Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

on desktop system locks up until I end GPURISEAGENT.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 SolidusFox

SolidusFox

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 March 2018 - 12:31 PM

Just today I logged on and noticed my PC being extremely sluggish and gradually getting worse until it locked up. I managed to log off and log back on and quickly get task manager up and saw GPURISEAGENT.exe and TOR.exe which neither of them I recognise, performance wise I was getting 100% on my GPU but weirdly enough not on either of those processes but I ended the tasks anyway and my system returned to normal. I had a google with no relevant results and I am also currently running a windows defender scan at the moment, so any help would be great I'd also be grateful if possible to ensure no backdoors or anything have been created as I have a lot of sensitive information on my system.

 

 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by SolidusFox (administrator) on JAYSPC (26-03-2018 18:19:47)
Running from C:\Users\SolidusFox\OneDrive - West College Scotland\Downloads
Loaded Profiles: SolidusFox (Available Profiles: SolidusFox)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\System32\PnkBstrA.exe
(Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe
(Guillemot Corporation) C:\Program Files (x86)\Thrustmaster\TARGET\TmService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\T.Flight Hotas\drivers\amd64\tmHInstall.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files (x86)\NZXT\CAM\FPS\CAMFPS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Users\SolidusFox\AppData\Roaming\tor\tor.exe
() D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [GPURise] => C:\Users\Public\AppData\GPURise\GPURiseAgent.exe [4928000 2011-11-11] (GPURise Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [18848976 2017-08-04] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [Discord] => C:\Users\SolidusFox\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-23] (Valve Corporation)
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3100456 2018-03-05] (Electronic Arts)
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [Gaijin.Net Agent] => "C:\Users\SolidusFox\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [WallpaperEngine] => D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe [1348072 2018-01-20] ()
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [Parsec.App.0] => C:\Users\SolidusFox\AppData\Roaming\Parsec\electron\parsec.exe hidden=1
HKU\S-1-5-21-1694344396-482508502-3559439281-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-03-16]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\SolidusFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{120d7da8-2bfe-4b2e-a148-1e271cde677c}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-02-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-09] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-09] (Oracle Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1503540940598
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-02-09] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2017-12-27] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-02-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default [2018-03-26]
CHR Extension: (Slides) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (h264ify) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2018-02-22]
CHR Extension: (Docs) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23]
CHR Extension: (YouTube) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23]
CHR Extension: (uBlock Origin) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-20]
CHR Extension: (Black green shards) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojkleigdijnbfecdhjigpgalhfhkdee [2018-02-08]
CHR Extension: (Sheets) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-23]
CHR Extension: (AdBlock) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-09]
CHR Extension: (Grammarly for Chrome) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (TunnelBear Inc.) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-03-19]
CHR Extension: (Gmail) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\SolidusFox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-10] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2018-03-03] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-21] (EasyAntiCheat Ltd)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2159424 2018-03-05] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-05] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2018-01-01] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-12-31] ()
R2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.EXE [46208 2017-09-18] (Thrustmaster®)
R2 tmHInstall; C:\Program Files\Thrustmaster\T.Flight Hotas\drivers\amd64\tmHInstall.exe [92288 2017-09-18] (Thrustmaster®)
R2 TmWinService; C:\Program Files (x86)\Thrustmaster\TARGET\TmService.exe [315944 2016-10-31] (Guillemot Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-11-07] (Wondershare)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R0 asstor64; C:\WINDOWS\System32\drivers\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
S3 AsusVBus; C:\WINDOWS\System32\drivers\AsusVBus.sys [39704 2017-01-09] (Windows ® Win 7 DDK provider)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [84472 2017-01-09] (ASUS Corporation)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [75560 2017-08-24] (Broadcom Corporation.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2017-06-21] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2017-06-21] (Corsair)
R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2018-03-26] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d64x64.sys [564216 2017-04-25] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKsl07a0c3e0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63DEF181-AD30-4FEF-BFF1-2F6574FCFF24}\MpKsl07a0c3e0.sys [58120 2018-03-25] (Microsoft Corporation)
R1 MpKsl4564b6a9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0B0E4D3-6F34-4A3D-8B17-EC00734FFCD4}\MpKsl4564b6a9.sys [58120 2018-03-15] (Microsoft Corporation)
