Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023 Ran by madog (administrator) on DESKTOP-VQN4R79 (12-10-2023 17:27:41) Running from C:\Users\madog\Downloads\FRSTEnglish.exe Loaded Profiles: madog & adminmadogrul & Administrator Platform: Microsoft Windows 11 Home Version 21H2 22000.1696 (X64) Language: Deutsch (Deutschland) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe (C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\monitoring-mini.exe (C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe (C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\adp-agent.exe (C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\updater.exe (C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe (C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Adobe Crash Processor.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <3> (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe (C:\Program Files\LGHUB\lghub_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe <2> (C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe (C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (explorer.exe ->) (Amazon.com Services LLC -> Amazon.com Inc.) C:\Users\madog\AppData\Local\Amazon Drive\AmazonPhotos.exe (explorer.exe ->) (Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10> (explorer.exe ->) (Hanvon Ugee Technology Co., Ltd. -> XPPEN TECHNOLOGY CO.) E:\Program Files\Pentablet\PenTablet.exe (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe (Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\aakore.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_ec6acb81b9300f24\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2> (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_97c24e8dfa98e686\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe (sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2339.13.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe (svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\secd.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe (svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\IGCC.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxOutlook.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.2355_none_828ef538fef166f8\TiWorker.exe (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) E:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PenTablet] => E:\Program Files\Pentablet\PenTablet.exe [870136 2021-10-28] (Hanvon Ugee Technology Co., Ltd. -> XPPEN TECHNOLOGY CO.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [637784 2023-05-09] (Acronis International GmbH -> Acronis International GmbH) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StudioApp.exe] => c:\Users\Public\Documents\Product Manager\StudioApp.exe [14408392 2022-06-12] (ООО "АРТУ" -> ) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [83185944 2023-03-28] (Discord Inc. -> Discord Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5062800 2023-05-09] (Acronis International GmbH -> ) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [446392 2023-05-09] (Acronis International GmbH -> Acronis International GmbH) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-09-18] (Adobe Inc. -> Adobe Inc.) HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File) HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File) HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [45891840 2023-09-23] (Logitech Inc -> Logitech, Inc.) HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [1717608 2023-06-28] (Digital Wave Ltd -> Digital Wave Ltd) HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Run: [Duet Display] => E:\Program Files\Kairos\Duet Display\DuetLaunch.exe [506344 2022-03-09] (Duet, Inc. -> Duet Inc.) HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Run: [Amazon Photos] => C:\Users\madog\AppData\Local\Amazon Drive\AmazonPhotos.exe [11360368 2023-08-29] (Amazon.com Services LLC -> Amazon.com Inc.) HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB99EB4882A23083DB9DDFD741C0E510] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\MountPoints2: {db7a9914-642e-11ec-98af-5cf370a60e36} - "H:\setup.exe" /AUTORUN HKU\S-1-5-21-2330798512-3083080254-602287269-1010\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2330798512-3083080254-602287269-1010\...\Run: [Discord] => C:\Users\adminmadogrul\AppData\Local\Discord\Update.exe [1525016 2023-02-13] (Discord Inc. -> GitHub) HKU\S-1-5-21-2330798512-3083080254-602287269-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\Canon MX470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC2.DLL [30208 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX470 series: C:\Windows\system32\CNCALC2.DLL [303104 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX470 series: C:\Windows\system32\CNMLMC2.DLL [391168 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [360448 2013-09-11] (CANON INC.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe [2023-10-06] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2023-09-27] Startup: C:\Users\madog\AppData\Local\Temp\\.ses [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\27840b60-7877-482a-9a91-431ae098a327.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5198509849.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5208510059.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5218510999.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5228512146.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5238513351.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5248514632.