 [SR] Verifying 100 components
2020-11-30 18:49:25, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:25, Info                  CSI    000001d2 [SR] Verify complete
2020-11-30 18:49:25, Info                  CSI    000001d3 [SR] Verifying 100 components
2020-11-30 18:49:25, Info                  CSI    000001d4 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:26, Info                  CSI    000001d6 [SR] Verify complete
2020-11-30 18:49:26, Info                  CSI    000001d7 [SR] Verifying 100 components
2020-11-30 18:49:26, Info                  CSI    000001d8 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:26, Info                  CSI    000001d9 [SR] Verify complete
2020-11-30 18:49:27, Info                  CSI    000001da [SR] Verifying 100 components
2020-11-30 18:49:27, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:27, Info                  CSI    000001dc [SR] Verify complete
2020-11-30 18:49:27, Info                  CSI    000001dd [SR] Verifying 100 components
2020-11-30 18:49:27, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:27, Info                  CSI    000001df [SR] Verify complete
2020-11-30 18:49:28, Info                  CSI    000001e0 [SR] Verifying 100 components
2020-11-30 18:49:28, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:28, Info                  CSI    000001e2 [SR] Verify complete
2020-11-30 18:49:28, Info                  CSI    000001e3 [SR] Verifying 100 components
2020-11-30 18:49:28, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:29, Info                  CSI    000001e5 [SR] Verify complete
2020-11-30 18:49:29, Info                  CSI    000001e6 [SR] Verifying 100 components
2020-11-30 18:49:29, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:29, Info                  CSI    000001e8 [SR] Verify complete
2020-11-30 18:49:29, Info                  CSI    000001e9 [SR] Verifying 100 components
2020-11-30 18:49:29, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:30, Info                  CSI    000001eb [SR] Verify complete
2020-11-30 18:49:30, Info                  CSI    000001ec [SR] Verifying 100 components
2020-11-30 18:49:30, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:31, Info                  CSI    000001ee [SR] Verify complete
2020-11-30 18:49:31, Info                  CSI    000001ef [SR] Verifying 100 components
2020-11-30 18:49:31, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:31, Info                  CSI    000001f4 [SR] Verify complete
2020-11-30 18:49:31, Info                  CSI    000001f5 [SR] Verifying 100 components
2020-11-30 18:49:31, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:32, Info                  CSI    000001f7 [SR] Verify complete
2020-11-30 18:49:32, Info                  CSI    000001f8 [SR] Verifying 100 components
2020-11-30 18:49:32, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:32, Info                  CSI    000001fa [SR] Verify complete
2020-11-30 18:49:32, Info                  CSI    000001fb [SR] Verifying 100 components
2020-11-30 18:49:32, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:33, Info                  CSI    000001fd [SR] Verify complete
2020-11-30 18:49:33, Info                  CSI    000001fe [SR] Verifying 100 components
2020-11-30 18:49:33, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:33, Info                  CSI    00000200 [SR] Verify complete
2020-11-30 18:49:33, Info                  CSI    00000201 [SR] Verifying 100 components
2020-11-30 18:49:33, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:34, Info                  CSI    00000204 [SR] Verify complete
2020-11-30 18:49:34, Info                  CSI    00000205 [SR] Verifying 100 components
2020-11-30 18:49:34, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:35, Info                  CSI    00000207 [SR] Verify complete
2020-11-30 18:49:35, Info                  CSI    00000208 [SR] Verifying 100 components
2020-11-30 18:49:35, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:35, Info                  CSI    0000020a [SR] Verify complete
2020-11-30 18:49:35, Info                  CSI    0000020b [SR] Verifying 100 components
2020-11-30 18:49:35, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:36, Info                  CSI    0000020d [SR] Verify complete
2020-11-30 18:49:36, Info                  CSI    0000020e [SR] Verifying 100 components
2020-11-30 18:49:36, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:37, Info                  CSI    00000210 [SR] Verify complete
2020-11-30 18:49:37, Info                  CSI    00000211 [SR] Verifying 100 components
2020-11-30 18:49:37, Info                  CSI    00000212 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:37, Info                  CSI    00000213 [SR] Verify complete
2020-11-30 18:49:37, Info                  CSI    00000214 [SR] Verifying 100 components
2020-11-30 18:49:37, Info                  CSI    00000215 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:38, Info                  CSI    00000216 [SR] Verify complete
2020-11-30 18:49:38, Info                  CSI    00000217 [SR] Verifying 100 components
2020-11-30 18:49:38, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:39, Info                  CSI    0000021a [SR] Verify complete
2020-11-30 18:49:39, Info                  CSI    0000021b [SR] Verifying 100 components
2020-11-30 18:49:39, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:39, Info                  CSI    0000021d [SR] Verify complete
2020-11-30 18:49:40, Info                  CSI    0000021e [SR] Verifying 100 components
2020-11-30 18:49:40, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:40, Info                  CSI    00000220 [SR] Verify complete
2020-11-30 18:49:40, Info                  CSI    00000221 [SR] Verifying 100 components
2020-11-30 18:49:40, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:41, Info                  CSI    00000223 [SR] Verify complete
2020-11-30 18:49:41, Info                  CSI    00000224 [SR] Verifying 100 components
2020-11-30 18:49:41, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:41, Info                  CSI    00000226 [SR] Verify complete
2020-11-30 18:49:41, Info                  CSI    00000227 [SR] Verifying 100 components
2020-11-30 18:49:41, Info                  CSI    00000228 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:42, Info                  CSI    00000229 [SR] Verify complete
2020-11-30 18:49:42, Info                  CSI    0000022a [SR] Verifying 100 components
2020-11-30 18:49:42, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:42, Info                  CSI    00000230 [SR] Verify complete
2020-11-30 18:49:43, Info                  CSI    00000231 [SR] Verifying 100 components
2020-11-30 18:49:43, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:43, Info                  CSI    00000233 [SR] Verify complete
2020-11-30 18:49:43, Info                  CSI    00000234 [SR] Verifying 100 components
2020-11-30 18:49:43, Info                  CSI    00000235 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:44, Info                  CSI    00000236 [SR] Verify complete
2020-11-30 18:49:44, Info                  CSI    00000237 [SR] Verifying 100 components
2020-11-30 18:49:44, Info                  CSI    00000238 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:44, Info                  CSI    00000239 [SR] Verify complete
2020-11-30 18:49:45, Info                  CSI    0000023a [SR] Verifying 100 components
2020-11-30 18:49:45, Info                  CSI    0000023b [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:45, Info                  CSI    0000023c [SR] Verify complete
2020-11-30 18:49:45, Info                  CSI    0000023d [SR] Verifying 100 components
2020-11-30 18:49:45, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:46, Info                  CSI    0000023f [SR] Verify complete
2020-11-30 18:49:46, Info                  CSI    00000240 [SR] Verifying 100 components
2020-11-30 18:49:46, Info                  CSI    00000241 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:47, Info                  CSI    00000243 [SR] Verify complete
2020-11-30 18:49:47, Info                  CSI    00000244 [SR] Verifying 100 components
2020-11-30 18:49:47, Info                  CSI    00000245 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:47, Info                  CSI    00000246 [SR] Verify complete
2020-11-30 18:49:47, Info                  CSI    00000247 [SR] Verifying 100 components
2020-11-30 18:49:47, Info                  CSI    00000248 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:48, Info                  CSI    00000249 [SR] Verify complete
2020-11-30 18:49:48, Info                  CSI    0000024a [SR] Verifying 100 components
2020-11-30 18:49:48, Info                  CSI    0000024b [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:49, Info                  CSI    0000024c [SR] Verify complete
2020-11-30 18:49:49, Info                  CSI    0000024d [SR] Verifying 100 components
2020-11-30 18:49:49, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:50, Info                  CSI    0000024f [SR] Verify complete
2020-11-30 18:49:50, Info                  CSI    00000250 [SR] Verifying 100 components
2020-11-30 18:49:50, Info                  CSI    00000251 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:50, Info                  CSI    00000252 [SR] Verify complete
2020-11-30 18:49:50, Info                  CSI    00000253 [SR] Verifying 100 components
2020-11-30 18:49:50, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:50, Info                  CSI    00000255 [SR] Verify complete
2020-11-30 18:49:51, Info                  CSI    00000256 [SR] Verifying 100 components
2020-11-30 18:49:51, Info                  CSI    00000257 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:51, Info                  CSI    00000258 [SR] Verify complete
2020-11-30 18:49:51, Info                  CSI    00000259 [SR] Verifying 100 components
2020-11-30 18:49:51, Info                  CSI    0000025a [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:52, Info                  CSI    0000025b [SR] Verify complete
2020-11-30 18:49:52, Info                  CSI    0000025c [SR] Verifying 100 components
2020-11-30 18:49:52, Info                  CSI    0000025d [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:52, Info                  CSI    0000025e [SR] Verify complete
2020-11-30 18:49:52, Info                  CSI    0000025f [SR] Verifying 100 components
2020-11-30 18:49:52, Info                  CSI    00000260 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:53, Info                  CSI    00000261 [SR] Verify complete
2020-11-30 18:49:53, Info                  CSI    00000262 [SR] Verifying 100 components
2020-11-30 18:49:53, Info                  CSI    00000263 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:53, Info                  CSI    00000264 [SR] Verify complete
2020-11-30 18:49:53, Info                  CSI    00000265 [SR] Verifying 100 components
2020-11-30 18:49:53, Info                  CSI    00000266 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:54, Info                  CSI    00000267 [SR] Verify complete
2020-11-30 18:49:54, Info                  CSI    00000268 [SR] Verifying 100 components
2020-11-30 18:49:54, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:54, Info                  CSI    0000026a [SR] Verify complete
2020-11-30 18:49:54, Info                  CSI    0000026b [SR] Verifying 100 components
2020-11-30 18:49:54, Info                  CSI    0000026c [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:55, Info                  CSI    0000026e [SR] Verify complete
2020-11-30 18:49:55, Info                  CSI    0000026f [SR] Verifying 100 components
2020-11-30 18:49:55, Info                  CSI    00000270 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:56, Info                  CSI    00000271 [SR] Verify complete
2020-11-30 18:49:56, Info                  CSI    00000272 [SR] Verifying 100 components
2020-11-30 18:49:56, Info                  CSI    00000273 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:57, Info                  CSI    00000274 [SR] Verify complete
2020-11-30 18:49:57, Info                  CSI    00000275 [SR] Verifying 23 components
2020-11-30 18:49:57, Info                  CSI    00000276 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:57, Info                  CSI    00000277 [SR] Verify complete
2020-11-30 18:49:57, Info                  CSI    00000278 [SR] Repairing 0 components
2020-11-30 18:49:57, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
2020-11-30 18:49:57, Info                  CSI    0000027a [SR] Repair complete
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 18:50:25 ====

  • 0

#4
BMiles
Posted 30 November 2020 - 06:02 PM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