R1 MpKsl52943eb0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4ABA3194-CA93-4BE7-91B6-2590E16C659A}\MpKsl52943eb0.sys [58120 2018-03-24] (Microsoft Corporation)
R1 MpKsl9dc542af; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED2B3BE2-7391-4B0E-8EE8-695352F1B6B5}\MpKsl9dc542af.sys [58120 2018-03-19] (Microsoft Corporation)
R1 MpKslbac380c5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF9B489C-6EB1-46F0-88A4-45EF4AC31E21}\MpKslbac380c5.sys [58120 2018-03-26] (Microsoft Corporation)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_048172e9d7cc483d\nvlddmkm.sys [17524720 2018-02-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-24] (NVIDIA Corporation)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] ()
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [47944 2018-01-16] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R3 TmBusEn; C:\WINDOWS\System32\drivers\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
R3 TmBusEn; C:\Windows\SysWOW64\drivers\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\WINDOWS\System32\drivers\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\SysWOW64\drivers\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\WINDOWS\system32\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\SysWOW64\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [54208 2017-09-03] (Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\CAM_V3.sys [14544 2018-03-26] (OpenLibSys.org)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-26 18:18 - 2018-03-26 18:19 - 000000000 ____D C:\FRST
2018-03-26 16:38 - 2018-03-26 18:17 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\tor
2018-03-25 13:40 - 2018-03-25 13:40 - 000000251 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-03-25 13:39 - 2018-03-25 13:40 - 000000000 ____D C:\Users\Public\AppData\GPURise
2018-03-25 13:39 - 2018-03-25 13:39 - 000000000 ____D C:\Program Files\Tor
2018-03-22 18:30 - 2018-03-22 18:30 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\Microsoft Help
2018-03-21 18:42 - 2018-03-20 22:40 - 000000237 ___SH C:\Users\Public\Libraries.ini
2018-03-21 18:25 - 2018-03-21 18:25 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-03-21 18:25 - 2018-03-21 18:25 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-03-21 18:25 - 2018-03-21 18:25 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\UnrealEngineLauncher
2018-03-21 18:25 - 2018-03-21 18:25 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\EpicGamesLauncher
2018-03-21 18:25 - 2018-03-21 18:25 - 000000000 ____D C:\ProgramData\Epic
2018-03-21 18:25 - 2018-03-21 18:25 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-03-20 22:15 - 2018-03-20 22:15 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-03-20 22:15 - 2018-03-20 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-03-19 23:04 - 2018-03-19 23:04 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-19 23:04 - 2018-02-23 20:28 - 000136536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-03-19 23:04 - 2017-12-08 23:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-03-19 23:04 - 2017-12-08 23:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-03-19 23:04 - 2017-12-08 23:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-03-19 23:04 - 2017-12-08 23:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-03-19 23:03 - 2018-03-19 23:03 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-03-19 23:02 - 2018-02-26 04:46 - 000997736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-03-19 23:02 - 2018-02-26 04:46 - 000949280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-03-19 23:02 - 2018-02-26 04:46 - 000625696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-03-19 23:02 - 2018-02-26 04:46 - 000516128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 019854816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 016496072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 013571008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 011131688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 004317160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 003717432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 001985384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439101.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439101.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 001136944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 001065880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 000749416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-03-19 23:02 - 2018-02-26 04:44 - 000608344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 040277488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 035188640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 001355408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 001345944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 001153752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 001067368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 000902280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 000811992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 000650424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-03-19 23:02 - 2018-02-26 04:43 - 000633040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-03-19 23:02 - 2018-02-26 04:42 - 012966216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-03-19 23:02 - 2018-02-26 04:42 - 011000480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-03-19 23:02 - 2018-02-26 04:42 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-03-19 22:50 - 2018-03-19 22:51 - 000000000 ____D C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Need for Speed™ Payback
2018-03-19 22:24 - 2018-03-25 13:40 - 000000000 ____D C:\Program Files\ObjectInstallerService
2018-03-19 21:26 - 2018-03-23 16:57 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\BitTorrent
2018-03-19 18:25 - 2018-03-19 18:25 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-03-18 02:56 - 2018-03-18 02:56 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\Victory