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5258515816.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5278516962.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5288518185.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5298519509.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5308520805.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\5468536344.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\58895162-0506-443d-9f97-84d0143fc942.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6833235423.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6843235612.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6853236673.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6863237908.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6873239154.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6883240468.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6903241733.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6913242945.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6923244205.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6943245499.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\6953246734.jpg [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\acrobat_sbx [] Startup: C:\Users\madog\AppData\Local\Temp\\acrord32_super_sbx [] Startup: C:\Users\madog\AppData\Local\Temp\\Adobe [] Startup: C:\Users\madog\AppData\Local\Temp\\AdobeARM.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\AdobeVulcan [] Startup: C:\Users\madog\AppData\Local\Temp\\AuProjectTemp [] Startup: C:\Users\madog\AppData\Local\Temp\\c63528fd-b2a0-4ae6-8bd6-7fc33ffa9693.tmp [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PHXS.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PPRO.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension-renderer.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom-renderer.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\cep_cache [] Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1409748620 [] Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1842460294 [] Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_583500575 [] Startup: C:\Users\madog\AppData\Local\Temp\\com.adobe.dynamiclinkmanagerLR6 [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\crash_repo_pref.txt [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\CreativeCloud [] Startup: C:\Users\madog\AppData\Local\Temp\\cv_debug.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\e1f647af-35bd-4b85-a5bd-dcf885df17f5.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\EAClient [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_12400_2098176153 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_16424_592201892 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_275944106 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_733106763 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_938001874 [] Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_960986859 [] Startup: C:\Users\madog\AppData\Local\Temp\\ee959402-2391-4955-8b4b-0b2477514437.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\InterOP_CCD_Logs.txt [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-13320.log [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-9796.log [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\NGL [] Startup: C:\Users\madog\AppData\Local\Temp\\oobelib.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\PDApp.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\PhotoshopCrashes [] Startup: C:\Users\madog\AppData\Local\Temp\\PProIngestPresetsCacheV07.json [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-1-lockfile [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\skyeTemp [] Startup: C:\Users\madog\AppData\Local\Temp\\StructuredQuery.log [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\TeamViewer [] Startup: C:\Users\madog\AppData\Local\Temp\\UXP [] Startup: C:\Users\madog\AppData\Local\Temp\\wct6D44.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\wct824D.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\wctB265.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\wctD04E.tmp [] () [File not signed] Startup: C:\Users\madog\AppData\Local\Temp\\{006F4810-3E6D-47DC-A13C-3D09CA453103} [] Startup: C:\Users\madog\AppData\Local\Temp\\{08F53BCF-CAD2-4D96-8D3B-318CB2BF2EB3} [] Startup: C:\Users\madog\AppData\Local\Temp\\{22832E8B-BBAC-4A5C-B061-88F6C8668939} [] Startup: C:\Users\madog\AppData\Local\Temp\\{2C277E47-B4EA-42F9-B161-F36F2A53F983} [] Startup: C:\Users\madog\AppData\Local\Temp\\{38A41D70-660B-4AB0-9E37-737DA49E9F98} [] Startup: C:\Users\madog\AppData\Local\Temp\\{467FD69C-36A0-4BE3-8F0D-83091525DFDB} [] Startup: C:\Users\madog\AppData\Local\Temp\\{46D8A504-A2D2-4C64-89D3-7B7CE574A33E} [] Startup: C:\Users\madog\AppData\Local\Temp\\{4A24A076-AB6F-4D4F-815A-2DB40CEF855F} [] Startup: C:\Users\madog\AppData\Local\Temp\\{4CFC9E85-A2EC-49F0-A164-2C91FA8FDD51} [] Startup: C:\Users\madog\AppData\Local\Temp\\{6190ADB1-B1C0-4805-85CE-40B9A6338D52} [] Startup: C:\Users\madog\AppData\Local\Temp\\{6C051795-AA4D-434D-BDC8-E5E9563C20B1} [] Startup: C:\Users\madog\AppData\Local\Temp\\{77EB9E16-E349-439B-9B6F-810053F0DB5A} [] Startup: C:\Users\madog\AppData\Local\Temp\\{842C2E66-0450-4B00-BB42-B81BAE1D9C6E} [] Startup: C:\Users\madog\AppData\Local\Temp\\{84FE7A5A-556F-45B8-92CF-F5DBA00F1F25} [] Startup: C:\Users\madog\AppData\Local\Temp\\{9BDAD52C-6EA2-45F1-AB19-4076140DBCD3} [] Startup: C:\Users\madog\AppData\Local\Temp\\{AB872A5B-013C-4820-A50C-4E6BC4BB95E6} [] Startup: C:\Users\madog\AppData\Local\Temp\\{ABC3463D-560C-4AB6-B726-CE4CA8F2194B} [] Startup: C:\Users\madog\AppData\Local\Temp\\{BF708D00-C1BB-494E-8C51-5F12E241C9FF} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\{C56142A4-642D-4559-A918-0FE690BDE362} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)] Startup: C:\Users\madog\AppData\Local\Temp\\{C60CDF77-6434-446E-BB85-6A5C23D43CA9} [] Startup: C:\Users\madog\AppData\Local\Temp\\{C8B1BD54-75CE-4A7C-94AA-643C2E30700E} [] Startup: C:\Users\madog\AppData\Local\Temp\\{DA3B6C02-6383-46A9-BB19-C0644D939071} [] Startup: C:\Users\madog\AppData\Local\Temp\\{DC495439-C06D-43F7-8C48-E047C3FC8C67} [] Startup: C:\Users\madog\AppData\Local\Temp\\{DDBE3C99-18FE-4095-A9E2-A0A532DD77D4} [] Startup: C:\Users\madog\AppData\Local\Temp\\{E7A53EDD-B726-476F-B2B9-06B7F467C0F3} [] Startup: C:\Users\madog\AppData\Local\Temp\\{E9DA7674-CC3B-4151-B098-AC2BD8A06649} [] Startup: C:\Users\madog\AppData\Local\Temp\\{EA6A136E-C5F4-45D2-83E2-82539EB58910} [] ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {466E61D1-CBDA-4589-A0CC-7B22926016DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.) Task: {22EAF785-B726-4CC6-8227-79AE6C27A40D} - System32\Tasks\AuroraStartup => E:\Program Files\Aurora\Aurora.exe [8162304 2022-01-10] (Aurora-RGB) [File not signed] Task: {E8C9D216-E92F-4376-8005-5941D9604E8F} - System32\Tasks\Duet Updater => E:\Program Files\Kairos\Duet Display\duet.exe [14847464 2023-03-28] (Duet, Inc. -> Duet, Inc.) Task: {28FD0F46-42D3-4D99-971E-D2FA324B737B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-21] (Google LLC -> Google LLC) Task: {AB0E468A-47FC-49B1-B26A-09A6852F903A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-21] (Google LLC -> Google LLC) Task: {C4208F21-D9F8-4FB1-90E0-D804448A47BD} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation) Task: {8612FE90-0251-4B17-9E01-3F8501C5F2C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-09-27] (Microsoft Corporation -> Microsoft Corporation) Task: {9A030252-2141-4EC3-9734-F3421F24E1C3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-09-27] (Microsoft Corporation -> Microsoft Corporation) Task: {DA357F28-7EA2-46EA-9C2D-7622BE1F0E63} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [125920 2023-10-06] (Microsoft Corporation -> Microsoft Corporation) Task: {EDCBE851-23DD-4FC0-B062-3934B8E99A4E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [125920 2023-10-06] (Microsoft Corporation -> Microsoft Corporation) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) Task: {ED5417B9-7B9F-4EFD-879C-C0D3460CAFB2} - System32\Tasks\Microsoft\Windows\WaaSMedic\DeferredWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {FD096FCD-8D71-4C75-9C93-298D229056F9} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {3EF88426-E32C-4448-A323-BDA77DE5765C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-21] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1F40318F-22E9-45F1-8A24-0B0066A74007} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-21] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3E355313-F698-43B7-B993-5254C226C87F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-21] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3032364A-42FA-496F-AB4F-C963B22ABD31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-21] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {694A5246-CAB1-49F2-A530-7D42C22B9257} - System32\Tasks\MSIAfterburner => E:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804408 2021-12-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) Task: {0A8CC717-D20C-427F-B5F1-A3B64499D361} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {5AAAE7A9-EB52-46BE-A0EC-0D51EB0A7A5F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation) Task: {7F02CEDF-9C7D-4E25-9C09-3F1D036B68FF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {92526A19-5F1B-4740-947E-9C2AD881562A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5B208E8E-35B4-4939-9120-0B9B0D016791} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {59861BA7-C5D7-4431-8A4B-118D83C9AAD3} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A3634FA4-6A45-4121-9AE1-4DCB1E1C3649} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8E51F511-91BA-45AA-8162-09C861C1FCC4} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {74E84404-CEF4-48FB-9EAA-4740CAD5FC94} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4CE83417-6489-4210-8CF1-4DECF35F5F70} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) Task: {A55DB5A4-19EE-4333-BC96-B6FC7E7111D9} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2330798512-3083080254-602287269-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) Task: {1EA66E4E-324D-4FC4-B79E-5511B8E5796A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2330798512-3083080254-602287269-1010 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) Task: {59A4B6AE-AFF3-4FAF-B677-90994C4C0142} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2330798512-3083080254-602287269-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) Task: {D764F2EE-C413-4AA8-BDCD-05FA05ADCC01} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641416 2023-10-03] (Overwolf Ltd -> Overwolf LTD) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{790c942c-65b2-4042-876e-2b9fb1470656}: [DhcpNameServer] 192.168.178.1 HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.178.64,1] Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\madog\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-12] Edge Extension: (Google Docs