FRST text and Additional text

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2020
Ran by BevPC (administrator) on DESKTOP-HALUPV1 (ASUSTeK COMPUTER INC. GL752VW) (30-11-2020 18:57:34)
Running from C:\Users\BevPC\Desktop
Loaded Profiles: BevPC
Platform: Windows 10 Home Version 1909 18363.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Conexant Systems LLC -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\DriverStore\FileRepository\x40plmwa.inf_amd64_ebba65282f89f8eb\ICEsoundService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel® Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_fafb1d329fdfe2c6\aesm_service.exe
(Intel® Trusted Connect Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\commsapps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [604496 2017-11-24] (Conexant Systems LLC -> Conexant Systems, Inc.)
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\Run: [loopMIDI] => C:\Program Files (x86)\Tobias Erichsen\loopMIDI\loopMIDI.exe [5516048 2019-12-14] (Tobias Erichsen -> Tobias Erichsen)
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11219376 2020-10-20] (Support.com Inc -> SUPERAntiSpyware)
HKLM\...\Windows x64\Print Processors\Canon TS5000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDF.DLL [30720 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\KOAXYA_P: C:\Windows\System32\spool\prtprocs\x64\KOAXYA_P.DLL [50688 2017-04-16] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\C368SeriesPS Language Monitor: C:\Windows\system32\KOAXYA_L.DLL [25600 2017-04-16] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)
Startup: C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A02DD6B-DFD7-49B6-9210-AA65B2534C3B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0B7DF887-2F15-4ADB-B433-701F4CF45D74} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {0BB71945-E115-4803-AE23-EEE42DEBDF90} - System32\Tasks\WpsExternal_20161117083023 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: {0D9766CF-B649-4DA1-8FB1-F3B890BC6FB4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1457E9E1-E4AC-463D-9352-FF79E883CD63} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1491E83A-B534-4873-96DA-572E510BD1C8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1ED735F7-59D3-4E16-99DC-4A8F5817FA6F} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-12-18] (ASUSTeK Computer Inc. -> AsusTek)
Task: {209FF29D-9451-4C00-9D4F-2443B3EB416F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {221175CE-7FC1-44F2-8C44-9CEFEDDA44B3} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {2C0D377D-C971-4B78-9C1A-891011A3347D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {39B60C32-80AB-4262-B5F9-0F89352F8769} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E3E25FE-FA55-494D-8D55-263628B4A6DE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49795CB5-EAB4-4EDA-B50A-1969C6FC18E1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1526680 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4ABE3CC4-479E-4ACE-8A87-4EF99A75FDAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CAB86E8-B0E4-4C05-A7C4-F95DAE0CA801} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D672CD7-C3B3-4D39-AA3A-0F5C21AD0665} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FE2DD07-0283-4BB9-84D2-95B991099550} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52889152-8239-4D15-A69E-8A6161535A0F} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {67DEF075-04B6-4DAF-8EBB-7EA98D3D08CD} - System32\Tasks\GoogleUpdateTaskMachineUA1d6a4151755c76d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {78E83B8C-DE2B-4889-B8B4-326A37F4AA6F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {7BBEEC5F-B244-41A1-B8D3-31A5E5FEF6FC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7EBF0AD2-6F56-488D-9124-C4F54995480E} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {8BC0E8E9-8C27-4A09-BF54-7FD44928066C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BE34C02-CD38-48CD-8D3E-B2DB47E33B70} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe [1823232 2016-07-05] (Conexant Systems, Inc.) [File not signed]
Task: {9D307563-4C0B-4D95-9DB1-7961A8EEE8B1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FA4B859-6F64-406A-8740-7EAE3EF7F373} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A2574646-3D9C-43E8-9BB0-2B0CB0FBE805} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AAFC8E08-8B47-432A-9033-16DA54756031} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AF76E189-6F45-4572-9859-B90A066B5904} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B485E125-CA9B-4373-ABDF-8DEFA2240013} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7685808 2018-05-07] (Piriform Ltd -> Piriform Ltd)
Task: {C0C866DD-6452-4FB2-8CE2-A5E94BC44379} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C44C6F06-E183-4686-BEB3-DC13F88326D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C554D50C-4548-49BF-A0BC-ED20B4E5A744} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54784 2015-12-02] (ASUS) [File not signed]
Task: {C6021BE5-FADC-4872-9173-8F940A103A5F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C9334FC6-370D-46A7-A3DA-79129434E60C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CACF0392-F900-4C2D-9E08-EA1D3A5E194F} - System32\Tasks\GoogleUpdateTaskMachineCore1d6a415172add51 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-18] (Google Inc -> Google Inc.)
Task: {CE22A534-BB97-420D-AF2C-635A804382A8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [File not signed]
Task: {D42368BF-08B6-45AF-A397-6F0DDD81D9A9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC22DA76-FDF6-48B0-92A7-B146ED615EB4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF046283-A8C7-4C1F-95F9-294FAEB0B204} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5153176 2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0f538025-0c73-47d0-a614-4f8a1de0e904}: [DhcpNameServer] 206.248.154.22 206.248.154.170
Tcpip\..\Interfaces\{9430795c-fda5-4109-b6b7-0c6ce2fe1d0e}: [DhcpNameServer] 192.168.0.1
 