2018-03-18 02:13 - 2018-03-18 02:52 - 000237328 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2018-03-18 02:13 - 2018-03-18 02:13 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\DeadByDaylight
2018-03-17 17:32 - 2018-03-17 17:32 - 000000222 _____ C:\Users\SolidusFox\Desktop\Kerbal Space Program.url
2018-03-17 00:37 - 2018-03-17 00:37 - 000000000 ____D C:\Users\SolidusFox\AppData\LocalLow\Squad
2018-03-13 20:06 - 2018-03-02 04:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 20:06 - 2018-03-02 04:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 20:06 - 2018-03-02 04:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 20:06 - 2018-03-02 04:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 20:06 - 2018-03-02 04:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 20:06 - 2018-03-02 04:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 20:06 - 2018-03-02 03:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 20:06 - 2018-03-01 21:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 20:06 - 2018-03-01 08:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 20:06 - 2018-03-01 08:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 20:06 - 2018-03-01 08:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 20:06 - 2018-03-01 08:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 20:06 - 2018-03-01 08:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 20:06 - 2018-03-01 08:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 20:06 - 2018-03-01 08:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 20:06 - 2018-03-01 08:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 20:06 - 2018-03-01 08:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 20:06 - 2018-03-01 08:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 20:06 - 2018-03-01 08:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 20:06 - 2018-03-01 08:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 20:06 - 2018-03-01 08:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 20:06 - 2018-03-01 08:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 20:06 - 2018-03-01 08:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 20:06 - 2018-03-01 08:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 20:06 - 2018-03-01 08:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 20:06 - 2018-03-01 08:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 20:06 - 2018-03-01 08:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 20:06 - 2018-03-01 08:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 20:06 - 2018-03-01 08:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 20:06 - 2018-03-01 08:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 20:06 - 2018-03-01 08:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 20:06 - 2018-03-01 08:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 20:06 - 2018-03-01 08:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 20:06 - 2018-03-01 08:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 20:06 - 2018-03-01 08:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 20:06 - 2018-03-01 08:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 20:06 - 2018-03-01 08:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:06 - 2018-03-01 08:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 20:06 - 2018-03-01 08:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 20:06 - 2018-03-01 08:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 20:06 - 2018-03-01 08:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 20:06 - 2018-03-01 08:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 20:06 - 2018-03-01 08:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 20:06 - 2018-03-01 08:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 20:06 - 2018-03-01 08:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 20:06 - 2018-03-01 08:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 20:06 - 2018-03-01 08:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 20:06 - 2018-03-01 08:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 20:06 - 2018-03-01 08:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 20:06 - 2018-03-01 08:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 20:06 - 2018-03-01 07:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 20:06 - 2018-03-01 07:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 20:06 - 2018-03-01 07:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 20:06 - 2018-03-01 07:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 20:06 - 2018-03-01 07:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 20:06 - 2018-03-01 07:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 20:06 - 2018-03-01 07:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:06 - 2018-03-01 07:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 20:06 - 2018-03-01 07:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 20:06 - 2018-03-01 07:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 20:06 - 2018-03-01 07:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 20:06 - 2018-03-01 07:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 20:06 - 2018-03-01 07:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 20:06 - 2018-03-01 07:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 20:06 - 2018-03-01 07:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 20:06 - 2018-03-01 07:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 20:06 - 2018-03-01 07:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 20:06 - 2018-03-01 07:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 20:06 - 2018-03-01 07:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 20:06 - 2018-03-01 07:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 20:06 - 2018-03-01 07:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 20:06 - 2018-03-01 07:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 20:06 - 2018-03-01 07:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 20:06 - 2018-03-01 07:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 20:06 - 2018-03-01 07:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 20:06 - 2018-03-01 07:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 20:06 - 2018-03-01 06:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 20:06 - 2018-03-01 06:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 20:06 - 2018-03-01 06:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 20:06 - 2018-03-01 06:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 20:06 - 2018-03-01 06:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 20:06 - 2018-03-01 06:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 20:06 - 2018-03-01 06:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 20:06 - 2018-03-01 06:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 20:06 - 2018-03-01 06:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 20:06 - 2018-03-01 06:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 20:06 - 2018-03-01 06:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 20:06 - 2018-03-01 06:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 20:06 - 2018-03-01 06:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 20:06 - 2018-03-01 06:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 20:06 - 2018-03-01 06:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 20:06 - 2018-03-01 06:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 20:06 - 2018-03-01 06:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 20:06 - 2018-03-01 06:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 20:06 - 2018-03-01 06:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 20:06 - 2018-03-01 06:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 20:06 - 2018-03-01 06:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 20:06 - 2018-03-01 06:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 20:06 - 2018-03-01 06:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 20:06 - 2018-03-01 06:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 20:06 - 2018-03-01 06:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 20:06 - 2018-03-01 06:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 20:06 - 2018-03-01 06:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 20:06 - 2018-03-01 06:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 20:06 - 2018-03-01 06:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 20:06 - 2018-03-01 06:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 20:06 - 2018-03-01 06:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 20:06 - 2018-03-01 06:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 20:06 - 2018-03-01 06:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 20:06 - 2018-03-01 06:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 20:06 - 2018-03-01 06:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 20:06 - 2018-03-01 06:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 20:06 - 2018-03-01 06:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 20:06 - 2018-03-01 06:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 20:06 - 2018-03-01 06:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 20:06 - 2018-03-01 06:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 20:06 - 2018-03-01 06:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 20:06 - 2018-03-01 06:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 20:06 - 2018-03-01 06:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 20:06 - 2018-03-01 06:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 20:06 - 2018-03-01 06:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 20:06 - 2018-03-01 06:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 20:06 - 2018-03-01 06:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 20:06 - 2018-03-01 06:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 20:06 - 2018-03-01 06:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 20:06 - 2018-03-01 06:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 20:06 - 2018-03-01 06:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 20:06 - 2018-03-01 06:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 20:06 - 2018-03-01 06:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 20:06 - 2018-03-01 06:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 20:06 - 2018-03-01 06:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 20:06 - 2018-03-01 06:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 20:06 - 2018-03-01 06:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 20:06 - 2018-03-01 06:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 20:06 - 2018-03-01 06:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 20:06 - 2018-03-01 06:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 20:06 - 2018-03-01 06:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 20:06 - 2018-03-01 06:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 20:06 - 2018-03-01 06:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 20:06 - 2018-03-01 06:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 20:06 - 2018-03-01 06:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 20:06 - 2018-03-01 06:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 20:06 - 2018-02-22 03:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 20:06 - 2018-02-22 03:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 20:06 - 2018-02-22 03:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 20:06 - 2018-02-22 03:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 20:06 - 2018-02-22 03:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 20:06 - 2018-02-22 03:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 20:06 - 2018-02-22 03:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 20:06 - 2018-02-22 03:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 20:06 - 2018-02-22 03:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 20:06 - 2018-02-22 03:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 20:06 - 2018-02-22 03:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 20:06 - 2018-02-22 03:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 20:06 - 2018-02-22 03:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 20:06 - 2018-02-22 03:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 20:06 - 2018-02-22 03:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 20:06 - 2018-02-22 03:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 20:06 - 2018-02-22 02:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 20:06 - 