Offline) - C:\Users\madog\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-21] Edge Extension: (Edge relevant text changes) - C:\Users\madog\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-21] FireFox: ======== FF DefaultProfile: b4jzucp6.default FF ProfilePath: C:\Users\madog\AppData\Roaming\Mozilla\Firefox\Profiles\b4jzucp6.default [2023-10-06] FF ProfilePath: C:\Users\madog\AppData\Roaming\Mozilla\Firefox\Profiles\2apd2sq1.default-release [2023-10-06] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - E:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - E:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-10-05] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - E:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-09-18] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> E:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-09-07] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-09-18] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\madog\AppData\Local\Google\Chrome\User Data\Default [2023-10-12] CHR Extension: (Google Docs Offline) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-21] CHR Extension: (Fatkun Batch Bild herunterladen) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjjahlikiabnchcpehcpkdeckfgnohf [2023-04-06] CHR Profile: C:\Users\madog\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-10-06] CHR Profile: C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-10-06] CHR Notifications: Profile 1 -> hxxps://calendar.google.com CHR Extension: (Präsentationen) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-04-23] CHR Extension: (Docs) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2022-04-23] CHR Extension: (Google Drive) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-04-23] CHR Extension: (Adobe Acrobat: Werkzeuge zum Bearbeiten, Konvertieren und Signieren von PDF-Dateien) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-23] CHR Extension: (Tabellen) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-04-23] CHR Extension: (Google Docs Offline) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-23] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-23] CHR Extension: (Google Mail) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-04-23] CHR Profile: C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-10-06] CHR Extension: (Adobe Acrobat: Werkzeuge zum Bearbeiten, Konvertieren und Signieren von PDF-Dateien) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-08-04] CHR Extension: (Google Docs Offline) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-16] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\madog\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-04] CHR Profile: C:\Users\madog\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-06] CHR HKU\S-1-5-21-2330798512-3083080254-602287269-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "Bonjour Service" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\Bonjour Service => "C:\Program Files\Bonjour\mDNSResponder.exe" <==== ATTENTION (Rootkit!/Locked Service) R2 aakore; C:\Program Files (x86)\Acronis\Agent\aakore.exe [9022120 2023-05-09] (Acronis International GmbH -> Acronis International GmbH) R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1704216 2023-05-09] (Acronis International GmbH -> Acronis International GmbH) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-09-18] (Adobe Inc. -> Adobe Inc.) S4 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1636713844149.exe [3195904 2021-11-12] () [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.) S3 ArmouryLiveUpdate; C:\WINDOWS\System32\DriverStore\FileRepository\rogms.inf_amd64_94d9766656ff6011\ArmouryLiveUpdate.exe [576216 2021-08-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe [442416 2021-03-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2021-04-06] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [655728 2021-12-22] (ASUSTeK Computer Inc. -> ASUS) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2022-01-05] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12859472 2023-09-27] (Microsoft Corporation -> Microsoft Corporation) S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [462432 2022-07-06] (Digital Wave Ltd -> Digital Wave Ltd) S3 DuetUpdater; E:\Program Files\Kairos\Duet Display\DuetUpdater.exe [11128296 2023-03-29] (Duet, Inc. -> Kairos) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-01-05] (EasyAntiCheat Oy -> Epic Games, Inc) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [152576 2023-10-04] (SurfRight B.V. -> SurfRight B.V.) R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10688256 2023-09-23] (Logitech Inc -> Logitech, Inc.) R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3194248 2021-02-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) S3 MBAMService; E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-09-25] (Malwarebytes Inc. -> Malwarebytes) R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4882992 2023-05-09] (Acronis International GmbH -> Acronis International GmbH) R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4490376 2020-09-18] (Logitech Inc -> Logitech) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-30] (Microsoft Corporation -> Microsoft Corporation) S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641416 2023-10-03] (Overwolf Ltd -> Overwolf LTD) S4 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3020800 2021-11-12] () [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [20802872 2023-09-08] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [5910328 