Edge: 
======
Edge Profile: C:\Users\BevPC\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-19]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-18] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default [2020-11-30]
CHR Notifications: Default -> hxxps://watch-video.net
CHR HomePage: Default -> hxxp://google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Extension: (Slides) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-02]
CHR Extension: (YouTube) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-17]
CHR Extension: (Adobe Acrobat) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-10-17]
CHR Extension: (Sheets) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
CHR Extension: (Gmail) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-17]
CHR Extension: (Skype Calling) - C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2017-09-13]
CHR Profile: C:\Users\BevPC\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-30] (Malwarebytes Inc -> Malwarebytes)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661368 2017-07-25] (TechSmith Corporation -> TechSmith Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 a8djavs; C:\WINDOWS\System32\Drivers\a8djavs.sys [359784 2012-12-18] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 a8djavs_x64; C:\WINDOWS\System32\Drivers\a8djavs_x64.sys [44560 2008-12-09] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 a8djusb_svc; C:\WINDOWS\System32\Drivers\a8djusb.sys [100712 2012-12-18] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 a8djusb_x64; C:\WINDOWS\System32\Drivers\a8djusb_x64.sys [233488 2008-12-09] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 asiovadpro; C:\WINDOWS\system32\DRIVERS\asiovadpro.sys [42984 2016-08-28] (John Shield -> John Shield/O Deus Audio)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-12-18] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R1 gfdriver; C:\WINDOWS\System32\drivers\gfdriver.sys [51904 2015-01-14] (TITAN ARC CORP. TAIWAN BRANCH (SAMOA) -> Titan ARC Corp.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-11-30] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-30] (Malwarebytes Inc -> Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [51904 2015-01-14] (TITAN ARC CORP. TAIWAN BRANCH (SAMOA) -> Titan ARC Corp.)
S3 RDID1144; C:\WINDOWS\system32\Drivers\RDWM1144.SYS [242432 2015-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Roland Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 teVirtualMIDI64; C:\WINDOWS\System32\drivers\teVirtualMIDI64.sys [53120 2019-12-07] (Tobias Erichsen -> Tobias Erichsen)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-30 18:53 - 2020-11-30 18:53 - 001388432 _____ C:\Users\Public\VOIP.dat
2020-11-30 18:45 - 2020-11-30 18:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\BevPC\Desktop\mbar-1.10.3.1001.exe
2020-11-30 18:44 - 2020-11-30 18:50 - 000080573 _____ C:\Users\BevPC\Desktop\Fixlog.txt
2020-11-30 15:39 - 2020-11-30 15:39 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\SUPERAntiSpyware.com
2020-11-30 15:38 - 2020-11-30 15:39 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-11-30 15:38 - 2020-11-30 15:38 - 000001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2020-11-30 15:38 - 2020-11-30 15:38 - 000001851 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2020-11-30 15:38 - 2020-11-30 15:38 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2020-11-30 15:38 - 2020-11-30 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2020-11-30 15:35 - 2020-11-30 15:35 - 163136040 _____ (SUPERAntiSpyware) C:\Users\BevPC\Desktop\SUPERAntiSpyware.exe
2020-11-30 14:05 - 2020-11-30 14:06 - 000057397 _____ C:\Users\BevPC\Desktop\Addition.txt
2020-11-30 14:02 - 2020-11-30 18:58 - 000028576 _____ C:\Users\BevPC\Desktop\FRST.txt
2020-11-30 14:02 - 2020-11-30 18:57 - 000000000 ____D C:\FRST
2020-11-30 13:59 - 2020-11-30 13:59 - 002290176 _____ (Farbar) C:\Users\BevPC\Desktop\FRST64.exe
2020-11-30 12:47 - 2020-11-30 12:47 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-11-30 12:47 - 2020-11-30 12:47 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-11-30 12:47 - 2020-11-30 12:47 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-11-30 12:47 - 2020-11-30 12:47 - 000000000 ____D C:\Users\BevPC\AppData\LocalLow\IGDump
2020-11-30 09:52 - 2020-11-30 09:52 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-11-30 07:32 - 2020-11-30 07:48 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\com.spitfireaudio
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Sampleson
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\Users\BevPC\AppData\Local\Roland Cloud
2020-11-30 07:32 - 2020-11-30 07:32 - 000000000 ____D C:\ProgramData\Documents\NI Resources
2020-11-30 07:29 - 2020-11-30 07:45 - 000000000 ____D C:\Users\BevPC\Documents\Max 8
2020-11-30 07:29 - 2020-11-30 07:29 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Cycling '74
2020-11-30 07:29 - 2020-11-30 07:29 - 000000000 ____D C:\ProgramData\Max 8
2020-11-30 07:23 - 2020-11-30 07:23 - 000057085 _____ C:\Users\BevPC\Desktop\Authorize.auz
2020-11-30 07:15 - 2020-11-30 07:15 - 000000000 ____D C:\Users\BevPC\AppData\Local\Ableton
2020-11-30 07:15 - 2020-11-30 07:15 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2020-11-30 07:01 - 2020-11-30 07:01 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\IntelTools
2020-11-30 06:54 - 2019-07-20 04:43 - 000000000 ____D C:\Users\BevPC\Downloads\Ableton.Live.Suite.10.1.Multilingual.x64.WIN
2020-11-30 06:41 - 2020-11-30 06:49 - 2020133181 _____ C:\Users\BevPC\Downloads\Ableton.Live.Suite.10.1.Multilingual.x64.WIN.rar
2020-11-30 06:25 - 2020-11-30 06:25 - 000003384 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b1e85a34269
2020-11-29 15:10 - 2020-11-29 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite Saffire PRO
2020-11-29 15:10 - 2020-11-29 15:10 - 000000000 ____D C:\Program Files (x86)\Focusrite Saffire PRO
2020-11-29 15:10 - 2007-03-13 11:58 - 000009728 _____ (Focusrite Audio Engineering Ltd.) C:\WINDOWS\system32\ffSaffirePro_coinst.dll
2020-11-25 13:10 - 2020-11-25 13:10 - 007370014 _____ C:\Users\BevPC\Downloads\USB_Burning_Tool_v2.0.8_x86.rar
2020-11-25 13:07 - 2020-11-25 16:41 - 653257722 _____ C:\Users\BevPC\Downloads\QBOX_905_216_QB0006.rar
2020-11-24 18:17 - 2020-11-24 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\intelligent sounds & music
2020-11-24 18:17 - 2020-11-24 18:17 - 000000000 ____D C:\Program Files\intelligent sounds & music
2020-11-24 18:15 - 2020-11-24 18:15 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\intelligent sounds & music
2020-11-24 18:15 - 2020-11-24 18:15 - 000000000 ____D C:\ProgramData\intelligent sounds & music
2020-11-24 18:08 - 2020-11-24 18:08 - 000000000 ____D C:\Users\BevPC\AppData\Local\Fyxdf
2020-11-19 07:34 - 2020-11-19 07:34 - 001994628 _____ C:\WINDOWS\Minidump\111920-11812-01.dmp
2020-11-19 06:45 - 2020-11-21 12:46 - 000000000 __HDC C:\ProgramData\{D2030082-F62A-402A-9456-8009276FD896}
2020-11-19 06:41 - 2020-11-30 10:01 - 000000000 ____D C:\ProgramData\Outbyte
2020-11-18 20:28 - 2020-11-18 20:28 - 001540700 _____ C:\WINDOWS\Minidump\111820-10656-01.dmp
2020-11-18 20:20 - 2020-11-18 20:20 - 001522876 _____ C:\WINDOWS\Minidump\111820-10625-01.dmp
2020-11-18 17:47 - 2020-11-18 17:47 - 002297860 _____ C:\WINDOWS\Minidump\111820-14593-01.dmp
2020-11-18 07:20 - 2020-11-18 07:20 - 000000000 ____D C:\Users\BevPC\Documents\FabFilter
2020-11-18 07:20 - 2020-11-18 07:20 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\FabFilter
2020-11-18 07:18 - 2020-11-18 07:18 - 000000454 _____ C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter Pro-Q 3 Help.lnk
2020-11-17 18:27 - 2020-11-17 18:27 - 056036410 _____ C:\Users\BevPC\Desktop\PPT for 45th Anniverary gala 1.pptx
2020-11-17 17:29 - 2020-11-17 17:29 - 000001933 _____ C:\Users\BevPC\Desktop\Zoom.lnk
2020-11-17 17:13 - 2020-11-17 17:13 - 002161300 _____ C:\WINDOWS\Minidump\111720-10578-01.dmp
2020-11-16 08:24 - 2020-11-16 08:24 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Xfer
2020-11-16 08:23 - 2020-11-16 08:23 - 000000000 ____D C:\Users\BevPC\Documents\Xfer
2020-11-16 07:53 - 2020-11-16 07:53 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Sonic Academy
2020-11-16 07:25 - 2020-11-16 07:25 - 000000000 ____D C:\ProgramData\Sonic Academy
2020-11-16 07:25 - 2020-11-16 07:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Academy
2020-11-16 07:21 - 2020-11-16 07:21 - 000000000 ____D C:\Users\BevPC\Desktop\vst
2020-11-16 07:14 - 2020-11-16 07:14 - 021432294 _____ C:\Users\BevPC\Downloads\ab0b302c-1704-4320-9d89-71e034c6eb91.tmp
2020-11-15 04:35 - 2020-11-15 04:35 - 001789396 _____ C:\WINDOWS\Minidump\111520-10375-01.dmp
2020-11-15 03:40 - 2020-11-15 03:40 - 000017671 _____ C:\Users\BevPC\Downloads\MemTest.zip
2020-11-15 03:36 - 2020-11-15 03:36 - 008234296 _____ (Piriform Software Ltd) C:\Users\BevPC\Downloads\spsetup132.exe
2020-11-15 03:36 - 2020-11-15 03:36 - 000000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2020-11-15 03:36 - 2020-11-15 03:36 - 000000839 _____ C:\ProgramData\Desktop\Speccy.lnk
2020-11-15 03:36 - 2020-11-15 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-11-15 03:36 - 2020-11-15 03:36 - 000000000 ____D C:\Program Files\Speccy
2020-11-15 00:04 - 2020-11-15 00:04 - 000000000 ____D C:\WINDOWS\pss
2020-11-14 14:24 - 2020-11-14 14:26 - 000000000 ____D C:\Users\BevPC\Documents\Reflect
2020-11-14 14:00 - 2020-11-14 14:10 - 000000000 ____D C:\ProgramData\Macrium
2020-11-14 14:00 - 2020-11-14 14:00 - 005279488 _____ (Paramount Software UK Ltd) C:\Users\BevPC\Downloads\ReflectDLHF.exe
2020-11-14 13:57 - 2020-11-14 13:57 - 000000000 ____D C:\WINDOWS\system32\Samsung
2020-11-14 13:57 - 2020-04-24 02:22 - 000043368 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver2.sys
2020-11-14 13:47 - 2020-11-14 13:54 - 002199156 _____ C:\WINDOWS\Minidump\111420-32640-01.dmp
2020-11-14 13:45 - 2020-11-30 09:25 - 000000000 ___RD C:\Users\BevPC\Desktop\BERLIN SOUNDS Project
2020-11-13 08:16 - 2020-11-30 12:06 - 001762626 _____ C:\WINDOWS\ntbtlog.txt
2020-11-12 21:49 - 2020-11-12 21:51 - 002125660 _____ C:\WINDOWS\Minidump\111220-34296-01.dmp
2020-11-12 18:49 - 2020-11-12 18:49 - 000007622 _____ C:\Users\BevPC\AppData\Local\Resmon.ResmonCfg
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-11 01:04 - 2020-11-11 01:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-10 13:14 - 2020-11-10 13:14 - 008540672 _____ C:\Users\BevPC\Downloads\T-JM26AUS0.exe
2020-11-08 22:40 - 2020-11-08 22:40 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-08 22:40 - 2020-11-08 22:40 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-08 22:40 - 2020-11-08 22:40 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-11-08 21:56 - 2020-10-27 20:29 - 001054936 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-11-08 21:56 - 2020-10-27 20:29 - 001054936 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-11-08 21:56 - 2020-10-27 20:29 - 000917720 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-08 21:56 - 2020-10-27 20:29 - 000917720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-11-08 21:56 - 2020-10-27 20:28 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-11-08 21:56 - 2020-10-27 20:28 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-11-08 21:56 - 2020-10-27 20:27 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-11-08 21:56 - 2020-10-27 20:27 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445709.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001584368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001484184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445709.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-11-08 21:56 - 2020-10-27 20:26 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 006858992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-11-08 21:56 - 2020-10-27 20:25 - 002509720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-11-08 21:56 - 2020-10-27 20:23 - 005976984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-08 21:30 - 2020-11-08 21:30 - 000001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-11-08 21:30 - 2020-11-08 21:30 - 000001449 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-11-08 21:30 - 2020-10-19 00:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2020-11-08 21:30 - 2020-10-19 00:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2020-11-08 21:29 - 2020-03-04 07:54 - 000050592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2020-11-08 21:23 - 2020-11-08 21:27 - 127450288 _____ (NVIDIA Corporation New) C:\Users\BevPC\Downloads\GeForce_Experience_v3.20.5.70.exe
2020-11-08 11:16 - 2020-11-08 11:22 - 004231580 _____ C:\WINDOWS\Minidump\110820-40718-01.dmp
2020-11-05 23:47 - 2020-11-05 23:47 - 000804904 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_quote_ex.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000804392 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_epid.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000799784 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_launch.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000701992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_quote_ex.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000700968 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_epid.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000695848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_launch.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000125992 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_urts.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000105000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_urts.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000069672 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_enclave_common.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000057896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_enclave_common.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000055336 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_platform.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000049192 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_platform.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000039464 _____ (Intel Corporation) C:\WINDOWS\system32\sgx_uae_service.dll
2020-11-05 23:47 - 2020-11-05 23:47 - 000037928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\sgx_uae_service.dll
2020-11-03 17:26 - 2020-11-19 07:34 - 000000000 ____D C:\WINDOWS\Minidump
2020-11-03 17:26 - 2020-11-03 17:33 - 004416628 _____ C:\WINDOWS\Minidump\110320-36312-01.dmp
2020-11-03 11:22 - 2020-11-03 11:29 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2020-11-03 11:21 - 2020-11-03 11:22 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-11-03 11:21 - 2020-11-03 11:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-11-03 11:18 - 2020-11-03 11:18 - 000000000 ____D C:\ProgramData\USOShared
2020-11-03 11:18 - 2020-11-03 11:18 - 000000000 ____D C:\ProgramData\ssh
2020-11-03 11:14 - 2020-11-03 11:14 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2020-11-03 11:14 - 2020-11-03 11:14 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2020-11-03 11:13 - 2020-11-03 11:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-11-03 11:13 - 2020-11-03 11:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-11-03 11:13 - 2020-11-03 11:13 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2020-11-03 11:13 - 2020-11-03 11:13 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-11-03 11:13 - 2020-11-03 11:13 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-11-03 11:13 - 2020-11-03 11:13 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
2020-11-03 11:13 - 2020-11-03 11:13 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-11-03 11:13 - 2020-11-03 11:13 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-11-03 11:13 - 2020-11-03 11:13 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-11-03 11:13 - 2020-11-03 11:13 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-11-03 11:13 - 2020-11-03 11:13 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2020-11-03 11:13 - 2020-11-03 11:13 - 000059221 _____ C:\WINDOWS\system32\srms.dat
2020-11-03 11:12 - 2020-11-03 11:12 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 001282872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-11-03 11:12 - 2020-11-03 11:12 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-11-03 11:12 - 2020-11-03 11:12 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-11-03 11:12 - 2020-11-03 11:12 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2020-11-03 11:12 - 2020-11-03 11:12 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-11-03 11:12 - 2020-11-03 11:12 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2020-11-03 11:12 - 2020-11-03 11:12 - 000110080 _____ C:\WINDOWS\system32\ResBParser.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-11-03 11:12 - 2020-11-03 11:12 - 000000357 _____ C:\WINDOWS\system32\DrtmAuthKeyDelegate_From_20190529_To_20200303.bin
2020-11-03 11:12 - 2020-11-03 11:12 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth1KeyDelegate.bin
2020-11-03 11:11 - 2020-11-03 11:11 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 002590208 _____ C:\WINDOWS\system32\dwmscene.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 001756592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-11-03 11:11 - 2020-11-03 11:11 - 001366136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-11-03 11:11 - 2020-11-03 11:11 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000811160 _____ C:\WINDOWS\SysWOW64\locale.nls
2020-11-03 11:11 - 2020-11-03 11:11 - 000811160 _____ C:\WINDOWS\system32\locale.nls
2020-11-03 11:11 - 2020-11-03 11:11 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2020-11-03 11:11 - 2020-11-03 11:11 - 000059392 _____ C:\WINDOWS\system32\runexehelper.exe
2020-11-03 11:11 - 2020-11-03 11:11 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000037888 _____ C:\WINDOWS\system32\usocoreps.dll
2020-11-03 11:11 - 2020-11-03 11:11 - 000035840 _____ C:\WINDOWS\system32\deploymentcsphelper.exe
2020-11-03 11:10 - 2020-11-03 11:10 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2020-11-03 11:10 - 2020-11-03 11:10 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2020-11-03 11:10 - 2020-11-03 11:10 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-11-03 11:10 - 2020-11-03 11:10 - 000237880 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2020-11-03 11:10 - 2020-11-03 11:10 - 000053248 _____ C:\WINDOWS\system32\Drivers\UsbPmApi.sys
2020-11-03 11:10 - 2020-11-03 11:10 - 000047616 _____ C:\WINDOWS\system32\UsbPmApi.dll
2020-11-03 11:10 - 2020-11-03 11:10 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-11-03 10:53 - 2020-11-15 01:27 - 000797340 _____ C:\WINDOWS\system32\perfh00C.dat
2020-11-03 10:53 - 2020-11-15 01:27 - 000153094 _____ C:\WINDOWS\system32\perfc00C.dat