2018-02-22 02:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 20:06 - 2018-02-22 02:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 20:06 - 2018-02-22 02:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 20:06 - 2018-02-22 02:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 20:06 - 2018-02-22 02:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 20:06 - 2018-02-22 02:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 20:06 - 2018-02-22 02:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 20:06 - 2018-02-22 01:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 20:06 - 2018-02-22 01:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 20:06 - 2018-02-22 01:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 20:06 - 2018-02-22 01:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 20:06 - 2018-02-22 01:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 20:06 - 2018-02-22 01:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 20:06 - 2018-02-22 01:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 20:06 - 2018-02-22 01:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 20:06 - 2018-02-22 01:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-07 19:10 - 1997-07-11 05:38 - 000524288 _____ C:\Users\SolidusFox\Desktop\SCPH1001.BIN
2018-03-06 22:14 - 2018-03-06 22:14 - 000000222 _____ C:\Users\SolidusFox\Desktop\Total War ATTILA.url
2018-03-06 18:55 - 2018-03-06 18:57 - 000000000 ____D C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Sairento VR Videos
2018-03-05 23:39 - 2018-03-05 23:39 - 000002045 _____ C:\Users\SolidusFox\Desktop\CAM.lnk
2018-03-05 23:39 - 2018-03-05 23:39 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM.lnk
2018-03-05 23:39 - 2018-03-05 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAM
2018-03-04 04:37 - 2018-03-04 04:37 - 000000740 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2018-03-03 18:13 - 2018-03-03 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HCS VoicePacks LEO
2018-03-03 18:11 - 2018-03-03 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HCS Plugins
2018-03-02 16:07 - 2018-03-02 16:07 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\CrystalDiskMark
2018-03-01 16:46 - 2018-03-01 16:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-26 17:45 - 2018-02-26 17:45 - 000213632 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2018-02-26 17:45 - 2018-02-26 17:45 - 000203328 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2018-02-25 20:24 - 2018-02-25 20:24 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Custom Office Templates
2018-02-25 17:58 - 2018-02-25 17:58 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\College
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\WB Games
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\The Witcher 3
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Streaming
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\STAR WARS Battlefront II
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\STAR WARS Battlefront
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Rockstar Games
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Road Redemption
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Respawn
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Rec Room
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Project CARS 2
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Project CARS
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\OneNote Notebooks
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\My Phone Backup
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\My Games
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Mouse Icons
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Job Stuff
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Euro Truck Simulator 2
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\EscapefromEconomy
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Escape from Tarkov
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\DayZ
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Commandos 3 - Destination Berlin
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Commandos - Behind Enemy Lines
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Battlefield 4
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Battlefield 1
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\Arma 3
2018-02-25 17:29 - 2018-02-25 17:34 - 000000000 ___DL C:\Users\SolidusFox\OneDrive - West College Scotland\Documents\4A Games
2018-02-25 17:17 - 2018-03-20 22:16 - 000000000 __RDL C:\Users\SolidusFox\OneDrive - West College Scotland
2018-02-25 14:09 - 2018-02-25 21:26 - 000000000 ____D C:\Users\SolidusFox\Heaven
2018-02-25 14:09 - 2018-02-25 15:39 - 001065984 _____ C:\Users\SolidusFox\AppData\Local\file__0.localstorage
2018-02-25 13:47 - 2018-03-26 17:05 - 000003462 _____ C:\WINDOWS\System32\Tasks\CAM
2018-02-25 13:46 - 2018-02-25 13:46 - 000000000 ____D C:\Program Files (x86)\NZXT
2018-02-24 20:34 - 2018-02-24 20:34 - 000000000 ____D C:\Users\SolidusFox\AppData\LocalLow\Mixed Realms
2018-02-24 20:08 - 2018-02-24 20:08 - 000000000 ____D C:\Users\SolidusFox\AppData\LocalLow\Ionized Studios
2018-02-24 05:23 - 2018-02-24 05:42 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\TeamViewer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-26 17:05 - 2017-08-23 15:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-26 17:05 - 2017-08-23 15:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-26 17:05 - 2017-08-23 02:38 - 000000000 __SHD C:\Users\SolidusFox\IntelGraphicsProfiles
2018-03-26 16:56 - 2017-08-23 02:59 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-26 16:44 - 2017-10-27 21:29 - 001853954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-26 16:42 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-26 16:38 - 2017-10-27 21:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-26 16:38 - 2017-10-27 21:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-25 20:17 - 2017-10-04 15:49 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\CrashDumps