2023-05-09] (Acronis International GmbH -> Acronis International GmbH) S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-21] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-21] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_97c24e8dfa98e686\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_97c24e8dfa98e686\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2021-01-28] (ASUSTeK Computer Inc. -> ) R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43920 2021-04-06] (ASUSTeK Computer Inc. -> ) S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin\brynhildr.sys [2355952 2021-12-17] (Activision Publishing Inc -> Activision Blizzard, Inc.) R3 duetbus; C:\WINDOWS\System32\DriverStore\FileRepository\duetbus.inf_amd64_66e44262fc0dd065\duetbus.sys [24472 2022-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Duet, Inc.) R3 DuetWPDFilter; C:\WINDOWS\System32\drivers\DuetWPDFilter.sys [23072 2022-06-08] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> ) R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [392840 2023-08-03] (Acronis International GmbH -> Acronis International GmbH) R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [183944 2023-08-03] (Acronis International GmbH -> Acronis International GmbH) R3 hanvonugeemfilter; C:\WINDOWS\System32\drivers\hanvonugeemfilter.sys [9728 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-23] (Logitech Inc -> Logitech) R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-23] (Logitech Inc -> Logitech) R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-23] (Logitech Inc -> Logitech) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-03-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation) S3 R0Aurora; E:\Program Files\Aurora\Aurora.sys [14544 2022-05-02] (Noriyuki MIYAZAKI -> OpenLibSys.org) S3 ROGKB; C:\WINDOWS\System32\DriverStore\FileRepository\rogkb.inf_amd64_9c19fffb5d62d536\ROGKB.sys [33680 2021-08-30] (ASUSTeK Computer Inc. -> ) S3 ROGMS; C:\WINDOWS\System32\DriverStore\FileRepository\rogms.inf_amd64_94d9766656ff6011\ROGMS.sys [33184 2021-08-30] (ASUSTeK Computer Inc. -> ) R3 RTCore64; E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) S3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [175648 2023-08-03] (Acronis International GmbH -> Acronis International GmbH) R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.) R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [334984 2023-08-03] (Acronis International GmbH -> Acronis International GmbH) R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [251016 2023-08-03] (Acronis International GmbH -> Acronis International GmbH) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S4 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-21] (Microsoft Windows -> Microsoft Corporation) S4 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-21] (Microsoft Windows -> Microsoft Corporation) S3 WSDScan; C:\WINDOWS\System32\drivers\WSDScan.sys [53248 2022-05-12] (Microsoft Corporation) [File not signed] R3 XPPenTablet; C:\WINDOWS\System32\drivers\XPPenTablet.sys [10752 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-12 17:22 - 2023-10-12 17:22 - 000000000 ___HD C:\$WinREAgent 2023-10-07 19:02 - 2023-10-07 19:17 - 059608174 _____ C:\Users\madog\Downloads\test.DNG 2023-10-07 14:41 - 2023-10-07 14:42 - 000010115 _____ C:\Users\madog\Desktop\B1_06594.xmp 2023-10-07 14:40 - 2023-10-07 13:36 - 034918400 _____ C:\Users\madog\Desktop\B1_06594.ARW 2023-10-06 13:31 - 2023-10-06 13:31 - 000000008 __RSH C:\ProgramData\ntuser.pol 2023-10-06 13:04 - 2023-10-12 17:28 - 000050087 _____ C:\Users\madog\Downloads\FRST.txt 2023-10-06 13:04 - 2023-10-12 17:27 - 000000000 ____D C:\FRST 2023-10-06 13:01 - 2023-10-06 13:01 - 002383360 _____ (Farbar) C:\Users\madog\Downloads\FRSTEnglish.exe 2023-10-06 12:57 - 2023-10-06 12:57 - 002383360 _____ (Farbar) C:\Users\madog\Downloads\FRST64.exe 2023-10-04 09:29 - 2023-10-04 09:29 - 000001974 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2023-10-04 09:29 - 2023-10-04 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2023-10-04 09:27 - 2023-10-04 09:32 - 000000000 ____D C:\ProgramData\HitmanPro 2023-10-04 09:27 - 2023-10-04 09:29 - 000000000 ____D C:\Program Files\HitmanPro 2023-10-04 09:27 - 2023-10-04 09:27 - 014248944 _____ (SurfRight B.V.) C:\Users\madog\Downloads\HitmanPro_x64.exe 2023-09-30 20:46 - 2023-09-30 20:46 - 000000934 _____ C:\Users\madog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk 2023-09-30 20:45 - 2023-10-01 07:00 - 000000000 ____D C:\Users\madog\AppData\Roaming\FreeFileSync 2023-09-30 20:45 - 2023-09-30 20:45 - 020140656 _____ (FreeFileSync.org ) C:\Users\madog\Downloads\FreeFileSync_13.0_Windows_Setup.exe 2023-09-30 16:44 - 2023-09-30 16:44 - 000000909 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2024.lnk 2023-09-29 20:23 - 2023-09-29 20:23 - 005431738 _____ C:\Users\madog\Documents\Unbenannt 2.wav 2023-09-29 20:23 - 2023-09-29 20:23 - 000084844 _____ C:\Users\madog\Documents\Unbenannt 2.pkf 2023-09-29 19:45 - 2023-09-29 19:45 - 025902458 _____ C:\Users\madog\Documents\Unbenannt 1.wav 2023-09-29 19:45 - 2023-09-29 19:45 - 000404660 _____ C:\Users\madog\Documents\Unbenannt 1.pkf 2023-09-27 19:33 - 2023-09-27 19:33 - 030718430 _____ C:\Users\madog\Documents\IMG_20230927_0001.psd 2023-09-27 19:06 - 2023-09-27 19:07 - 000441209 _____ C:\Users\madog\Documents\PDF_20230927_0001.pdf 2023-09-27 11:14 - 2023-09-27 11:15 - 000000000 ___HD C:\$SysReset 2023-09-27 11:11 - 2023-09-27 11:13 - 528624452 _____ (Igor Pavlov) C:\Users\madog\Downloads\Tron