2020-11-03 10:53 - 2020-11-03 10:53 - 000351124 _____ C:\WINDOWS\system32\perfi00C.dat
2020-11-03 10:53 - 2020-11-03 10:53 - 000040694 _____ C:\WINDOWS\system32\perfd00C.dat
2020-11-03 10:53 - 2020-11-03 10:53 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2020-11-03 10:53 - 2020-11-03 10:53 - 000000000 ____D C:\WINDOWS\SysWOW64\fr
2020-11-03 10:53 - 2020-11-03 10:53 - 000000000 ____D C:\WINDOWS\system32\fr
2020-11-03 10:44 - 2020-11-03 10:44 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2020-11-03 10:44 - 2020-11-03 10:44 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files\MSBuild
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-11-03 10:43 - 2020-11-03 10:43 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-11-03 09:14 - 2020-11-03 09:14 - 000001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2020-11-03 09:11 - 2018-11-22 16:31 - 005939008 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001617056 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001571280 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APOMIX.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001529224 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 001069480 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BPAPO.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000884568 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000598432 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CX64APO2.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000442360 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\ASpkExt64.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000113160 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\FMPropPageExt64.dll
2020-11-03 09:11 - 2018-11-22 16:31 - 000061232 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxPageMaster64.dll
2020-11-03 09:11 - 2018-11-22 12:31 - 004921304 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A195.dll
2020-11-03 09:11 - 2018-11-22 12:31 - 003463680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDRT64.sys
2020-11-03 09:11 - 2018-11-22 12:31 - 000806352 _____ (ICEpower) C:\WINDOWS\system32\ICEsoundService64.exe
2020-11-03 09:11 - 2018-11-22 12:31 - 000174488 _____ (ASUSTeK COMPUTER INC.) C:\WINDOWS\system32\ATKWMI.dll
2020-11-03 09:11 - 2018-11-22 12:31 - 000042712 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CXHDMI64.dll
2020-11-03 09:11 - 2018-11-22 12:22 - 000530396 _____ C:\WINDOWS\system32\Drivers\miceq.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000202187 _____ C:\WINDOWS\system32\ICEsoundService.bin
2020-11-03 09:11 - 2018-11-22 12:22 - 000132231 _____ C:\WINDOWS\system32\Drivers\softeq.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000065520 _____ C:\WINDOWS\system32\Drivers\MicGain.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000030893 _____ C:\WINDOWS\system32\Drivers\Mixer.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000029642 _____ C:\WINDOWS\system32\Drivers\D2Keys.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000006451 _____ C:\WINDOWS\system32\Drivers\HeadsetCtrl.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000005638 _____ C:\WINDOWS\system32\Drivers\orverbs.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000005388 _____ C:\WINDOWS\system32\Drivers\fxmisc.ini
2020-11-03 09:11 - 2018-11-22 12:22 - 000001816 _____ C:\WINDOWS\system32\Drivers\altmixer.ini
2020-11-03 09:06 - 2020-11-03 09:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-11-03 09:03 - 2020-11-03 09:03 - 000000020 ___SH C:\Users\BevPC\ntuser.ini
2020-11-03 09:02 - 2020-11-30 18:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-03 09:02 - 2020-11-30 06:25 - 000003510 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6a4bce37d175a
2020-11-03 09:02 - 2020-11-24 18:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-03 09:02 - 2020-11-08 21:30 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-08 21:30 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-03 09:02 - 2020-11-03 09:02 - 000003438 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA1d6815bf143b021
2020-11-03 09:02 - 2020-11-03 09:02 - 000003406 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-03 09:02 - 2020-11-03 09:02 - 000003376 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d6a4151755c76d
2020-11-03 09:02 - 2020-11-03 09:02 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-11-03 09:02 - 2020-11-03 09:02 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a4bce3704f12
2020-11-03 09:02 - 2020-11-03 09:02 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6815bf10e1ec9
2020-11-03 09:02 - 2020-11-03 09:02 - 000003182 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-03 09:02 - 2020-11-03 09:02 - 000003152 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d6a415172add51
2020-11-03 09:02 - 2020-11-03 09:02 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-11-03 09:02 - 2020-11-03 09:02 - 000003028 _____ C:\WINDOWS\system32\Tasks\WpsExternal_20161117083023
2020-11-03 09:02 - 2020-11-03 09:02 - 000002974 _____ C:\WINDOWS\system32\Tasks\Update Checker
2020-11-03 09:02 - 2020-11-03 09:02 - 000002924 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2020-11-03 09:02 - 2020-11-03 09:02 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2067428576-3587227036-2798591388-1003
2020-11-03 09:02 - 2020-11-03 09:02 - 000002862 _____ C:\WINDOWS\system32\Tasks\ASUS Smart Gesture Launcher
2020-11-03 09:02 - 2020-11-03 09:02 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2067428576-3587227036-2798591388-500
2020-11-03 09:02 - 2020-11-03 09:02 - 000002340 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2020-11-03 09:02 - 2020-11-03 09:02 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-11-03 09:02 - 2020-11-03 09:02 - 000002214 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2020-11-03 09:02 - 2020-11-03 09:02 - 000002214 _____ C:\WINDOWS\system32\Tasks\ASUS Splendid ACMON
2020-11-03 09:02 - 2020-11-03 09:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUSTek Computer Inc
2020-11-03 09:02 - 2020-11-03 09:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2020-11-03 09:00 - 2020-11-03 09:02 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2020-11-03 09:00 - 2020-11-03 09:02 - 000007623 _____ C:\WINDOWS\diagerr.xml
2020-11-03 08:51 - 2020-11-15 01:27 - 001768058 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-03 08:39 - 2020-11-30 18:52 - 000000000 ____D C:\Users\BevPC
2020-11-03 08:39 - 2019-03-18 23:46 - 000001105 _____ C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-11-03 08:30 - 2020-11-30 17:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-11-03 08:30 - 2020-11-11 08:45 - 000454928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-02 22:53 - 2020-11-02 22:53 - 000001129 _____ C:\Users\Public\Desktop\Native Access.lnk
2020-11-02 22:53 - 2020-11-02 22:53 - 000001129 _____ C:\ProgramData\Desktop\Native Access.lnk
2020-11-02 22:53 - 2020-11-02 22:53 - 000000000 __HDC C:\ProgramData\{2CD88392-6082-4B22-A91D-093567E64459}
2020-11-02 22:49 - 2020-11-15 14:37 - 000000000 ___DC C:\WINDOWS\Panther
2020-11-02 21:48 - 2020-11-03 08:43 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2020-11-02 21:48 - 2020-11-02 21:48 - 000462251 _____ C:\Users\BevPC\Downloads\ASIO4ALL_2_14_English (1).exe
2020-11-02 21:48 - 2020-11-02 21:48 - 000001213 _____ C:\Users\BevPC\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2020-11-02 21:48 - 2020-11-02 21:48 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2020-11-02 21:47 - 2020-11-02 21:47 - 000462251 _____ C:\Users\BevPC\Downloads\ASIO4ALL_2_14_English.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-30 18:54 - 2017-09-13 21:16 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-30 18:53 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-30 18:52 - 2019-03-18 23:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-30 18:52 - 2017-09-13 18:26 - 000000184 _____ C:\Users\BevPC\AppData\Roaming\sp_data.sys
2020-11-30 18:52 - 2017-09-13 18:26 - 000000000 __SHD C:\Users\BevPC\IntelGraphicsProfiles
2020-11-30 18:47 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-30 18:44 - 2017-09-13 21:15 - 000000000 ____D C:\Program Files (x86)\Intel
2020-11-30 18:40 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2020-11-30 13:18 - 2020-04-16 20:04 - 000000000 ____D C:\Program Files (x86)\App Deploy
2020-11-30 11:27 - 2017-12-07 18:37 - 000000000 ____D C:\Users\BevPC\AppData\Local\ElevatedDiagnostics
2020-11-30 10:13 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-30 09:53 - 2017-11-11 23:01 - 000000000 ____D C:\Users\BevPC\AppData\Local\CrashDumps
2020-11-30 09:30 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-30 09:29 - 2019-08-08 17:17 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2020-11-30 07:32 - 2018-10-19 16:42 - 000000000 ____D C:\Users\BevPC\AppData\Local\Native Instruments
2020-11-30 07:15 - 2020-03-19 10:29 - 000000000 ____D C:\Users\BevPC\Documents\Ableton
2020-11-30 07:15 - 2020-03-19 10:29 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Ableton
2020-11-27 22:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-11-24 18:03 - 2017-09-23 18:10 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-24 07:31 - 2020-07-31 11:22 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-24 07:31 - 2020-07-31 11:22 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-24 07:31 - 2020-07-31 11:22 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-11-19 17:33 - 2018-08-20 17:09 - 000000000 ____D C:\ProgramData\Packages
2020-11-19 07:34 - 2019-10-19 12:02 - 791170880 _____ C:\WINDOWS\MEMORY.DMP
2020-11-19 06:45 - 2018-08-04 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2020-11-19 06:45 - 2018-08-04 21:22 - 000000000 ____D C:\Program Files\Native Instruments
2020-11-17 18:27 - 2017-12-28 15:20 - 000000000 ____D C:\Users\BevPC\AppData\Local\Packages
2020-11-17 18:10 - 2019-05-16 20:55 - 000000000 ____D C:\Users\BevPC\AppData\Local\PlaceholderTileLogoFolder
2020-11-17 18:09 - 2017-09-14 13:07 - 000000000 ___RD C:\Users\BevPC\OneDrive - Algonquin College
2020-11-16 19:47 - 2020-07-29 12:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-16 16:41 - 2017-09-18 17:35 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-15 14:17 - 2020-03-22 09:36 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voltage Modular
2020-11-15 00:01 - 2017-02-28 05:43 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-14 13:57 - 2017-09-18 19:54 - 000000000 ____D C:\ProgramData\Samsung
2020-11-13 07:42 - 2018-04-16 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-11-12 19:09 - 2020-04-16 13:33 - 000000000 _____ C:\Users\BevPC\Documents\MainAppLog.txt
2020-11-12 19:08 - 2020-04-14 13:24 - 001249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\BevPC\AppData\Roaming\msvcr90-ruby191.dll
2020-11-12 11:00 - 2020-02-19 03:10 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-07-29 12:38 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-11 08:43 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-11 01:11 - 2017-09-05 20:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-11 01:07 - 2017-09-05 20:28 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-09 08:29 - 2017-09-13 21:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-11-08 23:59 - 2017-12-28 17:17 - 000000000 ___RD C:\Users\BevPC\3D Objects
2020-11-08 23:59 - 2017-02-28 05:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-08 23:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-08 22:46 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\servicing
2020-11-08 21:58 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Help
2020-11-08 21:58 - 2017-09-13 21:16 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-11-08 21:58 - 2017-02-28 05:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-11-08 18:49 - 2020-03-21 19:42 - 000000000 ____D C:\Users\BevPC\Documents\Rack
2020-11-08 15:46 - 2020-03-22 09:36 - 000001600 _____ C:\Users\BevPC\Desktop\Voltage Modular.lnk
2020-11-08 15:46 - 2020-03-22 09:36 - 000000000 ____D C:\ProgramData\Voltage
2020-11-06 11:16 - 2018-02-20 12:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-04 04:24 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\appcompat
2020-11-03 17:39 - 2017-09-14 09:58 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-11-03 17:34 - 2017-09-05 20:28 - 000000000 ____D C:\Program Files\UNP
2020-11-03 11:29 - 2020-04-21 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spitfire Audio
2020-11-03 11:29 - 2020-04-17 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polyverse
2020-11-03 11:29 - 2020-04-16 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2nd Sense
2020-11-03 11:29 - 2020-04-16 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infected Mushroom
2020-11-03 11:29 - 2020-04-16 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[BEN.SCHULZ]
2020-11-03 11:29 - 2020-04-14 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surge
2020-11-03 11:29 - 2020-04-14 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tone2 Gladiator full
2020-11-03 11:29 - 2020-04-14 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tone2 Firebird
2020-11-03 11:29 - 2020-04-14 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dexed
2020-11-03 11:29 - 2020-04-14 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helm
2020-11-03 11:29 - 2020-03-24 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\loopMIDI
2020-11-03 11:29 - 2020-01-15 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2020-11-03 11:29 - 2019-08-26 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jihosoft iPhone Data Recovery
2020-11-03 11:29 - 2019-05-08 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-11-03 11:29 - 2019-04-16 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2020-11-03 11:29 - 2019-03-18 23:56 - 000000000 ____D C:\WINDOWS\Setup
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 __RHD C:\Users\Public\Libraries
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\spool
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ServiceState
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Registration
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-11-03 11:29 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-11-03 11:29 - 2019-03-18 23:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-11-03 11:29 - 2018-10-16 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-11-03 11:29 - 2018-09-27 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-11-03 11:29 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-11-03 11:29 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-11-03 11:29 - 2018-08-11 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2020-11-03 11:29 - 2018-03-09 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texidium eReader
2020-11-03 11:29 - 2018-02-01 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Explorer
2020-11-03 11:29 - 2018-02-01 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End
2020-11-03 11:29 - 2018-02-01 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2020-11-03 11:29 - 2018-01-30 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2020-11-03 11:29 - 2017-11-16 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2020-11-03 11:29 - 2017-09-28 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-11-03 11:29 - 2017-09-18 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
2020-11-03 11:29 - 2017-09-14 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-11-03 11:29 - 2017-09-13 21:17 - 000000000 ____D C:\Program Files\Intel
2020-11-03 11:29 - 2017-09-13 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-11-03 11:29 - 2017-02-28 05:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2020-11-03 11:29 - 2017-02-28 05:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2020-11-03 11:29 - 2017-02-28 05:28 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2020-11-03 11:29 - 2017-02-28 05:25 - 000000000 ____D C:\Program Files\CONEXANT
2020-11-03 11:24 - 2018-10-16 10:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2020-11-03 11:23 - 2020-06-13 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roland
2020-11-03 11:23 - 2020-04-16 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-he
2020-11-03 11:23 - 2020-04-16 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio
2020-11-03 11:23 - 2020-03-30 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tokyo Dawn Labs
2020-11-03 11:23 - 2020-03-20 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akai Professional
2020-11-03 11:23 - 2019-09-02 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMyFone
2020-11-03 11:23 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Resources
2020-11-03 11:23 - 2018-04-20 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2020-11-03 11:23 - 2017-02-28 05:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2020-11-03 11:23 - 2017-02-28 05:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2020-11-03 11:22 - 2020-06-13 13:23 - 000000000 ____D C:\Program Files\Roland
2020-11-03 11:18 - 2019-03-19 01:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-11-03 11:18 - 2019-03-19 01:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-11-03 11:18 - 2019-03-18 23:52 - 000000000 ____D C:\PerfLogs
2020-11-03 11:17 - 2019-03-19 01:20 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2020-11-03 11:17 - 2019-03-19 01:20 - 000018903 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\winrm
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\WCN
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\slmgr
2020-11-03 10:53 - 2019-03-19 01:18 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\IME
2020-11-03 10:53 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2020-11-03 10:44 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2020-11-03 10:41 - 2019-03-19 01:19 - 000000000 ____D C:\WINDOWS\OCR
2020-11-03 09:20 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-11-03 09:13 - 2017-02-28 05:25 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2020-11-03 09:04 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-11-03 09:02 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-11-03 09:02 - 2019-03-18 23:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-11-03 08:43 - 2020-06-11 09:01 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-11-03 08:43 - 2017-09-14 09:25 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-11-03 08:41 - 2020-04-16 14:39 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HOFA
2020-11-03 08:41 - 2020-04-14 17:20 - 000000000 ____D C:\Users\BevPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Extent of the Jam
2020-11-03 08:37 - 2017-09-13 21:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2020-11-02 22:52 - 2017-02-28 05:16 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-02 22:15 - 2020-03-24 18:22 - 000000000 ____D C:\Program Files (x86)\ASIOLinkPro
 