2018-03-23 16:10 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-23 16:10 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-22 23:12 - 2017-08-23 02:46 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 18:38 - 2017-08-31 19:57 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\UnrealEngine
2018-03-21 18:26 - 2017-12-25 20:52 - 000000000 ____D C:\Program Files\Epic Games
2018-03-21 00:15 - 2018-01-08 19:54 - 000000000 ____D C:\Users\SolidusFox\.VirtualBox
2018-03-20 22:16 - 2017-10-27 21:24 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1694344396-482508502-3559439281-1001
2018-03-20 22:16 - 2017-08-23 15:40 - 000002414 _____ C:\Users\SolidusFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-20 22:16 - 2017-08-23 15:40 - 000000000 __RDL C:\Users\SolidusFox\OneDrive
2018-03-20 22:15 - 2017-10-27 21:22 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\Packages
2018-03-20 22:15 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-20 18:15 - 2017-10-27 21:20 - 000407440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-19 23:32 - 2017-08-23 03:13 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\Ubisoft Game Launcher
2018-03-19 23:04 - 2017-08-23 22:14 - 000000000 ____D C:\temp
2018-03-19 23:04 - 2017-08-23 15:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-19 23:04 - 2017-08-23 03:12 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\NVIDIA
2018-03-19 22:36 - 2017-10-27 21:22 - 000000000 ____D C:\Users\SolidusFox
2018-03-19 20:49 - 2017-08-23 03:14 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\Origin
2018-03-19 20:48 - 2017-08-23 03:14 - 000000000 ____D C:\Program Files (x86)\Origin
2018-03-19 20:48 - 2017-08-23 03:13 - 000000000 ____D C:\ProgramData\Origin
2018-03-19 20:40 - 2017-08-23 03:02 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-19 18:25 - 2018-02-09 00:18 - 000000000 ____D C:\Program Files\Microsoft Office
2018-03-19 18:25 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-19 18:25 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-19 17:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-18 23:28 - 2017-12-04 15:35 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\obs-studio
2018-03-18 22:18 - 2017-08-24 02:23 - 000805104 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2018-03-18 02:13 - 2017-08-24 02:23 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\EasyAntiCheat
2018-03-16 20:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 20:01 - 2017-11-19 23:59 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\steelseries-engine-3-client
2018-03-14 00:13 - 2017-09-29 09:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-14 00:06 - 2017-10-27 21:26 - 000000000 ___RD C:\Users\SolidusFox\3D Objects
2018-03-14 00:06 - 2017-08-23 15:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 00:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 00:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-03-14 00:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 00:01 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 20:10 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 20:09 - 2017-08-23 03:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 20:08 - 2017-10-11 16:00 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 20:08 - 2017-08-23 03:00 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 20:07 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 20:07 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-10 19:27 - 2017-09-01 16:39 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\ElevatedDiagnostics
2018-03-07 14:46 - 2018-02-23 16:16 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\RealVNC
2018-03-06 21:23 - 2017-09-02 21:24 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\Frontier_Developments
2018-03-06 21:22 - 2017-08-23 22:16 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\matzman666
2018-03-02 22:09 - 2017-12-13 19:07 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 22:09 - 2017-12-13 19:07 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-01 16:56 - 2017-09-29 14:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-02-26 17:45 - 2018-01-08 19:54 - 000975144 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2018-02-26 17:45 - 2018-01-08 19:54 - 000159664 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2018-02-26 04:42 - 2017-10-24 18:09 - 004630848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-02-26 04:42 - 2017-10-24 18:09 - 003938208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-02-26 00:45 - 2017-11-05 15:03 - 000000000 ____D C:\Users\SolidusFox\AppData\Roaming\Kodi
2018-02-25 21:45 - 2017-12-25 22:46 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-02-25 16:50 - 2017-11-21 19:38 - 000000000 ____D C:\Users\SolidusFox\AppData\Local\PlaceholderTileLogoFolder
2018-02-25 13:48 - 2017-08-23 02:42 - 000000000 ____D C:\ProgramData\Intel
2018-02-25 13:46 - 2017-08-23 02:38 - 000000000 ____D C:\Program Files (x86)\Intel
2018-02-24 05:36 - 2017-10-24 18:09 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
 
==================== Files in the root of some directories =======
 
2018-02-25 14:09 - 2018-02-25 15:39 - 001065984 _____ () C:\Users\SolidusFox\AppData\Local\file__0.localstorage
 
Some files in TEMP:
====================
2018-03-21 17:58 - 2018-03-26 16:41 - 000000000 _____ () C:\Users\SolidusFox\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-03-21 17:58 - 2018-03-26 16:41 - 000000017 _____ () C:\Users\SolidusFox\AppData\Local\Temp\cc253631709b8595a16b262f38073140.dll
2018-03-19 22:24 - 2018-03-19 22:24 - 015301888 _____ (Microsoft Corporation) C:\Users\SolidusFox\AppData\Local\Temp\vc_redist.x64.exe
2018-03-18 19:18 - 2018-03-18 19:18 - 000002048 _____ () C:\Users\SolidusFox\AppData\Local\Temp\_rome2_reg_setter.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
 
LastRegBack: 2018-03-20 22:38
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 PM

Posted 26 March 2018 - 12:53 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

:step1:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and include the Addition.txt file that was created by the Farbar program.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 PM

Posted 01 April 2018 - 07:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users