v12.0.5 (2023-02-02).exe 2023-09-27 11:07 - 2023-09-27 11:07 - 000000000 ____D C:\Program Files\PowerShell 2023-09-27 10:21 - 2023-06-27 16:55 - 000024592 _____ C:\Users\madog\Desktop\autoruns.chm 2023-09-27 10:21 - 2023-06-27 16:54 - 000007490 _____ C:\Users\madog\Desktop\Eula.txt 2023-09-27 10:17 - 2023-09-27 10:17 - 002969821 _____ C:\Users\madog\Downloads\Autoruns.zip 2023-09-25 23:42 - 2023-09-14 04:43 - 000848992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2023-09-25 23:42 - 2023-09-14 04:43 - 000848992 _____ C:\WINDOWS\system32\vulkaninfo.exe 2023-09-25 23:42 - 2023-09-14 04:43 - 000713928 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-09-25 23:42 - 2023-09-14 04:43 - 000713928 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2023-09-25 23:42 - 2023-09-14 04:43 - 000653408 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2023-09-25 23:42 - 2023-09-14 04:43 - 000653408 _____ C:\WINDOWS\system32\vulkan-1.dll 2023-09-25 23:42 - 2023-09-14 04:43 - 000637024 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2023-09-25 23:42 - 2023-09-14 04:43 - 000637024 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2023-09-25 23:42 - 2023-09-14 04:42 - 001487488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2023-09-25 23:42 - 2023-09-14 04:42 - 001227312 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2023-09-25 23:42 - 2023-09-14 04:39 - 000939048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll 2023-09-25 23:42 - 2023-09-14 04:39 - 000669224 _____ C:\WINDOWS\system32\nvofapi64.dll 2023-09-25 23:42 - 2023-09-14 04:39 - 000504368 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2023-09-25 23:42 - 2023-09-14 04:38 - 001537560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2023-09-25 23:42 - 2023-09-14 04:38 - 001195560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2023-09-25 23:42 - 2023-09-14 04:38 - 000778392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe 2023-09-25 23:42 - 2023-09-14 04:37 - 002168472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2023-09-25 23:42 - 2023-09-14 04:37 - 001621528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2023-09-25 23:42 - 2023-09-14 04:37 - 000992920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2023-09-25 23:42 - 2023-09-14 04:37 - 000768664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2023-09-25 23:42 - 2023-09-14 04:36 - 014520344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2023-09-25 23:42 - 2023-09-14 04:36 - 012066328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2023-09-25 23:42 - 2023-09-14 04:36 - 006190640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2023-09-25 23:42 - 2023-09-14 04:36 - 005550216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll 2023-09-25 23:42 - 2023-09-14 04:36 - 003482760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2023-09-25 23:42 - 2023-09-14 04:36 - 000459928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe 2023-09-25 23:42 - 2023-09-14 04:35 - 005845040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2023-09-25 23:42 - 2023-09-14 04:35 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe 2023-09-25 23:42 - 2023-09-13 02:12 - 000108122 _____ C:\WINDOWS\system32\nvinfo.pb 2023-09-24 21:32 - 2023-09-24 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi 2023-09-24 21:32 - 2023-09-24 21:32 - 000000000 ____D C:\Program Files\LGHUB 2023-09-21 15:24 - 2023-10-04 08:57 - 000000000 ____D C:\Users\madog\Desktop\AutoLogger 2023-09-21 15:23 - 2023-09-21 15:23 - 018309234 _____ C:\Users\madog\Downloads\AutoLogger.zip 2023-09-21 15:23 - 2023-09-21 15:23 - 000000000 ____D C:\Users\madog\Desktop\Neuer Ordner 2023-09-21 15:23 - 2023-09-21 04:40 - 018477133 _____ (Company © regist & Drongo) C:\Users\madog\Desktop\AutoLogger.exe 2023-09-21 15:04 - 2023-09-21 15:04 - 005541016 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\madog\Downloads\hijackthis.exe 2023-09-21 14:39 - 2023-09-21 14:39 - 000000000 ____D C:\WINDOWS\Panther 2023-09-21 14:33 - 2023-10-06 13:26 - 000000000 ____D C:\Users\madog\AppData\Local\Malwarebytes 2023-09-21 14:28 - 2023-09-21 14:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2023-09-21 14:28 - 2023-09-21 14:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Pentablet V3 2023-09-21 14:28 - 2023-09-21 14:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\com.adobe.dunamis 2023-09-21 14:28 - 2023-09-21 14:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2023-09-21 14:28 - 2023-09-21 14:28 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe 2023-09-21 14:28 - 2023-09-21 14:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder 2023-09-21 14:28 - 2023-09-21 14:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\Datacolor 2023-09-21 14:26 - 2023-09-21 14:26 - 000000000 ____D C:\Users\adminmadogrul\AppData\Roaming\NVIDIA 2023-09-21 14:26 - 2023-09-21 14:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers 2023-09-21 14:26 - 2023-09-21 14:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\DBG 2023-09-21 14:26 - 2023-09-21 14:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF 2023-09-21 14:25 - 2023-09-30 16:00 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2330798512-3083080254-602287269-500 2023-09-21 14:25 - 2023-09-21 14:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2023-09-21 14:25 - 2023-09-21 14:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache 2023-09-21 14:25 - 2023-09-21 14:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows 2023-09-21 14:25 - 2023-09-21 14:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2023-09-21 14:25 - 2023-09-21 14:25 - 000002346 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk 2023-09-21 14:25 - 2023-09-21 14:25 - 000002270 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk 2023-09-21 14:25 - 2023-09-21 14:25 - 000000020 ___SH C:\Users\Administrator\ntuser.ini 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Vorlagen 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Startmenü 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Netzwerkumgebung 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Lokale Einstellungen 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Eigene Dateien 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Druckumgebung 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Videos 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 _SHDL C:\Users\Administrator\Anwendungsdaten 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\adminmadogrul\AppData\LocalLow\Adobe 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\TeamViewer 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\Administrator\ansel 2023-09-21 14:25 - 2023-09-21 14:25 - 000000000 ____D C:\Users\Administrator 2023-09-21 14:25 - 2021-11-27 00:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network 2023-09-21 14:25 - 2021-11-21 02:30 - 000000000 ___RD C:\Users\Administrator\OneDrive 2023-09-21 14:25 - 2021-06-05 14:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Spelling 2023-09-21 14:18 - 2023-09-27 11:09 - 000000000 ____D C:\Users\madog\AppData\Local\Amazon Drive 2023-09-21 14:18 - 2023-09-21 14:18 - 000001219 _____ C:\Users\madog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Photos.lnk 2023-09-20 16:31 - 2023-09-20 16:31 - 000000000 ____D C:\Users\madog\.QtWebEngineProcess 2023-09-18 21:38 - 2023-09-21 14:55 - 000000000 ____D C:\Users\madog\AppData\Roaming\Amazon Cloud Drive 2023-09-18 21:38 - 2023-09-18 21:38 - 002183792 _____ (Amazon) C:\Users\madog\Downloads\AmazonPhotosSetup.exe 2023-09-18 21:34 - 2023-09-18 21:34 - 000000917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImagenAI.lnk 2023-09-18 21:24 - 2023-09-18 21:24 - 173460160 _____ (Imagen) C:\Users\madog\Downloads\ImagenAI-23.15.4-win (1).exe 2023-09-18 19:44 - 2023-09-18 19:50 - 000000000 ____D C:\Users\madog\Desktop\Baby ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-10-12 17:27 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-10-12 17:26 - 2021-11-27 01:01 - 001750916 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-10-12 17:26 - 2021-06-05 19:53 - 000757210 _____ C:\WINDOWS\system32\perfh007.dat 2023-10-12 17:26 - 2021-06-05 19:53 - 000156454 _____ C:\WINDOWS\system32\perfc007.dat 2023-10-12 17:26 - 2021-06-05 14:09 - 000000000 ____D C:\WINDOWS\INF 2023-10-12 17:26 - 2021-06-05 14:01 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-10-12 17:25 - 2021-11-21 00:59 - 000000000 ____D C:\Users\madog\AppData\Local\D3DSCache 2023-10-12 17:22 - 2021-11-21 01:12 - 000000000 ____D C:\Program Files (x86)\Google 2023-10-12 17:22 - 2021-06-05 14:10 - 000000000 ___HD C:\Program Files\WindowsApps 2023-10-12 17:22 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-10-12 17:20 - 2021-11-21 02:03 - 000000000 ____D C:\Users\madog\AppData\Local\LGHUB 2023-10-12 17:20 - 2021-11-21 01:55 - 000000000 ___RD C:\Users\madog\Creative Cloud Files 2023-10-12 17:20 - 2021-11-21 00:54 - 000000000 ____D C:\ProgramData\NVIDIA 2023-10-12 17:19 - 2021-11-28 03:47 - 000000000 ____D C:\Program Files\TeamViewer 2023-10-12 17:19 - 2021-11-27 00:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-10-12 17:19 - 2021-11-26 20:00 - 000000000 ____D C:\Intel 2023-10-12 17:19 - 2021-11-21 00:35 - 000012288 ___SH C:\DumpStack.log.tmp 2023-10-12 17:19 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\ServiceState 2023-10-12 17:19 - 2021-06-05 14:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-10-07 23:15 - 2021-11-27 00:37 - 000003142 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner 2023-10-07 23:15 - 2021-06-05 14:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-10-07 21:23 - 2022-03-18 00:32 - 000000000 ____D C:\Users\madog\AppData\Roaming\vlc 2023-10-07 12:48 - 2021-11-21 15:01 - 000000000 ____D C:\Users\madog\AppData\Roaming\DVDVideoSoft 2023-10-06 13:32 - 2021-11-21 01:52 - 000000000 ____D C:\Program Files\Common Files\Adobe 2023-10-06 13:28 - 2022-01-12 07:50 - 000000000 ____D C:\Users\madog\AppData\LocalLow\Temp 2023-10-06 13:26 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2023-10-06 13:16 - 2021-11-27 00:28 - 000000000 ____D C:\Users\madog 2023-10-06 13:04 - 2022-10-20 20:32 - 000095736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe 2023-10-06 13:04 - 2022-10-20 20:32 - 000075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe 2023-10-06 13:04 - 2021-12-24 02:41 - 002709096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll 2023-10-06 13:04 - 2021-12-24 02:41 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll 2023-10-06 13:04 - 2021-12-24 02:41 - 000210536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll 2023-10-06 13:04 - 2021-12-24 02:41 - 000181864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll 2023-10-06 13:04 - 2021-12-24 02:41 - 000145000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2023-10-06 13:03 - 2021-11-21 01:12 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-10-06 13:01 - 2021-12-23 23:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2023-10-06 12:53 - 2021-11-27 00:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-10-03 