==================== Files in the root of some directories ========
 
2020-11-30 18:53 - 2020-11-30 18:53 - 001388432 _____ () C:\Users\Public\VOIP.dat
2020-04-14 13:24 - 2020-11-12 19:08 - 001249792 _____ (http://www.ruby-lang.org/) C:\Users\BevPC\AppData\Roaming\msvcr90-ruby191.dll
2017-09-13 18:26 - 2020-11-30 18:52 - 000000184 _____ () C:\Users\BevPC\AppData\Roaming\sp_data.sys
2020-01-15 22:12 - 2020-01-16 07:18 - 000000187 _____ () C:\Users\BevPC\AppData\Roaming\wss.ini
2018-02-01 20:01 - 2018-03-01 19:16 - 000013824 _____ () C:\Users\BevPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-11-12 18:49 - 2020-11-12 18:49 - 000007622 _____ () C:\Users\BevPC\AppData\Local\Resmon.ResmonCfg
2020-04-24 20:53 - 2020-04-24 20:53 - 000000000 _____ () C:\Users\BevPC\AppData\Local\{B7A270ED-B536-43A5-A83F-37D69EB3D982}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2020
Ran by BevPC (30-11-2020 18:59:36)
Running from C:\Users\BevPC\Desktop
Windows 10 Home Version 1909 18363.1198 (X64) (2020-11-03 14:03:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2067428576-3587227036-2798591388-500 - Administrator - Disabled)
BevPC (S-1-5-21-2067428576-3587227036-2798591388-1003 - Administrator - Enabled) => C:\Users\BevPC
DefaultAccount (S-1-5-21-2067428576-3587227036-2798591388-503 - Limited - Disabled)
Guest (S-1-5-21-2067428576-3587227036-2798591388-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2067428576-3587227036-2798591388-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2SEQ version 1.0.1 (HKLM-x32\...\{3F21368D-C290-4A49-B268-7D1C702E8FE1}_is1) (Version: 1.0.1 - 2nd Sense Audio Technology Co., Ltd.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
Backup and Sync from Google (HKLM\...\{3A8CD593-8CF9-45B4-9932-FC41CBC14E15}) (Version: 3.53.3404.7585 - Google, Inc.)
BitTorrent (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\BitTorrent) (Version: 7.10.5.45665 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.94.50 - Conexant)
Dada Life Pack (HKLM\...\{11C245F4-D7CE-44D7-8A66-8F397280BA82}) (Version: 2.0 - Dada Life)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Dexed version 0.9.4 (HKLM\...\Dexed_is1) (Version: 0.9.4 - Digital Suburban)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digits VST (HKLM-x32\...\DigitsVst) (Version:  - )
Diva (HKLM\...\{B00B1512-AA07-454A-9C7E-81B1815AA2BE}) (Version: 1.4.3.7422 - u-he)
Diva (HKLM\...\u-he Diva_is1) (Version: 1.4.3.7422 - Team V.R)
DUNE 3 (HKLM\...\{B446440C-10C3-47AB-8E80-1A540CD41387}) (Version: 3.0.7.0 - Synapse Audio Software)
Engineering Client Viewer 10.0 (HKLM-x32\...\SAP ECL Viewer 10.0) (Version: 10.1.4.16176 - SAP SE)
FabFilter Pro-Q 3.14 (HKLM-x32\...\FabFilter Pro-Q 3.14) (Version:  - )
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Firebird v2.1 (HKLM-x32\...\Tone2 Firebird_is1) (Version:  - Tone2)
Gladiator  full (HKLM-x32\...\Tone2 Gladiator full_is1) (Version: 3.0.0 - Tone2)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Helm (HKLM-x32\...\{03FAA295-7DC6-47CE-9F27-1E383A48B4BF}) (Version: 0.9.0.0 - Matt Tytel)
HOFA-Plugins Uninstall (HKLM-x32\...\HOFA-Plugins) (Version:  - HOFA-Plugins)
HY-Lofi2 version 1.0.4 (HKLM\...\HY-Lofi2_is1) (Version: 1.0.4 - )
iMyFone D-Back 7.2.0.5 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 7.2.0.5 - Shenzhen iMyFone Technology Co., Ltd.)
Infected Mushroom - Wider version 1.0 (HKLM\...\{A7684FCF-245F-4C90-87EE-472DC3EC3868}_is1) (Version: 1.0 - Polyverse Music, Inc.)
Infected Mushroom Manipulator (HKLM\...\{34E5CF28-0E9D-49A8-91CA-054D18802589}) (Version: 1.0.3.0 - Polyverse)
Intel® Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{754CC9DC-3DB4-4FB2-B71E-87331DB9EA17}) (Version: 7.5.4 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Jihosoft iPhone Data Recovery version 7.2.4 (HKLM-x32\...\{1E859503-2B3F-4AFC-ACA3-BFA89346E47F}_is1) (Version: 7.2.4 - HONGKONG JIHO CO., LIMITED)
JP-ME-1 (HKLM-x32\...\BBOMS_is1) (Version: 1.1.536 - [BEN/SCHULZ])
kikzilla 1.0.3 (HKLM-x32\...\kikzilla) (Version: 1.0.3 - intelligent sounds & music)
Kodi (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\Kodi) (Version:  - XBMC Foundation)
loopMIDI (HKLM-x32\...\{6b220f45-42ca-435c-95fd-1764cb849122}) (Version: 1.0.16.27 - Tobias Erichsen)
loopMIDI (HKLM-x32\...\{DF96DB4C-DB0F-4CCF-9769-464BC9EA859F}) (Version: 1.0.16.27 - Tobias Erichsen) Hidden
loopMIDIBlockLegacy (HKLM-x32\...\{AEAF7978-3204-451D-8593-BC53EBDDA31D}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
LPK25 Editor 2.0.2 (HKLM\...\{EC52DA3A-F76D-4BBB-82D6-389295D4E76F}) (Version: 2.0.2 - Akai Professional)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
MediaHuman YouTube to MP3 Converter 3.9.9.43 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.43 - MediaHuman)
Mendeley Desktop 1.17.11 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.11 - Mendeley Ltd.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.47 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Native Instruments Audio 2 DJ (HKLM-x32\...\Native Instruments Audio 2 DJ) (Version:  - Native Instruments)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ (HKLM-x32\...\Native Instruments Audio 4 DJ) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ (HKLM-x32\...\Native Instruments Audio 8 DJ) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.4.0.445 - Native Instruments)
Native Instruments Massive (HKLM\...\{D7319DCF-46D8-44DE-9099-EFCB32CB3E16}) (Version: 1.5.5.0 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.0.133 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.11.2.11 - Native Instruments)
Native Instruments Traktor Audio 10 (HKLM-x32\...\Native Instruments Traktor Audio 10) (Version:  - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 (HKLM-x32\...\Native Instruments Traktor Audio 2) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 (HKLM-x32\...\Native Instruments Traktor Audio 6) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 (HKLM-x32\...\Native Instruments Traktor Kontrol S4) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Pro 3 (HKLM-x32\...\Native Instruments Traktor Pro 3) (Version: 3.2.0.60 - Native Instruments)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 457.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.09 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
rtpMIDIBlockLegacy (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 9.9.9.9 - Tobias Erichsen) Hidden
Saffire PRO 2.6 (HKLM\...\Saffire PRO_is1) (Version: 2.6 - Focusrite Audio Engineering Ltd.)
SAP Business Client 6.5 (HKLM-x32\...\SAP_NWBC65) (Version: 6.5 PL0 - SAP SE)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.50 - SAP SE)
SAP GUI for Windows 7.50  (HKLM-x32\...\SAPGUI) (Version: 7.50 Compilation 1 - SAP SE)
Sonic Academy KICK 2 (HKLM\...\KICK 2_is1) (Version: 1.0.5 - Sonic Academy)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.1.18 - Spitfire Audio Holdings Ltd)
Steinberg VST Classics 1 (HKLM-x32\...\{9B0C30E5-776F-4F62-B9E9-414018E0D9AD}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1214 - SUPERAntiSpyware.com)
Surge 1.6.6 version 1.6.6 (HKLM-x32\...\650E559A-2F44-44FE-861F-4108AE4BC30F_is1) (Version: 1.6.6 - Vember Audio)
TAL-NoiseMaker (32bit) (HKLM-x32\...\{6D1EC26F-1998-404F-A6B3-47017B049935}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-2 (32bit) (HKLM-x32\...\{C1C34478-D58C-4D22-A5D7-B60FDD07CF62}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-3 (32bit) (HKLM-x32\...\{3460B0B4-BC11-44A6-AD80-A17A18383764}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-4 (32bit) (HKLM-x32\...\{65E529C9-3E39-4AF0-8635-A5CE33ABAFE2}) (Version: 1.3.7 - TAL - Togu Audio Line)
TB-3 Driver (HKLM\...\RolandRDID0144) (Version:  - Roland Corporation)
TDR Nova version 2.1.0 (HKLM\...\TDR Nova_is1) (Version: 2.1.0 - Tokyo Dawn Labs)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.17057 - Microsoft Corporation)
TechSmith Relay (HKLM-x32\...\{A02B3DD1-681D-48B9-8CC5-56ADE8755264}) (Version: 5.1.4.999 - TechSmith Corporation)
teVirtualMIDI64 (HKLM\...\{2F802731-3731-453E-B30B-4381BEED22AC}) (Version: 1.3.0.43 - Tobias Erichsen) Hidden
Texidium Windows Desktop eReader (HKLM-x32\...\{312cc674-27a3-44f8-ad79-407742c8dfc1}) (Version: 2.1.1195.0 - Texidium Solutions Inc.)
Texidium Windows Desktop eReader (HKLM-x32\...\{ECB6F195-60F8-44FD-91A8-36615323375E}) (Version: 2.1.1195.0 - Texidium Solutions Inc.) Hidden
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPROR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
VCV Rack (HKLM\...\VCV Rack) (Version: 1.1.6 - VCV)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voltage Modular (HKLM\...\Voltage Modular) (Version: 2.0.17 - Cherry Audio)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (10/21/2015 8.0.0.19) (HKLM\...\DE393C6A9AB085F9E19765D003555C3D360497DB) (Version: 10/21/2015 8.0.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.13.6.0_x86__kgqvnymyfvs32 [2020-10-16] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.181.400.0_x86__kgqvnymyfvs32 [2020-11-12] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-03-07] (Canon Inc.)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.5.3.0_x86__h6adky7gbf63m [2020-11-18] (Gameloft SE)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-18] (Apple Inc.) [Startup Task]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.2.1.2_x86__h6adky7gbf63m [2020-11-10] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-25] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.10004.0_x64__8wekyb3d8bbwe [2020-11-18] (Microsoft Studios)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-04-28] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-29] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-11-12] (Adobe Systems Incorporated)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-09-18] (Samsung Electronics Co. Ltd.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003_Classes\CLSID\{04271989-C4D2-3704-1D85-C41F96016F32} -> [OneDrive - Algonquin College] => C:\Users\BevPC\OneDrive - Algonquin College [2017-09-14 13:07]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [85504 2009-12-05] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2015-12-02 21:01 - 2015-12-02 21:01 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2020-11-30 18:50 - 2020-11-30 18:50 - 000372736 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\bcaf8d657ee389c63b7f267a709e8184\Interop.CxHDAudioAPILib.ni.dll
2020-11-30 18:50 - 2020-11-30 18:50 - 000018944 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxUtilSvcLib\80eef8b6d329da653ea5bc5396eb8cae\Interop.CxUtilSvcLib.ni.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2015-12-02 21:01 - 2015-12-02 21:01 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2020-11-03 09:13 - 2018-03-13 10:21 - 001173504 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-10-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-04-28] (SAP SE -> SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-04-28] (SAP SE -> SAP, Walldorf)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\sharepoint.com -> hxxps://algonquinlivecom.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2020-11-15 00:54 - 000000918 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\Control Panel\Desktop\\Wallpaper -> c:\users\bevpc\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{e807a349-5b30-4492-85b7-c373d1693fb2}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Host Services x64.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "FonePaw iPhone Data RecoveryAppService"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\Run: => "loopMIDI"
HKU\S-1-5-21-2067428576-3587227036-2798591388-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F36E04C7-352F-47D2-A709-7B9832B62B44}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D6AAA4B1-CF27-4447-A36A-EED2EECB6FD6}] => (Allow) C:\Users\BevPC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1F99B582-0901-428C-8583-40C0FCBDAB16}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01855D8D-75AF-4B26-8270-87DB6370A9DB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A13885AB-55DA-439E-B7D6-5D4A8EB9C839}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B55E547-D972-4C15-9091-D4275FB0AAD3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{946D1363-B8AC-4070-A471-9C6BF5246EDC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{2208218E-AA9D-4BA3-96A3-EC2DDB8D138E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7A28E526-BAFE-4255-8CE9-89358D3AAFE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{5ECD5706-0C34-4E8A-8E75-0679DB1C414F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{87205565-00B4-4706-B6EF-98EA41C9B97C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{118C7517-E262-4BB0-9D0F-AAA7AE5E3252}] => (Allow) C:\Users\BevPC\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F1D8B368-CD7B-42CB-84EE-EC0B0F208EFA}] => (Allow) C:\Users\BevPC\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{3C702B6E-BAD0-4DB7-85FA-48E194630941}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [UDP Query User{E285A81F-D106-496F-8A11-5262BE3A60B0}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [TCP Query User{36585A14-7152-4E25-9313-2FB159157E06}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [UDP Query User{AFA3B8EC-6DC2-43BA-9DF1-36CE9B7557AE}C:\program files\native instruments\traktor 2\traktor.exe] => (Block) C:\program files\native instruments\traktor 2\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [{A4626562-6A9A-4546-B3E8-C7332C4D0E54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{913E15D8-DCDE-4140-B9EB-CE9D52DA7AE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E5103127-F982-41E7-9874-D73BED7367A5}C:\program files\native instruments\traktor pro 3\traktor.exe] => (Block) C:\program files\native instruments\traktor pro 3\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [UDP Query User{B34864B4-12A0-4C03-A6F7-19C8E800B07D}C:\program files\native instruments\traktor pro 3\traktor.exe] => (Block) C:\program files\native instruments\traktor pro 3\traktor.exe (Native Instruments GmbH -> Native Instruments GmbH)
FirewallRules: [{9F15E9C0-124B-4122-BBAF-3407161EB5B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3B20C5E8-458D-4F68-8105-6F2554A9B79A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4E95FDDC-1AEE-4147-B86C-9B20A284A08A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{12AC9660-2540-4607-8495-35E0F54B31B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1DA8220F-860E-4BD1-9FF6-0CF0465E8AC2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DBFE2F85-10BD-4C5C-8F5E-C8FADD2A61AE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{852597BF-0CC7-4609-8B3E-B89E169E82CD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82F2265C-3F9E-4CF8-9D63-003B65FD4F89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1CEE5FCA-38A5-4546-93C9-A49B1820392E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B5476C6-AE83-4DCB-A955-0F734323E63B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A6B1A7B-DF47-4CA9-9E4B-1CAB1774262D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9EAE649B-663D-4C5F-853E-407ACAB7808C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA54EE4E-6BEB-4A3D-9B7A-0A784DD8CB8A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F9064B9-ED90-4D15-B3EE-98968B9D4D33}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF54BDDF-B6E6-4D12-B161-A996991812BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1AF934BD-201B-4F80-8545-13F605BB631A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C95598F1-B452-488C-8C5D-E0789EEC4DEE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
30-11-2020 18:39:39 Removed Ableton Live 10 Suite
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/30/2020 06:52:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (11/30/2020 06:52:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (11/30/2020 06:52:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (11/30/2020 06:52:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
Error: (11/30/2020 06:52:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HALUPV1)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (11/30/2020 06:52:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HALUPV1)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2020-11-30 18:51:59.106
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {73579831-6C3B-49A1-AA5B-ABD041256860}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. GL752VW.214 04/18/2016
Motherboard: ASUSTeK COMPUTER INC. GL752VW
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 27%
Total physical RAM: 16252.02 MB
Available physical RAM: 11800.8 MB
Total Virtual: 18684.02 MB
Available Virtual: 13953.53 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:893.15 GB) (Free:418.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:14.83 GB) (Free:1.59 GB) FAT32
 