11:58 - 2021-11-21 00:35 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-10-03 11:53 - 2021-12-07 01:10 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-30 17:37 - 2021-11-26 20:01 - 000000000 ____D C:\Users\madog\AppData\Local\Steam 2023-09-30 17:35 - 2021-11-23 08:42 - 000000000 ____D C:\Users\madog\AppData\Local\CrashDumps 2023-09-30 17:03 - 2023-09-05 15:41 - 000000000 ____D C:\Users\madog\AppData\Roaming\G HUB 2023-09-30 17:01 - 2021-11-21 02:03 - 000000000 ____D C:\Users\madog\AppData\Roaming\LGHUB 2023-09-30 16:34 - 2021-11-21 00:59 - 000000000 ____D C:\Users\madog\AppData\Roaming\Adobe 2023-09-30 16:00 - 2023-07-21 18:30 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2330798512-3083080254-602287269-1010 2023-09-30 16:00 - 2021-12-11 01:13 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2330798512-3083080254-602287269-1001 2023-09-30 16:00 - 2021-11-27 00:37 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-09-30 16:00 - 2021-11-21 02:30 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-29 08:16 - 2021-11-21 01:52 - 000000000 ____D C:\Program Files\Adobe 2023-09-27 11:07 - 2023-01-06 01:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell 2023-09-27 11:07 - 2021-11-21 01:48 - 000000000 ____D C:\ProgramData\Package Cache 2023-09-27 10:26 - 2021-11-21 01:16 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-09-26 10:21 - 2021-12-23 23:40 - 000000000 ____D C:\Users\madog\AppData\Roaming\Microsoft\Excel 2023-09-25 23:45 - 2021-11-21 01:01 - 000000000 ____D C:\Users\madog\AppData\Local\NVIDIA 2023-09-25 23:44 - 2021-11-21 00:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2023-09-25 22:09 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\system32\NDF 2023-09-25 22:01 - 2021-11-21 00:54 - 000000000 ____D C:\ProgramData\Packages 2023-09-21 16:07 - 2021-11-21 01:00 - 000000000 ____D C:\Users\madog\AppData\Local\Comms 2023-09-21 15:02 - 2023-08-11 20:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-09-21 14:55 - 2021-11-21 14:31 - 000000000 ____D C:\Users\madog\AppData\Roaming\Pentablet V3 2023-09-21 14:38 - 2023-07-21 18:30 - 000000000 ____D C:\Users\adminmadogrul\AppData\Roaming\discord 2023-09-21 14:28 - 2023-07-21 18:29 - 000000000 ____D C:\Users\adminmadogrul\AppData\Local\D3DSCache 2023-09-21 14:26 - 2023-07-21 18:30 - 000002267 _____ C:\Users\adminmadogrul\Desktop\Discord.lnk 2023-09-21 14:26 - 2023-07-21 18:30 - 000000000 ____D C:\Users\adminmadogrul\AppData\Local\Discord 2023-09-21 14:26 - 2023-07-21 18:28 - 000000000 ___RD C:\Users\adminmadogrul\OneDrive 2023-09-21 14:26 - 2023-07-21 18:28 - 000000000 ____D C:\Users\adminmadogrul\AppData\Roaming\Microsoft\Spelling 2023-09-21 14:26 - 2021-11-21 01:00 - 000000000 ___HD C:\OneDriveTemp 2023-09-21 14:25 - 2023-07-21 18:30 - 000000000 ____D C:\Users\adminmadogrul\AppData\Roaming\Adobe 2023-09-21 14:25 - 2023-07-21 18:30 - 000000000 ____D C:\Users\adminmadogrul\AppData\Local\Adobe 2023-09-21 14:25 - 2023-07-21 18:29 - 000000000 ____D C:\Users\adminmadogrul\AppData\Local\Packages 2023-09-21 14:25 - 2021-11-21 00:59 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-09-21 14:25 - 2021-06-05 14:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-09-21 14:24 - 2023-07-21 18:29 - 000000000 ____D C:\Users\adminmadogrul\AppData\Local\ConnectedDevicesPlatform 2023-09-21 14:21 - 2021-11-21 01:49 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2023-09-21 14:16 - 2021-12-25 03:09 - 000000000 ____D C:\Users\madog\Documents\NBMiner 2023-09-21 14:16 - 2021-12-24 16:35 - 000000000 ____D C:\Users\madog\Documents\NVIDIA 2023-09-20 16:31 - 2023-08-28 18:55 - 000000000 ____D C:\Users\madog\AppData\Local\Pixellu 2023-09-19 18:48 - 2023-09-11 14:53 - 000000000 ____D C:\Users\madog\AppData\Roaming\GGPCOM 2023-09-19 18:48 - 2023-09-11 14:51 - 000000000 ____D C:\Program Files (x86)\GGPoker 2023-09-19 17:39 - 2022-10-21 18:16 - 000001488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk 2023-09-18 21:38 - 2023-01-17 03:15 - 000000000 ____D C:\Users\madog\AppData\Roaming\imagenai 2023-09-18 18:35 - 2021-11-27 00:37 - 000003926 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2023-09-18 18:35 - 2021-11-27 00:37 - 000003802 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2023-09-18 18:31 - 2021-11-21 01:16 - 177941912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-09-18 18:27 - 2023-02-28 07:14 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2023-09-18 18:27 - 2021-11-21 01:52 - 000000000 ____D C:\Program Files (x86)\Adobe 2023-09-18 18:27 - 2021-11-21 01:51 - 000000000 ____D C:\Users\madog\AppData\Local\Adobe 2023-09-14 04:34 - 2021-11-21 00:54 - 007858664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2023-09-14 04:34 - 2021-11-21 00:54 - 006738648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2023-09-13 11:30 - 2022-05-14 10:34 - 000000000 ____D C:\XboxGames 2023-09-13 11:25 - 2022-10-12 17:10 - 000001816 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk 2023-09-13 11:25 - 2022-10-12 17:10 - 000001807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2023-09-13 11:25 - 2021-11-27 00:37 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======== 2021-11-30 18:08 - 2021-11-30 18:11 - 000000015 _____ () C:\Users\madog\AppData\Roaming\cfgpp.json 2021-12-05 22:24 - 2023-06-05 20:01 - 000001456 _____ () C:\Users\madog\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2022-01-14 19:01 - 2022-01-14 19:01 - 000000000 _____ () C:\Users\madog\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================