\\?\Volume{f423d1a8-a64d-4f8c-9ed5-a5377efafd08}\ () (Fixed) (Total:0.84 GB) (Free:0.31 GB) NTFS
\\?\Volume{ab7ea00b-0500-4ef3-a961-156e6c21598a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 894.3 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#5
RKinner
Posted 30 November 2020 - 08:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Were you able to get MBAR to work?

 

Let's see what is running now:

 

Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 

  • 0

#6
BMiles
Posted 30 November 2020 - 08:19 PM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I did run MBAR and it did not turn up any results. 

 

From Process Explorer

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ACMON.exe 20,260 K 1,472 K 3036 ACMON ASUS (No signature was present in the subject) ASUS
aesm_service.exe 2,964 K 14,636 K 9276 Intel® SGX Application Enclave Services Manager Intel Corporation (Verified) Intel® Software Development Products
ApplicationFrameHost.exe 26,600 K 51,136 K 5412 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,900 K 6,336 K 4108 Adobe Acrobat Update Service Adobe Inc. (Verified) Adobe Inc.
AsLdrSrv.exe 1,516 K 5,452 K 3560 ASLDR Service ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
ATKOSD2.exe 2,008 K 8,468 K 7412 ATKOSD2 ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
audiodg.exe 8,708 K 15,580 K 11072 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1,724 K 6,656 K 5576 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 6,984 K 14,684 K 11164 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 12,112 K 21,432 K 12112 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 78,020 K 103,712 K 11756 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 29,436 K 53,652 K 11716 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 26,180 K 49,440 K 7752 Google Chrome Google LLC (Verified) Google LLC
commsapps.exe Suspended 24,620 K 744 K 10992 Mail and Calendar Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
conhost.exe 6,428 K 10,616 K 3680 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 6,520 K 1,104 K 4480 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,792 K 5,356 K 652 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ctfmon.exe 3,816 K 14,764 K 2792 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
CxAudMsg64.exe 1,856 K 9,520 K 3712 Conexant Audio Message Service Conexant Systems Inc. (Verified) Conexant Systems, Inc.
dasHost.exe 4,712 K 15,052 K 4668 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 944 K 4,228 K 5820 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,092 K 10,608 K 148 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 5,396 K 13,704 K 9752 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DMedia.exe 1,532 K 7,196 K 7404 ATK Media ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
esif_uf.exe 1,964 K 7,640 K 4100 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
EvtEng.exe 5,204 K 15,140 K 3948 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
fontdrvhost.exe 1,588 K 3,652 K 88 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 2,164 K 5,308 K 1156 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
GFNEXSrv.exe 904 K 3,480 K 3636 GFNEXSrv ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
GoogleCrashHandler.exe 1,724 K 988 K 9328 Google Crash Handler Google LLC (Verified) Google LLC
GoogleCrashHandler64.exe 1,728 K 1,004 K 9348 Google Crash Handler Google LLC (Verified) Google LLC
HxTsr.exe Suspended 8,856 K 812 K 5652 Microsoft Outlook Communications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ibtsiva.exe 1,024 K 4,468 K 3940 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
igfxCUIService.exe 1,788 K 8,516 K 2252 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,616 K 13,140 K 7256 igfxEM Module Intel Corporation (Verified) Intel® pGFX
jhi_service.exe 2,496 K 9,644 K 2204 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
LMS.exe 3,148 K 11,764 K 7832 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
lsass.exe 6,832 K 18,840 K 848 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
Memory Compression 180 K 35,584 K 2160
NIHardwareService.exe 38,972 K 45,688 K 4324 NIHardwareService Native Instruments GmbH (Verified) Native Instruments GmbH
NisSrv.exe 5,940 K 11,216 K 6656 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher
nvcontainer.exe 28,860 K 44,720 K 1888 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
NVDisplay.Container.exe 4,900 K 18,236 K 1908 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
PresentationFontCache.exe 28,444 K 24,304 K 2396 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 4,564 K 11,052 K 8044 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Registry 10,112 K 103,560 K 120
RegSrvc.exe 2,116 K 10,448 K 4376 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
RuntimeBroker.exe 5,932 K 20,500 K 10356 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,332 K 19,128 K 9524 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,652 K 26,504 K 7236 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 13,820 K 43,064 K 8220 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,144 K 15,584 K 9420 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,540 K 24,332 K 9100 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SASrv.exe 1,348 K 6,184 K 4392 SmartAudio Service Application Conexant Systems, Inc. (Verified) Conexant Systems, Inc.
SearchIndexer.exe 37,936 K 43,776 K 3468 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 233,500 K 306,892 K 7500 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecHealthUI.exe Suspended 30,248 K 73,144 K 9528 Windows Defender application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthHost.exe 3,064 K 10,208 K 7216 Windows Security Health Host Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthHost.exe 1,688 K 8,232 K 12180 Windows Security Health Host Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,884 K 16,852 K 7336 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 5,564 K 10,648 K 828 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 6,548 K 16,732 K 8656 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 3,888 K 6,520 K 9296 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe 6,372 K 25,368 K 1488 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SmartAudio.exe 64,024 K 5,460 K 10932 SmartAudio Conexant Systems, Inc (Verified) Conexant Systems LLC
smartscreen.exe 9,552 K 25,964 K 9844 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
smss.exe 1,148 K 1,188 K 484 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,088 K 17,572 K 3908 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
StartMenuExperienceHost.exe 29,148 K 74,932 K 8072 (Verified) Microsoft Windows
svchost.exe 968 K 3,948 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,152 K 12,340 K 1396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,900 K 12,540 K 1544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,152 K 8,652 K 1552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,552 K 7,436 K 1956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 5,888 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,952 K 8,640 K 2144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,752 K 7,792 K 2884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,076 K 9,744 K 2928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,640 K 6,892 K 3692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,032 K 7,036 K 3688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,652 K 6,708 K 4336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,256 K 9,272 K 4384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,296 K 5,660 K 4440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,348 K 5,504 K 4804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,608 K 13,152 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,376 K 5,536 K 7084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,740 K 11,192 K 8620 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,716 K 16,508 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,028 K 9,192 K 2312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,168 K 7,704 K 5916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,172 K 10,044 K 1964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,896 K 20,024 K 3960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,836 K 8,060 K 2220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,472 K 6,300 K 4452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,336 K 6,356 K 7628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,152 K 9,912 K 7420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,248 K 14,148 K 4000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,576 K 22,760 K 8584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,848 K 16,776 K 92 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,260 K 10,296 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,968 K 7,540 K 3340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,212 K 33,440 K 3220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,672 K 17,900 K 10792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,204 K 8,220 K 2360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,748 K 21,072 K 4564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,700 K 11,952 K 11808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,572 K 10,980 K 1376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,948 K 6,736 K 3200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,972 K 10,460 K 3192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,840 K 13,040 K 4156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,408 K 7,788 K 2368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 13,476 K 1260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,964 K 7,908 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,740 K 9,944 K 100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,012 K 8,216 K 2556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,944 K 19,384 K 3024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,996 K 21,404 K 3412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,416 K 7,464 K 4612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,200 K 14,340 K 9700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,476 K 12,604 K 2496 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,784 K 7,516 K 2376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,836 K 36,640 K 3720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,800 K 10,336 K 1720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,056 K 12,244 K 10576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,276 K 17,616 K 7176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,496 K 5,996 K 1460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,384 K 9,060 K 4272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,060 K 8,452 K 4012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,788 K 9,108 K 2648 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,420 K 15,596 K 2052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,032 K 18,436 K 1916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,772 K 8,636 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 18,820 K 28,852 K 3852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,996 K 15,800 K 12060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,776 K 30,944 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,384 K 17,808 K 2044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,072 K 16,468 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SystemSettings.exe Suspended 22,084 K 772 K 3464 Settings Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 7,572 K 17,592 K 7112 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,848 K 7,908 K 5396 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UploaderService.exe 2,512 K 11,060 K 4540 TechSmith Uploader Service TechSmith Corporation (Verified) TechSmith Corporation
USBChargerPlus.exe 1,900 K 1,128 K 792 ASUS USB Charger Plus ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
wininit.exe 1,456 K 6,960 K 756 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 2,796 K 11,856 K 1084 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 51,756 K 1,228 K 1592 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wlanext.exe 4,620 K 16,916 K 3672 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,968 K 13,192 K 2820 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 1,944 K 8,408 K 2236 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
ZeroConfigService.exe 5,044 K 18,476 K 4552 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
SocketHeciServer.exe < 0.01 1,776 K 7,636 K 6120 Intel® Capability Licensing Service TCP IP Interface Intel® Corporation (Verified) Intel® Trusted Connect Service
NVIDIA Web Helper.exe < 0.01 35,500 K 6,724 K 7796 NVIDIA Web Helper Service Node.js (Verified) NVIDIA Corporation
HControl.exe < 0.01 2,216 K 9,224 K 6504 HControl ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
svchost.exe < 0.01 2,500 K 12,792 K 3552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,180 K 13,092 K 10272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 10,208 K 31,848 K 1976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
OfficeClickToRun.exe < 0.01 36,508 K 59,368 K 4196 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
rundll32.exe < 0.01 1,624 K 7,464 K 5368 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
esif_assist_64.exe < 0.01 1,480 K 5,484 K 2280 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel® Software
svchost.exe < 0.01 3,532 K 13,892 K 648 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 40,692 K 82,100 K 1200 Google Chrome Google LLC (Verified) Google LLC
WUDFHost.exe < 0.01 25,080 K 15,500 K 1016 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
NVDisplay.Container.exe < 0.01 33,760 K 46,968 K 2964 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
AsusTPHelper.exe < 0.01 1,392 K 956 K 9416 ASUS Smart Gesture Helper AsusTek (Verified) ASUSTeK Computer Inc.
AsusTPLoader.exe < 0.01 2,644 K 1,016 K 9028 ASUS Smart Gesture Loader AsusTek (Verified) ASUSTeK Computer Inc.
chrome.exe < 0.01 107,792 K 130,624 K 10248 Google Chrome Google LLC (Verified) Google LLC
chrome.exe < 0.01 17,968 K 35,804 K 11512 Google Chrome Google LLC (Verified) Google LLC
ICEsoundService64.exe < 0.01 1,892 K 6,556 K 4172 ICEpower ICEsound APO service ICEpower (Verified) ICEpower a/s
chrome.exe 0.01 26,552 K 49,600 K 7560 Google Chrome Google LLC (Verified) Google LLC
explorer.exe 0.01 48,928 K 125,848 K 5948 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 79,328 K 114,904 K 12108 Google Chrome Google LLC (Verified) Google LLC
nvcontainer.exe 0.03 11,800 K 36,984 K 4312 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
SASCore64.exe 0.03 2,808 K 7,668 K 3704 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
chrome.exe 0.05 93,140 K 151,272 K 12272 Google Chrome Google LLC (Verified) Google LLC
CAudioFilterAgent64.exe 0.05 4,008 K 3,664 K 6072 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems LLC
SUPERAntiSpyware.exe 0.06 17,376 K 14,336 K 10012 SUPERAntiSpyware Application SUPERAntiSpyware (Verified) Support.com Inc
AsusTPCenter.exe 0.11 4,092 K 2,580 K 10064 ASUS Smart Gesture Center AsusTek (Verified) ASUSTeK Computer Inc.
MsMpEng.exe 0.13 368,620 K 406,860 K 4528 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.19 2,376 K 5,864 K 764 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 0.34 204 K 924 K 4
Interrupts 0.43 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.44 66,452 K 95,624 K 1232 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 0.90 41,628 K 76,800 K 3400 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 97.18 60 K 8 K 0

Edited by BMiles, 30 November 2020 - 08:30 PM.

  • 0

#7
BMiles
Posted 30 November 2020 - 08:27 PM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

From the elevated Command Prompt

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                       120 N/A                                         
smss.exe                       484 N/A                                         
csrss.exe                      652 N/A                                         
wininit.exe                    756 N/A                                         
csrss.exe                      764 N/A                                         
services.exe                   828 N/A                                         
lsass.exe                      848 KeyIso, SamSs, VaultSvc                     
svchost.exe                    964 PlugPlay                                    
svchost.exe                    992 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
WUDFHost.exe                  1016 N/A                                         
fontdrvhost.exe                 88 N/A                                         
svchost.exe                    900 RpcEptMapper, RpcSs                         
svchost.exe                   1028 LSM                                         
winlogon.exe                  1084 N/A                                         
fontdrvhost.exe               1156 N/A                                         
dwm.exe                       1232 N/A                                         
svchost.exe                   1376 NcbService                                  
svchost.exe                   1396 TimeBrokerSvc                               
svchost.exe                   1460 CoreMessagingRegistrar                      
svchost.exe                   1468 Schedule                                    
svchost.exe                   1544 ProfSvc                                     
svchost.exe                   1552 DisplayEnhancementService                   
svchost.exe                   1720 UserManager                                 
NVDisplay.Container.exe       1908 NVDisplay.ContainerLocalSystem              
svchost.exe                   1956 DispBrokerDesktopSvc                        
svchost.exe                   1964 camsvc                                      
svchost.exe                   2044 EventLog                                    
svchost.exe                   1260 SysMain                                     
svchost.exe                   1440 Themes                                      
svchost.exe                   1540 EventSystem                                 
svchost.exe                   2052 StateRepository                             
svchost.exe                   2144 SENS                                        
Memory Compression            2160 N/A                                         
WUDFHost.exe                  2236 N/A                                         
igfxCUIService.exe            2252 igfxCUIService2.0.0.0                       
svchost.exe                   2312 nsi                                         
svchost.exe                   2360 AudioEndpointBuilder                        
svchost.exe                   2368 Dhcp                                        
svchost.exe                   2376 FontCache                                   
svchost.exe                   2496 NlaSvc                                      
svchost.exe                   2556 Dnscache                                    
svchost.exe                   2648 netprofm                                    
svchost.exe                   2884 NgcSvc                                      
svchost.exe                   2928 NgcCtnrSvc                                  
NVDisplay.Container.exe       2964 N/A                                         
svchost.exe                   3024 Winmgmt                                     
svchost.exe                    648 Audiosrv                                    
WmiPrvSE.exe                  2820 N/A                                         
svchost.exe                   3192 Wcmsvc                                      
svchost.exe                   3200 DusmSvc                                     
svchost.exe                   3340 WinHttpAutoProxySvc                         
svchost.exe                   3412 WlanSvc                                     
svchost.exe                   3552 ShellHWDetection                            
AsLdrSrv.exe                  3560 ASLDRService                                
GFNEXSrv.exe                  3636 ATKGFNEXSrv                                 
wlanext.exe                   3672 N/A                                         
conhost.exe                   3680 N/A                                         
spoolsv.exe                   3908 Spooler                                     
svchost.exe                   3960 BFE, mpssvc                                 
svchost.exe                   4012 LanmanWorkstation                           
svchost.exe                   3692 CertPropSvc                                 
svchost.exe                   3688 DeviceAssociationService                    
SASCore64.exe                 3704 !SASCORE                                    
CxAudMsg64.exe                3712 CxAudMsg                                    
svchost.exe                   3720 DiagTrack                                   
svchost.exe                   3852 DPS                                         
ibtsiva.exe                   3940 ibtsiva                                     
EvtEng.exe                    3948 EvtEng                                      
svchost.exe                   4000 CryptSvc                                    
esif_uf.exe                   4100 esifsvc                                     
armsvc.exe                    4108 AdobeARMservice                             
svchost.exe                   4156 iphlpsvc                                    
ICEsoundService64.exe         4172 ICEsoundService                             
OfficeClickToRun.exe          4196 ClickToRunSvc                               
svchost.exe                   4272 LanmanServer                                
nvcontainer.exe               4312 NvContainerLocalSystem                      
NIHardwareService.exe         4324 NIHardwareService                           
svchost.exe                   4336 SstpSvc                                     
RegSrvc.exe                   4376 RegSrvc                                     
svchost.exe                   4384 stisvc                                      
SASrv.exe                     4392 SAService                                   
svchost.exe                   4440 TrkWks                                      
MsMpEng.exe                   4528 WinDefend                                   
UploaderService.exe           4540 TechSmith Uploader Service                  
ZeroConfigService.exe         4552 ZeroConfigService                           
svchost.exe                   4564 WpnService                                  
svchost.exe                   4612 TapiSrv                                     
dasHost.exe                   4668 N/A                                         
svchost.exe                   4804 WdiServiceHost                              
svchost.exe                   5032 RasMan                                      
unsecapp.exe                  5396 N/A                                         
svchost.exe                   5916 SSDPSRV                                     
rundll32.exe                  5368 N/A                                         
dasHost.exe                   5820 N/A                                         
NisSrv.exe                    6656 WdNisSvc                                    
svchost.exe                   7084 lmhosts                                     
dllhost.exe                    148 N/A                                         
HControl.exe                  6504 N/A                                         
sihost.exe                    1488 N/A                                         
svchost.exe                   1976 CDPUserSvc_a1974                            
nvcontainer.exe               1888 N/A                                         
esif_assist_64.exe            2280 N/A                                         
PresentationFontCache.exe     2396 FontCache3.0.0.0                            
svchost.exe                   3220 WpnUserService_a1974                        
taskhostw.exe                 7112 N/A                                         
USBChargerPlus.exe             792 N/A                                         
svchost.exe                     92 TokenBroker                                 
svchost.exe                   2220 TabletInputService                          
ACMON.exe                     3036 N/A                                         
ctfmon.exe                    2792 N/A                                         
explorer.exe                  5948 N/A                                         
svchost.exe                   1916 CDPSvc                                      
svchost.exe                   4452 Appinfo                                     
svchost.exe                   7176 cbdhsvc_a1974                               
igfxEM.exe                    7256 N/A                                         
DMedia.exe                    7404 N/A                                         
ATKOSD2.exe                   7412 N/A                                         
svchost.exe                   7420 PcaSvc                                      
svchost.exe                   7628 WdiSystemHost                               
StartMenuExperienceHost.e     8072 N/A                                         
RuntimeBroker.exe             7236 N/A                                         
CAudioFilterAgent64.exe       6072 N/A                                         
SearchUI.exe                  7500 N/A                                         
SearchIndexer.exe             3468 WSearch                                     
NVIDIA Web Helper.exe         7796 N/A                                         
conhost.exe                   4480 N/A                                         
RuntimeBroker.exe             8220 N/A                                         
SettingSyncHost.exe           8656 N/A                                         
RuntimeBroker.exe             9100 N/A                                         
AsusTPLoader.exe              9028 N/A                                         
GoogleCrashHandler.exe        9328 N/A                                         
GoogleCrashHandler64.exe      9348 N/A                                         
dllhost.exe                   9752 N/A                                         
AsusTPCenter.exe             10064 N/A                                         
AsusTPHelper.exe              9416 N/A                                         
SUPERAntiSpyware.exe         10012 N/A                                         
aesm_service.exe              9276 AESMService                                 
jhi_service.exe               2204 jhi_service                                 
LMS.exe                       7832 LMS                                         
SgrmBroker.exe                9296 SgrmBroker                                  
svchost.exe                   9700 UsoSvc                                      
svchost.exe                    100 wscsvc                                      
svchost.exe                   8584 OneSyncSvc_a1974,                           
                                   PimIndexMaintenanceSvc_a1974,               
                                   UnistoreSvc_a1974, UserDataSvc_a1974        
SocketHeciServer.exe          6120 Intel® Capability Licensing Service TCP IP
                                    Interface                                  
ApplicationFrameHost.exe      5412 N/A                                         
svchost.exe                    888 LicenseManager                              
WinStore.App.exe              1592 N/A                                         
RuntimeBroker.exe            10356 N/A                                         
svchost.exe                  10792 InstallService                              
SmartAudio.exe               10932 N/A                                         
SystemSettings.exe            3464 N/A                                         
svchost.exe                  10272 WbioSrvc                                    
commsapps.exe                10992 N/A                                         
RuntimeBroker.exe             9420 N/A                                         
HxTsr.exe                     5652 N/A                                         
SecHealthUI.exe               9528 N/A                                         
svchost.exe                   8620 BthAvctpSvc                                 
RuntimeBroker.exe             9524 N/A                                         
SecurityHealthHost.exe        7216 N/A                                         
SecurityHealthService.exe     7336 SecurityHealthService                       
SecurityHealthHost.exe       12180 N/A                                         
chrome.exe                   12272 N/A                                         
chrome.exe                    5576 N/A                                         
chrome.exe                   10248 N/A                                         
chrome.exe                   11512 N/A                                         
chrome.exe                   11164 N/A                                         
chrome.exe                   11756 N/A                                         
chrome.exe                   12108 N/A                                         
svchost.exe                  12060 DoSvc                                       
svchost.exe                  10576 StorSvc                                     
svchost.exe                  11808 lfsvc                                       
chrome.exe                    7752 N/A                                         
chrome.exe                    7560 N/A                                         
chrome.exe                   11716 N/A                                         
smartscreen.exe               9844 N/A                                         
audiodg.exe                  11072 N/A                                         
chrome.exe                   12112 N/A                                         
notepad.exe                   3548 N/A                                         
WindowsInternal.Composabl    11360 N/A                                         
svchost.exe                   3348 BITS                                        
Taskmgr.exe                   4824 N/A                                         
cmd.exe                       8204 N/A                                         
conhost.exe                   7856 N/A                                         
notepad.exe                   8036 N/A                                         
notepad.exe                  11940 N/A                                         
chrome.exe                   10256 N/A                                         
RuntimeBroker.exe             6768 N/A                                         
backgroundTaskHost.exe        7776 N/A                                         
cmd.exe                       7364 N/A                                         
conhost.exe                   7564 N/A                                         
tasklist.exe                  9260 N/A                                         
WmiPrvSE.exe                  7968 N/A                                         
 

  • 0

#8
RKinner
Posted 30 November 2020 - 08:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Process Explorer looks clean and there are no strange programs hiding in the svchosts.  I see you have Speccy.  Let's make a log:

 

Close your browser(s).
Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

  • 0

#9
BMiles
Posted 30 November 2020 - 08:57 PM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

As requested from Speccy

Attached Files


  • 0

#10
RKinner
Posted 30 November 2020 - 10:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Speccy looks OK.  I see from your FRST scan that you have had some BSODs.  Let's run BlueScreenView and see what caused them:

 

 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

  • 0

Advertisements

#11
BMiles
Posted 01 December 2020 - 06:23 AM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Here is the log for BSOD

 

==================================================
Dump File         : 111920-11812-01.dmp
Crash Time        : 2020-11-19 7:33:54 AM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000001`00000010
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff806`51664e62
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111920-11812-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 1,994,628
Dump File Time    : 2020-11-19 7:34:46 AM
==================================================
 
==================================================
Dump File         : 111820-10656-01.dmp
Crash Time        : 2020-11-18 8:28:13 PM
Bug Check String  : 
Bug Check Code    : 0x0000013a
Parameter 1       : 00000000`00000012
Parameter 2       : ffffc603`93600100
Parameter 3       : ffffc603`9c5cb000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111820-10656-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 1,540,700
Dump File Time    : 2020-11-18 8:28:57 PM
==================================================
 
==================================================
Dump File         : 111820-10625-01.dmp
Crash Time        : 2020-11-18 8:19:18 PM
Bug Check String  : 
Bug Check Code    : 0x0000013a
Parameter 1       : 00000000`00000012
Parameter 2       : ffffd701`40a00100
Parameter 3       : ffffd701`49684000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111820-10625-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 1,522,876
Dump File Time    : 2020-11-18 8:20:17 PM
==================================================
 
==================================================
Dump File         : 111820-14593-01.dmp
Crash Time        : 2020-11-18 5:45:46 PM
Bug Check String  : 
Bug Check Code    : 0x0000013a
Parameter 1       : 00000000`00000012
Parameter 2       : ffff9085`42c00100
Parameter 3       : ffff9085`4d7bc000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111820-14593-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 2,297,860
Dump File Time    : 2020-11-18 5:47:37 PM
==================================================
 
==================================================
Dump File         : 111720-10578-01.dmp
Crash Time        : 2020-11-17 5:12:05 PM
Bug Check String  : 
Bug Check Code    : 0x0000013a
Parameter 1       : 00000000`00000012
Parameter 2       : ffff8a8b`e9800100
Parameter 3       : ffff8a8b`f25aa000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111720-10578-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 2,161,300
Dump File Time    : 2020-11-17 5:13:31 PM
==================================================
 
==================================================
Dump File         : 111520-10375-01.dmp
Crash Time        : 2020-11-15 4:35:09 AM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`070502f9
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff804`68461de4
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111520-10375-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 1,789,396
Dump File Time    : 2020-11-15 4:35:59 AM
==================================================
 
==================================================
Dump File         : 111420-32640-01.dmp
Crash Time        : 2020-11-14 1:45:47 PM
Bug Check String  : 
Bug Check Code    : 0x0000013a
Parameter 1       : 00000000`00000012
Parameter 2       : ffffc905`23600100
Parameter 3       : ffffc905`2fe1c000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111420-32640-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 2,199,156
Dump File Time    : 2020-11-14 1:54:43 PM
==================================================
 
==================================================
Dump File         : 111220-34296-01.dmp
Crash Time        : 2020-11-12 9:48:02 PM
Bug Check String  : 
Bug Check Code    : 0x0000013a
Parameter 1       : 00000000`00000012
Parameter 2       : ffff8a07`86400100
Parameter 3       : ffff8a07`8fde7000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c3b20
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c3b20
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111220-34296-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 2,125,660
Dump File Time    : 2020-11-12 9:51:59 PM
==================================================
 
==================================================
Dump File         : 110820-40718-01.dmp
Crash Time        : 2020-11-08 11:14:42 AM
Bug Check String  : 
Bug Check Code    : 0x00000133
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000501
Parameter 3       : 00000000`00000500
Parameter 4       : fffff804`07d71358
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c2ce0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c2ce0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110820-40718-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 4,231,580
Dump File Time    : 2020-11-08 11:22:23 AM
==================================================
 
==================================================
Dump File         : 110320-36312-01.dmp
Crash Time        : 2020-11-03 5:24:46 PM
Bug Check String  : 
Bug Check Code    : 0x00000133
Parameter 1       : 00000000`00000001
Parameter 2       : 00000000`00001e00
Parameter 3       : fffff807`37971358
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1c2ce0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+1c2ce0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110320-36312-01.dmp
Processors Count  : 8
Major Version     : 15
Minor Version     : 18362
Dump File Size    : 4,416,628
Dump File Time    : 2020-11-03 5:33:26 PM
==================================================

  • 0

#12
RKinner
Posted 01 December 2020 - 06:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Doewn't tell us much:

 

ntoskrnl.exe+1c3b20

 

ntoskrnl.exe is a Windows File so unlikely to cause the problem on its own.  Usually when I see this it's caused by overheating or bad RAM but since it's so constant I think it's more likely poorly written malware.  Hasn't been any more since 11/19 and it started  the day of the infection.  We can try Who Crashed and see if it finds out anything more:

 

 

 
See if you can get Who Crashed to work:
 
 
Then click on Download free home edition 
 
where it says:
 
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
 
Right click on the downloaded files and Run As Admin.  Once you agree to the terms and Install it then Finish it should open Who Crashed.  Click on Analyze.  Once it finishes scroll down to the bottom and copy the report and paste it into a reply.

  • 0

#13
BMiles
Posted 01 December 2020 - 08:23 AM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

WhoCrashed

 

System Information (local)

Computer name: DESKTOP-HALUPV1
Windows version: Windows 10, 10.0, version 1909, build: 18363
Windows dir: C:\WINDOWS
Hardware: GL752VW, ASUSTeK COMPUTER INC.
CPU: GenuineIntel Intel® Core™ i7-6700HQ CPU @ 2.60GHz 8664, level: 6
8 logical processors, active mask: 255
RAM: 17041473536 bytes (15.9GB)


 

Crash Dump Analysis

Crash dumps are enabled on your computer.

Crash dump directories:
C:\WINDOWS
C:\WINDOWS\Minidump

On Thu 2020-11-19 7:33:54 AM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111920-11812-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0xA (0x100000010, 0x2, 0x0, 0xFFFFF80651664E62)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This is a software bug.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 2020-11-19 7:33:54 AM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\MEMORY.DMP
This was probably caused by the following module: usbxhci.sys (USBXHCI+0x3243C)
Bugcheck code: 0xA (0x100000010, 0x2, 0x0, 0xFFFFF80651664E62)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\drivers\usbxhci.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: USB XHCI Driver
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This is a software bug.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
The crash took place in a storage driver or controller driver. Since there is no other responsible driver detected, this could be pointing to a malfunctioning drive or corrupted disk. It's suggested that you run CHKDSK.



On Wed 2020-11-18 5:45:46 PM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111820-14593-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0x13A (0x12, 0xFFFF908542C00100, 0xFFFF90854D7BC000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 2020-11-18 8:28:13 PM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111820-10656-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0x13A (0x12, 0xFFFFC60393600100, 0xFFFFC6039C5CB000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 2020-11-18 8:19:18 PM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111820-10625-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0x13A (0x12, 0xFFFFD70140A00100, 0xFFFFD70149684000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 2020-11-17 5:12:05 PM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111720-10578-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0x13A (0x12, 0xFFFF8A8BE9800100, 0xFFFF8A8BF25AA000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 2020-11-15 4:35:09 AM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111520-10375-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0xA (0x70502F9, 0x2, 0x0, 0xFFFFF80468461DE4)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. This is a software bug.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sat 2020-11-14 1:45:47 PM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111420-32640-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0x13A (0x12, 0xFFFFC90523600100, 0xFFFFC9052FE1C000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 2020-11-12 9:48:02 PM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\111220-34296-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x1C3B20)
Bugcheck code: 0x13A (0x12, 0xFFFF8A0786400100, 0xFFFF8A078FDE7000, 0x0)
Error: KERNEL_MODE_HEAP_CORRUPTION
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel mode heap manager has detected corruption in a heap.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 2020-11-08 11:14:42 AM your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\110820-40718-01.dmp
This was probably caused by the following module: hal.dll (hal+0x48131)
Bugcheck code: 0x133 (0x0, 0x501, 0x500, 0xFFFFF80407D71358)
Error: DPC_WATCHDOG_VIOLATION
file path: C:\WINDOWS\system32\hal.dll
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Hardware Abstraction Layer DLL
Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. This could be caused by either a non-responding driver or non-responding hardware. This bug check can also occur because of overheated CPUs (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



 

Conclusion

On your computer a total of 11 crash dumps have been found. Only 10 have been analyzed. No offending third party drivers have been found. Connsider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further. 


  • 0

#14
RKinner
Posted 01 December 2020 - 09:39 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I think it's just from the infection.  As long as we don't see any new BSODs I think it will be OK.

 

Let's run a benchmark just to see what it says:

https://www.userbenchmark.com


Click on Free Download.  Save the file then right click and Run As Admin.  Close all programs and pause your antivirus before starting.


When it finishes it will open a browser.  Copy the URL and paste it into a Reply.

 

I'm thinking we're good but let's do one more scan:

 

Let's run Rogue Killer

http://www.adlice.co...iller/#download

Portable 64 bits

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.

 


  • 0

#15
BMiles
Posted 01 December 2020 - 10:00 AM

BMiles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

https://www.userbenchmark.com/UserRun/36220376 

 

Rouge Killer to come


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP