Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST Log


  • This topic is locked This topic is locked
13 replies to this topic

#1 KaiminsLV

KaiminsLV

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 06 September 2017 - 04:57 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Edza (administrator) on EDZA-PC (07-09-2017 00:51:53)
Running from C:\Users\Edza\Desktop
Loaded Profiles: Edza (Available Profiles: Edza)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\winint.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\scmss.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Users\Edza\AppData\Roaming\SystemLocal63\SystemLogitech.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-05-23] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [winint] => C:\Windows\winint.exe [976896 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2002-01-01]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{053AB6C0-0D62-4123-824E-AD985F3749FD}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1235451165-3031807778-106306492-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-17] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 214ocpoq.default-1495525543999
FF ProfilePath: C:\Users\Edza\AppData\Roaming\Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999 [2017-08-27]
FF Homepage: Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999 -> hxxps://www.google.lv/
FF Extension: (Adblock Plus) - C:\Users\Edza\AppData\Roaming\Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-23]
FF Extension: (No Name) - C:\Users\Edza\AppData\Roaming\Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999\extensions\ascsurfingprotectionnew@iobit.com.xpi [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-20] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-17] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-20] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-23] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (Google Slides) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-23]
CHR Extension: (Google Drive) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Google Sheets) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-23]
CHR Extension: (Lone Tree) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2017-09-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [229648 2016-10-06] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [87584 2017-01-17] (Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-05-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-05-20] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-23] (REALiX™)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2017-05-23] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2017-05-23] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [221824 2017-05-23] (Samsung Electronics Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
Error(1) reading file: "C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUI "
2017-09-07 00:50 - 2017-09-07 00:50 - 000000000 ____D C:\Users\Edza\Desktop\FRST-OlderVersion
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 ____D C:\Users\Edza\AppData\Roaming\hL140
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\Users\Edza\Documents\Rockstar Games
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\Users\Edza\AppData\Local\Rockstar Games
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\ProgramData\Steam
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\ProgramData\Socialclub
2017-09-06 23:33 - 2017-09-06 23:33 - 000406232 _____ C:\Windows\Minidump\090617-36395-01.dmp
2017-09-06 23:31 - 2017-09-06 23:31 - 000000862 _____ C:\Users\Edza\Desktop\Grand Theft Auto V.lnk
2017-09-06 21:44 - 2017-09-06 21:44 - 000011807 _____ C:\Users\Edza\Downloads\7 Days to Die (Action) (RePack) [2013] PC (1).torrent
2017-09-06 21:33 - 2017-09-06 21:33 - 004212384 _____ (Husdawg, LLC) C:\Users\Edza\Downloads\Detection (1).exe
2017-09-06 20:23 - 2017-09-06 20:49 - 000000000 ____D C:\Users\Edza\Downloads\Grand Theft Auto V by xatab
2017-09-06 20:22 - 2017-09-06 20:22 - 000334452 _____ C:\Users\Edza\Downloads\Grand Theft Auto V [RePack] [RUS ENG MULTI11 ENG] (2015) (1.0.877.1) [rutracker-5317562].torrent
2017-09-06 18:47 - 2017-09-06 23:33 - 000000000 ____D C:\Windows\Minidump
2017-09-06 18:47 - 2017-09-06 18:47 - 000406216 _____ C:\Windows\Minidump\090617-29702-01.dmp
2017-09-06 18:46 - 2017-09-06 23:32 - 347868025 _____ C:\Windows\MEMORY.DMP
2017-09-06 17:29 - 2017-09-06 17:35 - 000000000 ____D C:\Users\Edza\Downloads\The.Long.Dark.Season.One-Wintermute-v.1.0.build32178-MULti16-ORiGiNS
2017-09-06 17:29 - 2017-09-06 17:29 - 000018625 _____ C:\Users\Edza\Downloads\The Long Dark [2017] PC.torrent
2017-09-06 16:02 - 2017-09-06 16:02 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-09-06 16:02 - 2017-08-22 02:10 - 000549312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-09-06 16:02 - 2017-08-22 02:10 - 000082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-09-06 16:02 - 2017-08-22 01:33 - 000135800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-09-06 16:02 - 2017-06-15 22:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2017-09-06 16:02 - 2017-06-15 22:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-09-06 16:02 - 2017-06-15 22:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-09-06 16:02 - 2017-06-15 22:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-09-06 15:59 - 2017-08-22 03:40 - 040240248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 035881592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 035314112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 028985976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 023132184 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 021405440 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 018849272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 018704744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 017807096 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 015409088 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-09-06 15:59 - 2017-08-22 03:40 - 014687256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 013782904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 012225984 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 011692528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 010072768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 004188872 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 003802048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 003692216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 003354560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438541.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001597888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438541.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001067456 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000972920 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000924280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000690320 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000512672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000491720 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000429920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-09-06 15:59 - 2017-08-22 03:40 - 000171384 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000149040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-09-06 15:59 - 2017-08-22 03:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-09-06 15:53 - 2017-09-06 15:53 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-09-06 15:53 - 2017-08-22 01:54 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-09-06 15:53 - 2017-08-18 07:32 - 001923008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-09-06 15:53 - 2017-08-17 19:26 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-09-06 15:52 - 2017-08-18 07:32 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-09-06 15:52 - 2017-08-18 07:32 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-09-06 15:50 - 2017-09-06 15:51 - 083769592 _____ (NVIDIA Corporation) C:\Users\Edza\Downloads\GeForce_Experience_v3.9.0.61.exe
2017-09-04 21:07 - 2017-09-04 21:07 - 001724056 _____ ( ) C:\Users\Edza\Downloads\cpu-z_1.80-en.exe
2017-09-04 21:07 - 2017-09-04 21:07 - 000000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2017-09-04 21:07 - 2017-09-04 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-09-04 21:07 - 2017-09-04 21:07 - 000000000 ____D C:\Program Files\CPUID
2017-09-04 19:18 - 2017-09-04 19:19 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Notepad++
2017-09-04 19:18 - 2017-09-04 19:18 - 000000000 ____D C:\Users\Edza\AppData\Local\Notepad++
2017-09-04 19:18 - 2017-09-04 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-09-04 19:18 - 2017-09-04 19:18 - 000000000 ____D C:\Program Files\Notepad++
2017-09-04 19:17 - 2017-09-04 19:17 - 003078176 _____ C:\Users\Edza\Downloads\npp.7.5.1.Installer.x64.exe
2017-09-04 18:48 - 2017-09-04 18:48 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsign4540401172a2dfd4
2017-09-04 18:47 - 2017-09-04 18:47 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsignffcae53d6d9245b0
2017-09-02 20:05 - 2017-09-02 20:04 - 694422142 _____ C:\Users\Edza\Desktop\CSS.rar
2017-09-02 20:03 - 2017-09-02 20:04 - 694422142 _____ C:\Users\Edza\Downloads\CSS.rar
2017-09-02 18:47 - 2017-09-02 18:47 - 000000220 _____ C:\Users\Edza\Desktop\Garry's Mod.url
2017-09-01 22:57 - 2017-09-01 22:57 - 016772153 _____ C:\Users\Edza\Desktop\huzuni.zip
2017-08-29 18:54 - 2017-08-29 19:09 - 000148676 _____ C:\Windows\ntbtlog.txt
2017-08-29 15:50 - 2017-08-29 15:50 - 000000000 ____D C:\Users\Edza\AppData\Local\Microsoft Games
2017-08-29 15:29 - 2017-08-29 15:29 - 000013133 _____ C:\Users\Edza\Desktop\Windows Defender - Shortcut.lnk
2017-08-29 15:19 - 2017-09-07 00:48 - 000007613 _____ C:\Users\Edza\AppData\Local\Resmon.ResmonCfg
2017-08-28 18:00 - 2017-08-28 18:01 - 000000000 ____D C:\Users\Edza\Documents\TheWildEight
2017-08-28 17:59 - 2017-08-28 17:59 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\8 Points
2017-08-28 17:57 - 2017-08-28 18:06 - 000000000 ____D C:\Program Files (x86)\The Wild Eight
2017-08-28 17:55 - 2017-08-28 17:55 - 000000000 ____D C:\Users\Edza\Downloads\The Wild Eight 5.6.2
2017-08-28 17:54 - 2017-08-28 17:54 - 000011199 _____ C:\Users\Edza\Downloads\The Wild Eight [2017] PC.torrent
2017-08-27 14:41 - 2017-09-02 14:24 - 000000000 ___HD C:\Users\Edza\AppData\Roaming\LtdTemp19
2017-08-23 19:01 - 2017-08-23 19:01 - 000000918 _____ C:\Users\Edza\Desktop\Farming Simulator 17.lnk
2017-08-23 19:01 - 2017-08-23 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2017-08-23 18:48 - 2017-08-23 18:48 - 000000000 ___HD C:\Users\Edza\AppData\Roaming\CompMicrosoft19
2017-08-23 18:42 - 2017-08-23 18:43 - 000000000 ____D C:\Users\Edza\Downloads\Farming Simulator 17 by xatab
2017-08-23 18:42 - 2017-08-23 18:42 - 000018245 _____ C:\Users\Edza\Downloads\Farming Simulator 17(Simulator) (v121) [2016 ] PC.torrent
2017-08-23 14:48 - 2017-08-23 14:49 - 000736789 _____ C:\Users\Edza\Downloads\DeathBot 3.91.rar
2017-08-23 14:39 - 2017-09-06 19:02 - 000000000 ____D C:\Users\Edza\AppData\Roaming\.minecraft
2017-08-23 14:39 - 2017-08-23 14:39 - 001680054 _____ (Titan Launcher) C:\Users\Edza\Desktop\Minecraft.exe
2017-08-22 20:16 - 2017-08-22 20:16 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\R-Age
2017-08-22 10:06 - 2017-08-22 10:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-08-22 10:06 - 2017-08-22 10:06 - 000000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2017-08-21 21:07 - 2017-08-21 21:07 - 000003108 _____ C:\Windows\System32\Tasks\{84602153-488F-443D-BDA5-2BE4450F2C1E}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-07 00:52 - 2017-05-22 23:16 - 000013780 _____ C:\Users\Edza\Desktop\FRST.txt
2017-09-07 00:51 - 2017-05-22 23:16 - 000000000 ____D C:\FRST
2017-09-07 00:50 - 2017-05-22 23:16 - 002395648 _____ (Farbar) C:\Users\Edza\Desktop\FRST64.exe
2017-09-07 00:33 - 2002-01-01 05:02 - 000000000 ___HD C:\Users\Edza\AppData\Roaming\SystemLocal63
2017-09-06 23:40 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-06 23:40 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-06 23:39 - 2017-05-16 00:08 - 000716518 _____ C:\Windows\system32\perfh019.dat
2017-09-06 23:39 - 2017-05-16 00:08 - 000150824 _____ C:\Windows\system32\perfc019.dat
2017-09-06 23:39 - 2009-07-14 08:13 - 001649730 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-06 23:39 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2017-09-06 23:35 - 2017-05-15 23:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-06 23:33 - 2017-05-16 21:50 - 000000000 ____D C:\Users\Edza\AppData\Local\LogMeIn Hamachi
2017-09-06 23:33 - 2017-05-16 14:38 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Skype
2017-09-06 23:33 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-06 23:31 - 2017-05-16 19:57 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-09-06 22:31 - 2017-05-16 19:57 - 000000000 ____D C:\Games
2017-09-06 22:31 - 2017-05-16 14:57 - 000000000 ____D C:\Users\Edza\AppData\Roaming\uTorrent
2017-09-06 21:30 - 2017-05-15 23:55 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-06 17:59 - 2017-05-16 22:23 - 000000000 ____D C:\Users\Edza\AppData\Local\CrashDumps
2017-09-06 17:47 - 2017-06-27 16:35 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\Hinterland
2017-09-06 17:47 - 2017-06-15 23:44 - 000000000 ____D C:\Users\Edza\AppData\Local\Hinterland
2017-09-06 17:27 - 2017-05-16 00:10 - 000000000 ____D C:\Users\Edza\Documents\Euro Truck Simulator 2
2017-09-06 16:06 - 2017-05-15 23:05 - 000000000 ____D C:\Users\Edza\AppData\Local\NVIDIA Corporation
2017-09-06 16:05 - 2017-05-15 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-09-06 16:03 - 2017-05-15 23:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-06 16:03 - 2017-05-15 22:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-06 16:01 - 2017-05-15 23:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-06 15:54 - 2017-05-15 23:03 - 000000000 ____D C:\Users\Edza\AppData\Local\NVIDIA
2017-09-05 16:34 - 2017-05-16 15:04 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-09-04 19:23 - 2017-05-23 20:46 - 000000000 ____D C:\Program Files (x86)\MTA San Andreas 1.5
2017-09-04 19:12 - 2017-05-23 20:47 - 000000000 ____D C:\Users\Edza\Desktop\server
2017-09-02 17:42 - 2017-05-16 00:24 - 000000000 ____D C:\ProgramData\TruckersMP
2017-08-30 15:30 - 2017-06-07 13:41 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-08-29 19:32 - 2017-05-16 14:36 - 000000000 ____D C:\Users\Edza\Desktop\Sistēmas ģēlas
2017-08-29 15:36 - 2017-05-23 13:20 - 000000000 ____D C:\Users\Edza\AppData\Roaming\IObit
2017-08-29 15:36 - 2017-05-23 13:20 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\IObit
2017-08-29 15:36 - 2017-05-22 17:43 - 000000000 ____D C:\AdwCleaner
2017-08-29 15:20 - 2017-05-23 13:20 - 000000000 ____D C:\ProgramData\ProductData
2017-08-29 15:15 - 2017-05-23 15:02 - 000002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Edza)
2017-08-28 23:07 - 2017-05-23 15:57 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 23:07 - 2017-05-23 15:57 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 19:02 - 2017-05-15 23:01 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-23 02:28 - 2017-05-29 17:04 - 000000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2017-08-23 02:28 - 2017-05-29 17:04 - 000000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2017-08-22 17:18 - 2017-05-16 15:31 - 000000000 ____D C:\Users\Edza\AppData\Roaming\.simplemc
2017-08-22 10:06 - 2017-05-29 17:04 - 000000153 _____ C:\Users\Default\BullseyeCoverageError.txt
2017-08-22 10:06 - 2017-05-16 21:30 - 000000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2017-08-22 10:04 - 2017-05-29 17:04 - 000000176 _____ C:\Users\Edza\BullseyeCoverageError.txt
2017-08-22 03:40 - 2017-05-15 23:02 - 000512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-08-22 03:40 - 2017-05-15 23:02 - 000418936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-08-22 03:40 - 2017-05-15 22:57 - 000044190 _____ C:\Windows\system32\nvinfo.pb
2017-08-22 02:10 - 2017-05-15 23:02 - 006463424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 002479224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 001762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 000392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 000069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-08-21 21:09 - 2017-05-16 14:38 - 000000000 ____D C:\ProgramData\Skype
2017-08-19 10:10 - 2017-05-15 23:02 - 008142301 _____ C:\Windows\system32\nvcoproc.bin
2017-08-18 07:32 - 2017-05-16 15:04 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-08-18 07:32 - 2017-05-16 15:04 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
 
==================== Files in the root of some directories =======
 
2017-08-29 15:19 - 2017-09-07 00:48 - 000007613 _____ () C:\Users\Edza\AppData\Local\Resmon.ResmonCfg
2017-05-16 14:21 - 2017-05-16 14:21 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-08-02 00:45 - 2017-08-02 00:45 - 000857088 _____ () C:\Users\Edza\AppData\Local\Temp\architecture.exe
2017-05-29 17:04 - 2017-05-29 17:04 - 000008720 _____ () C:\Users\Edza\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-09-06 16:00 - 2016-11-14 12:45 - 000834104 _____ (NVIDIA Corporation) C:\Users\Edza\AppData\Local\Temp\nvStInst.exe
2015-07-31 16:51 - 2015-07-31 16:51 - 000202928 ____R (Microsoft Corporation) C:\Users\Edza\AppData\Local\Temp\ose00000.exe
2017-08-02 04:21 - 2017-08-02 04:21 - 000905611 _____ (Microsoft Security                                          ) C:\Users\Edza\AppData\Local\Temp\persistense32.exe
2017-08-02 04:22 - 2017-08-02 04:22 - 000901967 _____ (Microsoft Security                                          ) C:\Users\Edza\AppData\Local\Temp\persistense64.exe
2017-08-21 21:06 - 2017-08-21 21:06 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Edza\AppData\Local\Temp\SkypeSetup.exe
2017-05-15 23:41 - 2017-05-15 23:41 - 006030288 _____ (Innovative Solutions                                        ) C:\Users\Edza\AppData\Local\Temp\tmp-drivermax4189563.exe
2017-08-28 18:06 - 2017-08-28 17:58 - 000193011 _____ () C:\Users\Edza\AppData\Local\Temp\Uninstall.exe
2017-05-16 14:36 - 2017-05-16 14:36 - 014456872 _____ (Microsoft Corporation) C:\Users\Edza\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-22 10:22
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Edza (07-09-2017 00:52:44)
Running from C:\Users\Edza\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-05-15 19:47:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1235451165-3031807778-106306492-500 - Administrator - Disabled)
Edza (S-1-5-21-1235451165-3031807778-106306492-1000 - Administrator - Enabled) => C:\Users\Edza
Guest (S-1-5-21-1235451165-3031807778-106306492-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe After Effects CC 2017 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F2}) (Version: 14.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
Farming Simulator 17 v.1.2.1.0 (HKLM-x32\...\Farming Simulator 17_is1) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.47.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.47.0000 - GIGABYTE Technology Co.,Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V v.1.0.877.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version:  - )
GTA San Andreas (HKLM-x32\...\GTA San Andreas_is1) (Version:  - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MTA:SA v1.5.4 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.4 - Multi Theft Auto)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8045 - Realtek Semiconductor Corp.)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.15.0.17 - GOG.com)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Windows Driver Package - AMD (amdkmpfd) System  (12/09/2016 16.60.0.0000) (HKLM\...\D2BE684635541753B7ADEB903A532F1A701A5CB7) (Version: 12/09/2016 16.60.0.0000 - AMD)
Windows Driver Package - ATK (MTsensor) System  (05/05/2009 1043.6.0.0) (HKLM\...\A1CE88ECEE452DF2F78DB201E0D9BED96DD08791) (Version: 05/05/2009 1043.6.0.0 - ATK)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\168A519C3E7721ED8CB11C23826D1F5686653733) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Logitech (LHidFilt) Mouse  (06/09/2015 5.90.38) (HKLM\...\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LUsbFilt) HIDClass  (06/09/2015 5.90.38) (HKLM\...\509216C30E3CB187CAF035C305FE09C148B2FCBC) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech DriverInterface  (06/09/2015 5.90.38) (HKLM\...\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - NVIDIA (nvvad_WaveExtensible) MEDIA  (04/05/2017 3.70.2) (HKLM\...\31548E2999ED270B8AB52AF386F2CB12DC2AD878) (Version: 04/05/2017 3.70.2 - NVIDIA)
Windows Driver Package - Qualcomm Atheros (L1C) Net  (01/29/2016 2.1.0.25) (HKLM\...\AD2D37471D7C4AB3F71443E12F84D998444AEB5E) (Version: 01/29/2016 2.1.0.25 - Qualcomm Atheros)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (08/24/2016 2.12.4.0) (HKLM\...\20A343331E4A2AE70DEC0500F4F54CD5DD520E54) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (02/16/2012 2.9.317.0215) (HKLM\...\E0CAD92FE250FCC14EC93AC25546B3C462D94B71) (Version: 02/16/2012 2.9.317.0215 - SAMSUNG Electronics Co., Ltd. )
World of Tanks (HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {189A1AE4-1164-4543-925A-8C3EBCD3A90C} - System32\Tasks\{84602153-488F-443D-BDA5-2BE4450F2C1E} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.39.0.102/lv/abandoninstall?page=tsProgressBar
Task: {1B7F2FF5-FFB3-48CA-B92D-14563D19320E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-10-01] (MSFree Inc.)
Task: {1C9CA889-137C-45F9-B8A8-81694077FDD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {25BA7B66-17B3-4317-9E4C-96175B4EFEC4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {30B922D0-7C97-42A6-8467-5C4A78D71581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {50C56A2C-FCC3-4AC6-BC90-465DDB3C6088} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {5DC7DFB4-A1AB-4EE1-A6FA-49611151DA4A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {7149303A-DDF5-4810-9EED-D14F574B1483} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {79541A0B-F8AC-4A77-A8CB-1233796C70FD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {820A4F90-8C25-4C4E-A07E-19AF53D8D254} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {956B8FFE-E08C-4210-BC74-BCBD29F53A1D} - System32\Tasks\GoogleUpdateTaskMachineCore  => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {9FAE2CB0-AB99-46F2-982E-2A9BE63585E3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {AD2C7F81-1BC4-436C-B4D4-163714EDA5AE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {C50955EE-2BF8-42B0-8D40-A8EC90ED2EC9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {CEFCE4ED-CEA9-4096-BF3E-D57026AC4424} - \GoogleUpdateTaskMachineUI  -> No File <==== ATTENTION
Task: {DB4C680A-EBF3-4E06-A61A-D157F48C66D9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {F27239A5-8BAC-416B-89FC-2D9050EB740A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-23] (Adobe Systems Incorporated)
Task: {F8E99383-518B-4C39-B24C-6E937476BAE9} - System32\Tasks\Driver Booster SkipUAC (Edza) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
Task: {F99B947F-0F9E-406A-B4BC-FCAB40E07AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-15 23:02 - 2017-08-22 02:10 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-07-31 09:59 - 2015-07-31 09:59 - 008901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-29 03:43 - 2017-08-29 03:43 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-09-07 00:33 - 2017-09-07 00:33 - 001128448 _____ () C:\Users\Edza\AppData\Roaming\SystemLocal63\SystemLogitech.exe
2017-08-28 23:07 - 2017-08-23 11:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 23:07 - 2017-08-23 11:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [432]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [432]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\Edza\Application Data:NT [40]
AlternateDataStreams: C:\Users\Edza\Application Data:NT2 [432]
AlternateDataStreams: C:\Users\Edza\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Edza\AppData\Roaming:NT2 [432]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2017-05-30 12:22 - 000000838 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1235451165-3031807778-106306492-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Edza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{41E1645F-2046-42FB-8F82-64EBDE0353A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B3BA01B0-1582-4FFE-9697-E0BDA5408A0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1BA94A24-6107-424E-81F6-34A895022177}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FB9BFC99-8D47-4251-B495-8BA5EC175574}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4E6E4E4A-3433-4996-A9FE-7137F373D5EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C2148CD9-3349-4D5A-AAC8-88050083DB8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6B93F093-3A54-4A65-867C-6211113A212A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{86067D3D-F271-4C73-AE2F-2A8086B3C1EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{3B104D0C-57F2-4D94-BE88-F0C80854B346}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98CA230A-6D2D-41C2-9A23-AFC013064334}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5FC8F561-F096-40BD-9CD6-246363B15C24}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FD594C1-7D5B-4DA0-B1E5-F9DBBBA0A8E3}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{60FFA0D9-599F-4C82-BAA9-62CC529441EC}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAB1677E-7B04-4534-B894-33B131E12F73}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2F63D0B8-0CDE-4861-AE7A-6984F1901A32}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{3088C21A-3BB0-462E-8563-5405D1F77183}C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe] => (Allow) C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe
FirewallRules: [UDP Query User{0A2C9D32-6183-485C-800E-A40C37F95278}C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe] => (Allow) C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe
FirewallRules: [{992C5402-3DDF-4175-A7B5-DE96E4160120}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{5D014A06-808E-4A84-B9A9-3F47671F4B24}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0D998650-6AC2-48B7-8BCC-307AE9B84060}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{39D7092A-761A-4444-8484-10F22D923FFB}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [TCP Query User{40B859C4-BDC9-4B1F-9053-94F50AB1D202}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{BB4D8A5C-0938-498E-9822-CD8F004A6B92}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{A56A19FE-9A8E-41D4-8334-E5DE51C4FFB0}C:\program files\java\jre1.8.0_131\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\java.exe
FirewallRules: [UDP Query User{048484AA-B05A-494B-955E-8D9EF57721BF}C:\program files\java\jre1.8.0_131\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\java.exe
FirewallRules: [{CC91B185-BCCE-4768-A278-24DA641C383D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E18AD3EB-96BE-4D61-A7CF-B6725C8C324D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{CDAD2452-E975-404C-B3B7-B58FDCDE314C}C:\program files (x86)\spintires v.03.03.16\spintires.exe] => (Allow) C:\program files (x86)\spintires v.03.03.16\spintires.exe
FirewallRules: [UDP Query User{5B5BD3CF-F86B-410B-AF47-3481AEC543E0}C:\program files (x86)\spintires v.03.03.16\spintires.exe] => (Allow) C:\program files (x86)\spintires v.03.03.16\spintires.exe
FirewallRules: [TCP Query User{CCA033AC-CB17-4E38-A602-6059B966755C}C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe] => (Allow) C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe
FirewallRules: [UDP Query User{CC022590-D948-4ED7-A67F-74222FD2568E}C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe] => (Allow) C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe
FirewallRules: [TCP Query User{6808A32B-0B1D-4FBB-8B5D-8DA12E73E786}C:\users\edza\desktop\7daystodie32rus\7daystodie.exe] => (Allow) C:\users\edza\desktop\7daystodie32rus\7daystodie.exe
FirewallRules: [UDP Query User{F60536EE-3515-4769-A332-F058807254DB}C:\users\edza\desktop\7daystodie32rus\7daystodie.exe] => (Allow) C:\users\edza\desktop\7daystodie32rus\7daystodie.exe
FirewallRules: [TCP Query User{89BCA63E-EC49-4E99-A6F5-15A6126BEDFC}C:\games\terraria\terrariaserver.exe] => (Allow) C:\games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{72F263B9-B1D4-4600-A1B2-2FED0304578B}C:\games\terraria\terrariaserver.exe] => (Allow) C:\games\terraria\terrariaserver.exe
FirewallRules: [{704CE559-8340-4B07-BDDF-DCE8998D68FE}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{39A96B7B-0DDF-4DEB-956F-116883354929}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{EC2436ED-0E25-4A78-8690-4C350590EA3F}C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe] => (Allow) C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe
FirewallRules: [UDP Query User{847F608B-DC8F-4992-9C02-28EFD3F2D124}C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe] => (Allow) C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe
FirewallRules: [TCP Query User{BA17F3D4-75F1-4AAF-B960-A0A4F70AB69A}C:\program files (x86)\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{8DE53C9B-3B0F-489C-AD69-C6CC9A3DEA24}C:\program files (x86)\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\7 days to die\7daystodie.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{5674009A-0E3F-474A-86DE-F2B267CF392D}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{0546430F-5EA0-447B-9534-90476CCDA306}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{7D9F564F-928D-4E62-85E2-7038E2C86AC4}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{EF77FBE8-037E-4B94-8CFE-8EEDB159071E}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [TCP Query User{6F8A603B-7AE9-4F23-88F2-FC3BC507EF3F}D:\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) D:\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [UDP Query User{4B4A4FD3-4E6E-4C21-9E5E-B020E4FE97EC}D:\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) D:\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [{3684D3D2-D7DE-492E-9FE0-8546B579716B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EC14C870-6B9E-4853-BD3C-102C48DED9EB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EC3DB368-089B-4973-B194-DB4E4B2263D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{3835DD9F-EF35-4780-A1C2-A03566022AC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{9DEA7C45-DD6B-464E-9167-F0CBE0B430D5}C:\games\event[0]\event0.exe] => (Allow) C:\games\event[0]\event0.exe
FirewallRules: [UDP Query User{043AD836-45A3-41B7-8CA8-13FA6D795604}C:\games\event[0]\event0.exe] => (Allow) C:\games\event[0]\event0.exe
FirewallRules: [TCP Query User{CD5F65D4-73D7-4771-BFD3-7AC906F79C6D}C:\users\edza\appdata\local\crossout\launcher.exe] => (Allow) C:\users\edza\appdata\local\crossout\launcher.exe
FirewallRules: [UDP Query User{93C4EE0B-19A4-4485-9E44-FB2989982B6C}C:\users\edza\appdata\local\crossout\launcher.exe] => (Allow) C:\users\edza\appdata\local\crossout\launcher.exe
FirewallRules: [{AE878070-6F7B-4824-A687-180DD5C0CA01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{106996B2-7365-48A1-BE01-2EF863EA0735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B26503E8-1CC2-414B-9FFC-A041B44D373C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{09E5F189-97CC-4428-9ECE-A3D01142AD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{08655C8B-D763-46DC-8796-6B7D1510DBD2}C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe] => (Allow) C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe
FirewallRules: [UDP Query User{82B6C1FD-F06F-43DC-A919-D3996BE31830}C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe] => (Allow) C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe
FirewallRules: [TCP Query User{4338E0E0-B751-4780-AA73-C9CBB65AB237}C:\games\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) C:\games\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [UDP Query User{FD0A8562-5D29-4702-BCD5-AA117055B68A}C:\games\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) C:\games\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [{2E7867E6-43F4-4939-B81E-F7D1268AA1A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D75CFF32-F5E4-4EF9-B4B3-C841BEB51E11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3E12A499-FA0B-409D-92BF-2483E2B0F362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{100E0106-D80C-4F43-B25C-93E9819D7661}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [UDP Query User{27272F82-CBEE-45F6-A09D-C2542078204E}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [TCP Query User{7DB9BDF0-32E3-4669-A37B-51FCAFF342D0}C:\users\edza\desktop\server\mta server.exe] => (Allow) C:\users\edza\desktop\server\mta server.exe
FirewallRules: [UDP Query User{F3CF3A43-3352-417F-A036-7E5DD4325C09}C:\users\edza\desktop\server\mta server.exe] => (Allow) C:\users\edza\desktop\server\mta server.exe
FirewallRules: [{57424FC9-9392-4EF4-8274-5C3E88EE5E28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C79F42E3-26CF-4EBF-BE38-4F15E91DDE43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D990E384-6DE9-4AEA-A517-B9BC345A926D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EF3CD52A-EA3F-48E5-BEAF-C18E7AC229EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D5056DC4-BAF0-4AEC-B0EB-44F69558FB23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4427DA44-72F3-47C5-A3C8-1F278D598E9A}C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe] => (Allow) C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe
FirewallRules: [UDP Query User{A471AD9E-A9E4-417B-8A33-A9510D4E6668}C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe] => (Allow) C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe
FirewallRules: [TCP Query User{572A6D4B-97D1-48F9-806D-331D53E0F745}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0981C87D-83B2-401D-861B-C4917BF737B5}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/06/2017 11:34:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/06/2017 06:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/06/2017 05:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tld.exe, version: 5.6.1.49652, time stamp: 0x5918d3f6
Faulting module name: tld.exe, version: 5.6.1.49652, time stamp: 0x5918d3f6
Exception code: 0xc0000005
Fault offset: 0x00287881
Faulting process id: 0x2c34
Faulting application start time: 0x01d3271f07656ebc
Faulting application path: C:\Program Files (x86)\Hinterland Studio Inc\TheLongDark\tld.exe
Faulting module path: C:\Program Files (x86)\Hinterland Studio Inc\TheLongDark\tld.exe
Report Id: e9c5384e-9313-11e7-bae7-14dae99adadb
 
Error: (09/06/2017 05:04:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERVD.exe, version: 0.0.0.0, time stamp: 0x5957fa92
Faulting module name: ERVD.exe, version: 0.0.0.0, time stamp: 0x5957fa92
Exception code: 0xc0000005
Fault offset: 0x00027fff
Faulting process id: 0x304
Faulting application start time: 0x01d327191b5c5936
Faulting application path: C:\Users\Edza\AppData\Roaming\hL140\ERVD.exe
Faulting module path: C:\Users\Edza\AppData\Roaming\hL140\ERVD.exe
Report Id: 5b140da8-930c-11e7-bae7-14dae99adadb
 
Error: (09/06/2017 04:06:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/01/2002 05:07:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/01/2002 05:06:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/01/2002 05:06:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/01/2002 05:06:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (01/01/2002 05:06:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (09/06/2017 11:33:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0xfffffa8600563c8a, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ed597f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090617-36395-01.
 
Error: (09/06/2017 11:32:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:31:54 on ‎2017.‎09.‎06. was unexpected.
 
Error: (09/06/2017 11:22:25 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (09/06/2017 06:47:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0xfffffa86009e068a, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ecd97f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090617-29702-01.
 
Error: (09/06/2017 06:47:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:45:17 on ‎2017.‎09.‎06. was unexpected.
 
Error: (01/01/2002 05:03:59 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as /. The error:
"740"
Happened while starting this command:
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding
 
Error: (09/05/2017 01:40:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.
 
Error: (09/03/2017 02:48:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.
 
Error: (09/02/2017 01:12:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.
 
Error: (09/01/2017 12:27:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-06 23:32:50.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 23:32:50.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 23:32:50.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 23:32:50.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 18:46:56.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 18:46:56.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 18:46:56.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 18:46:56.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 16:04:24.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-06 16:04:24.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5472 @ 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 4095.12 MB
Available physical RAM: 2761.33 MB
Total Virtual: 8188.43 MB
Available Virtual: 6374.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:345.48 GB) (Free:34.29 GB) NTFS
Drive d: (data) (Fixed) (Total:585.94 GB) (Free:509.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 15581557)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=345.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 06 September 2017 - 06:13 PM

Hi KaiminsLV :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

May I ask you why you're requesting a check-up? Do you think you're infected? If so, what makes you think that you are?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 KaiminsLV

KaiminsLV
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 07 September 2017 - 01:42 AM

My computer had some virus or something like that. When I turn on my computer, it starts normally but after 2 minutes, computer starts getting a massively lags. Lags is causing process called sse2.exe. When I opened file location, it got me to %appdata%\Roaming\hL140 . Then in task manager I found another exe what's called ERVD.exe witch don't cause lags. When I try to end process of sse2.exe it re-apears immidietly and continue causing lags, when I end process tree of ERVD.exe it closes both of exe files. Computer start's to work normally and causes no lags. After few hours ( at different times ) it turns on again and causes same problem. Before posting this log, I tried to scan my computer with various programs, nothing helped. Then I tried to solve it my self, so I went to regedit and using search found some files in Run folder and I deleted them. Also I tried to delete folder hL140, what was succeful but after few hours it appears again, at regedit appeared too. So nothing what I tried doesn't help. Please do not ask me to download those various antivirus programs, because they're not helping. I hope you will find solution for my problem Aura. This problem is heating up my computer. Please help, I hope the best from your side. Thanks.(Sorry for my bad english)


Edited by KaiminsLV, 07 September 2017 - 07:32 AM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 08 September 2017 - 07:34 PM

Thank you for the explanation :) Now, let's get to work. Follow the instructions below.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 KaiminsLV

KaiminsLV
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 09 September 2017 - 06:18 AM

RogueKiller report:

 

RogueKiller V12.11.13.0 (x64) [Sep  4 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Edza [Administrator]
Started from : C:\Users\Edza\Downloads\RogueKiller_portable64.exe
Mode : Delete -- Date : 09/09/2017 13:46:50 (Duration : 00:29:06)
 
¤¤¤ Processes : 2 ¤¤¤
[VT.HEUR:Trojan.Win32.Generic] SystemLogitech.exe(2220) -- C:\Users\Edza\AppData\Roaming\SystemLocal63\SystemLogitech.exe[-] -> Killed [TermProc]
[VT.Trojan.Win32.Generic!BT] winint.exe(3312) -- C:\Windows\winint.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 9 ¤¤¤
[VT.Trojan.Win32.Generic!BT] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | winint : C:\Windows\winint.exe [-] -> Deleted
[VT.Trojan.Win32.Raum.f] (X64) HKEY_USERS\S-1-5-21-1235451165-3031807778-106306492-1000\Software\Microsoft\Windows\CurrentVersion\Run | EVm : "C:\Users\Edza\AppData\Roaming\hL140\ERVD.exe" [-] -> Deleted
[VT.Trojan.Win32.Raum.f] (X86) HKEY_USERS\S-1-5-21-1235451165-3031807778-106306492-1000\Software\Microsoft\Windows\CurrentVersion\Run | EVm : "C:\Users\Edza\AppData\Roaming\hL140\ERVD.exe" [-] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{CD5F65D4-73D7-4771-BFD3-7AC906F79C6D}C:\users\edza\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edza\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{93C4EE0B-19A4-4485-9E44-FB2989982B6C}C:\users\edza\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edza\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{CD5F65D4-73D7-4771-BFD3-7AC906F79C6D}C:\users\edza\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\edza\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{93C4EE0B-19A4-4485-9E44-FB2989982B6C}C:\users\edza\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\edza\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Defer=User| [x] -> Deleted
 
¤¤¤ Tasks : 3 ¤¤¤
[VT.HEUR:Trojan.Win32.Generic] \GoogleUpdateTaskMachineCore  -- C:\Users\Edza\AppData\Roaming\SystemLocal63\SystemLogitech.exe -> Deleted
[Suspicious.Path] \GoogleUpdateTaskMachineUI  -- rundll32 ("C:\Users\Edza\AppData\Local\Temp\is-db82cdf0\mvcrt110.dll",run) -> Deleted
[Hj.Shortcut] \{84602153-488F-443D-BDA5-2BE4450F2C1E} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (https://ui.skype.com/ui/0/7.39.0.102/lv/abandoninstall?page=tsProgressBar) -> Deleted
 
¤¤¤ Files : 8 ¤¤¤
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\oas_sert.cer -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\tap0901.cer -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\devcon.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\OemVista.inf -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.cat -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.sys -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS\bin\driver\x64TAP1 -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\devcon.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.cat -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.inf -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.sys -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS\bin\driver\x64TAP2 -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\FakeClient.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WdfCoInstaller01009.dll -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.dll -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.inf -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.sys -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS\bin\driver\x64WDV -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS\bin\driver -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\KMSSS.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\KMSSS.log -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\TunMirror.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\bin\TunMirror2.exe -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS\bin -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\KMSAuto Net.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAutoS\kmsauto.ini -> Deleted
[Hidden.ADS][Stream] C:\Users\Edza\AppData\Roaming:NT -> Deleted
[Hidden.ADS][Stream] C:\Users\Edza\AppData\Roaming:NT2 -> Deleted
[Tr.Gen0][File] C:\Users\Edza\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Edza\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
[Hidden.ADS][Stream] C:\ProgramData:NT -> Deleted
[Hidden.ADS][Stream] C:\ProgramData:NT2 -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS -> ERROR [3]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Lone Tree [hfmkllfplegemejikoabfpjdaoncphip] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 83fb8108ebd3738f624e4f04907c7eca
[BSP] 980906a7fb71c79e79a139bbf0295263 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 353767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 724721664 | Size: 599999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#6 KaiminsLV

KaiminsLV
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 09 September 2017 - 06:33 AM

MalwareBytes report:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/9/17
Scan Time: 2:21 PM
Log File: 116c4bee-9551-11e7-bf9b-14dae99adadb.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.186
Update Package Version: 1.0.2761
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Edza-PC\Edza
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317119
Threats Detected: 81
Threats Quarantined: 81
Time Elapsed: 5 min, 51 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 81
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_allinonedocs.dl.myway.com_0.localstorage, Quarantined, [259], [240305],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_allinonedocs.dl.myway.com_0.localstorage-journal, Quarantined, [259], [240305],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gamingwonderland.dl.myway.com_0.localstorage, Quarantined, [259], [240305],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gamingwonderland.dl.myway.com_0.localstorage-journal, Quarantined, [259], [240305],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_allinonedocs.dl.tb.ask.com_0.localstorage, Quarantined, [259], [240306],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_allinonedocs.dl.tb.ask.com_0.localstorage-journal, Quarantined, [259], [240306],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gamingwonderland.dl.tb.ask.com_0.localstorage, Quarantined, [259], [240306],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, Quarantined, [259], [240306],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_notehomepage.dl.tb.ask.com_0.localstorage, Quarantined, [259], [240306],1.0.2761
PUP.Optional.MindSpark, C:\USERS\EDZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_notehomepage.dl.tb.ask.com_0.localstorage-journal, Quarantined, [259], [240306],1.0.2761
Trojan.BitCoinMiner, C:\USERS\EDZA\APPDATA\ROAMING\HL140\LYFRRML\XG_2\XAM.EXE, Quarantined, [78], [399446],1.0.2761
Trojan.BitCoinMiner, C:\USERS\EDZA\APPDATA\ROAMING\HL140\LYFRRML\XG01.PK, Quarantined, [78], [399446],1.0.2761
Trojan.BitCoinMiner, C:\USERS\EDZA\APPDATA\ROAMING\HL140\LYFRRML\XM_3\MON32.EXE, Quarantined, [78], [413613],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\UPDATEWIN.TMP, Quarantined, [0], [392686],1.0.2761
Trojan.BitCoinMiner, C:\USERS\EDZA\APPDATA\ROAMING\HL140\LYFRRML\XM03.PK, Quarantined, [78], [413613],1.0.2761
Trojan.EquationDrug, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\DOUBLEPULSAR-1.3.1.EXE, Quarantined, [8401], [390689],1.0.2761
Exploit.Agent.NS, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\ESTEEMAUDITTOUCH-2.1.0.EXE, Quarantined, [8474], [390592],1.0.2761
Exploit.Agent.NS, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\ETERNALCHAMPION-2.0.0.EXE, Quarantined, [8474], [390575],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TIBE-1.DLL, Quarantined, [8614], [400081],1.0.2761
HackTool.Agent, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\LIBCURL.DLL, Quarantined, [439], [400077],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TRFO-0.DLL, Quarantined, [4575], [400030],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TRCH.DLL, Quarantined, [4575], [400029],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\DB82CDF1\CRASH-REPORTER\__INIT__, Quarantined, [0], [392686],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\UCL.DLL, Quarantined, [4575], [400027],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\PCRE-0.DLL, Quarantined, [8614], [400096],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\EXMA.DLL, Quarantined, [4575], [400051],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TIBE-2.DLL, Quarantined, [8614], [400078],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TRCH-1.DLL, Quarantined, [4575], [400050],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TRFO-2.DLL, Quarantined, [8614], [400079],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\PCLA-0.DLL, Quarantined, [8614], [400066],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TUCL.DLL, Quarantined, [4575], [400024],1.0.2761
Trojan.Agent, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\X86.DLL, Quarantined, [19], [432643],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\RIAR-2.DLL, Quarantined, [8614], [400069],1.0.2761
HackTool.Agent, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\ZLIB1.DLL, Quarantined, [439], [400073],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\INCSTORAGE.EXE, Quarantined, [0], [392686],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TRCH-0.DLL, Quarantined, [4575], [400049],1.0.2761
Trojan.EquationDrug, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\E1, Quarantined, [8401], [390689],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TUCL-1.DLL, Quarantined, [4575], [400019],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\ZIBE.DLL, Quarantined, [8614], [400074],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\DB82CDF1\CRASH-REPORTER\REPORTER.EXE, Quarantined, [0], [392686],1.0.2761
Trojan.EquationDrug, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\ETCH-0.DLL, Quarantined, [8401], [390255],1.0.2761
Exploit.Agent.NS, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\ETERNALBLUE-2.2.0.EXE, Quarantined, [8474], [390583],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\EXMA-1.DLL, Quarantined, [8614], [400065],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\LIBXML2.DLL, Quarantined, [8614], [400070],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TIBE.DLL, Quarantined, [8614], [400076],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\TRFO.DLL, Quarantined, [8614], [400075],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\EA\XDVL-0.DLL, Quarantined, [8614], [400080],1.0.2761
Trojan.EquationDrug, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\DOUBLEPULSAR-1.3.1.EXE, Quarantined, [8401], [390689],1.0.2761
Exploit.Agent.NS, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\ESTEEMAUDITTOUCH-2.1.0.EXE, Quarantined, [8474], [390592],1.0.2761
Exploit.Agent.NS, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\ETERNALCHAMPION-2.0.0.EXE, Quarantined, [8474], [390575],1.0.2761
HackTool.Agent, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\LIBCURL.DLL, Quarantined, [439], [400077],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TRCH.DLL, Quarantined, [4575], [400029],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\UCL.DLL, Quarantined, [4575], [400027],1.0.2761
Trojan.EquationDrug, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\E1, Quarantined, [8401], [390689],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\DB82CDEE\CRASH-REPORTER\__INIT__, Quarantined, [0], [392686],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\EXMA.DLL, Quarantined, [4575], [400051],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\PCLA-0.DLL, Quarantined, [8614], [400066],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\RIAR-2.DLL, Quarantined, [8614], [400069],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TRCH-0.DLL, Quarantined, [4575], [400049],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TUCL-1.DLL, Quarantined, [4575], [400019],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TIBE-2.DLL, Quarantined, [8614], [400078],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TRFO-2.DLL, Quarantined, [8614], [400079],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\ZIBE.DLL, Quarantined, [8614], [400074],1.0.2761
Trojan.Agent, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\X86.DLL, Quarantined, [19], [432643],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\PCRE-0.DLL, Quarantined, [8614], [400096],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TRCH-1.DLL, Quarantined, [4575], [400050],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TUCL.DLL, Quarantined, [4575], [400024],1.0.2761
HackTool.Agent, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\ZLIB1.DLL, Quarantined, [439], [400073],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TIBE-1.DLL, Quarantined, [8614], [400081],1.0.2761
Worm.EternalRocks, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TRFO-0.DLL, Quarantined, [4575], [400030],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\SYSTEMLOGITECH.EXE, Quarantined, [0], [392686],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\DB82CDEE\CRASH-REPORTER\REPORTER.EXE, Quarantined, [0], [392686],1.0.2761
Trojan.EquationDrug, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\ETCH-0.DLL, Quarantined, [8401], [390255],1.0.2761
Exploit.Agent.NS, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\ETERNALBLUE-2.2.0.EXE, Quarantined, [8474], [390583],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\EXMA-1.DLL, Quarantined, [8614], [400065],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\LIBXML2.DLL, Quarantined, [8614], [400070],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TIBE.DLL, Quarantined, [8614], [400076],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\TRFO.DLL, Quarantined, [8614], [400075],1.0.2761
Trojan.ShadowBrokers, C:\USERS\EDZA\APPDATA\ROAMING\SYSTEMLOCAL63\EA\XDVL-0.DLL, Quarantined, [8614], [400080],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\LOCAL\TEMP\IS-DB82CDF0\DB82CDED.A\SMSS.EXE, Quarantined, [0], [392686],1.0.2761
Generic.Malware/Suspicious, C:\USERS\EDZA\APPDATA\LOCAL\TEMP\IS-DB82CDF0\DB82CDF0.A\SMSS.EXE, Quarantined, [0], [392686],1.0.2761
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#7 KaiminsLV

KaiminsLV
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 09 September 2017 - 07:07 AM

I think problem is solved now, because on PC startup, those .exe files didn't started and PC run's smoothy. If something will appear today, I will let you know. If I need to run or fix something, you should say. Thanks for help already. :)



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 09 September 2017 - 09:36 AM

That's good news :) In the meantime, can you provide me a fresh set of FRST logs so I can see if there's anything left just in case?

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 KaiminsLV

KaiminsLV
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 09 September 2017 - 12:11 PM

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Edza (administrator) on EDZA-PC (09-09-2017 19:50:44)
Running from C:\Users\Edza\Desktop
Loaded Profiles: Edza (Available Profiles: Edza)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Edza\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\Edza\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CWER.ws/blog/punsh (Vladimir aka punsh)) C:\Users\Edza\Desktop\Sony Vegas 12\VegasPortable.exe
(Sony Creative Software Inc.) C:\Users\Edza\Desktop\Sony Vegas 12\App\Sony\Vegas Pro 12.0\vegas120.exe
(Sony Creative Software Inc.) C:\Users\Edza\Desktop\Sony Vegas 12\App\Sony\Vegas Pro 12.0\ErrorReportLauncher.exe
(Sony Creative Software Inc.) C:\Users\Edza\Desktop\Sony Vegas 12\App\Sony\Vegas Pro 12.0\x86\FileIOSurrogate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-05-23] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2002-01-01]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{053AB6C0-0D62-4123-824E-AD985F3749FD}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1235451165-3031807778-106306492-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-17] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 214ocpoq.default-1495525543999
FF ProfilePath: C:\Users\Edza\AppData\Roaming\Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999 [2017-08-27]
FF Homepage: Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999 -> hxxps://www.google.lv/
FF Extension: (Adblock Plus) - C:\Users\Edza\AppData\Roaming\Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-23]
FF Extension: (No Name) - C:\Users\Edza\AppData\Roaming\Mozilla\Firefox\Profiles\214ocpoq.default-1495525543999\extensions\ascsurfingprotectionnew@iobit.com.xpi [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-20] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-17] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-20] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-23] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Google Slides) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-23]
CHR Extension: (Google Docs) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-23]
CHR Extension: (Google Drive) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Google Sheets) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-23]
CHR Extension: (Nissan GT-R R35 - Full HD - Axlg) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplbkekcdpllncencamdgeiedjndnjba [2017-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\Edza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [229648 2016-10-06] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [87584 2017-01-17] (Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-05-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-05-20] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-23] (REALiX™)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2017-05-23] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2017-05-23] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [221824 2017-05-23] (Samsung Electronics Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-09 19:32 - 2017-09-09 19:32 - 1801249870 _____ C:\Users\Edza\Desktop\Outlast.mp4
2017-09-09 19:19 - 2017-09-09 19:32 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Sony
2017-09-09 19:19 - 2017-09-09 19:19 - 000001095 _____ C:\Users\Edza\Desktop\Vegas Pro 12.0.lnk
2017-09-09 19:19 - 2017-09-09 19:19 - 000000000 ____D C:\ProgramData\Sony
2017-09-09 19:17 - 2017-09-09 19:19 - 000000000 ____D C:\Users\Edza\AppData\Local\Sony
2017-09-09 19:17 - 2013-04-11 13:55 - 000808440 _____ (Gracenote) C:\Windows\SysWOW64\CDDBUI.dll
2017-09-09 19:17 - 2013-04-11 13:55 - 000796152 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\CDDBControl.dll
2017-09-09 19:17 - 2013-04-11 13:55 - 000169464 _____ (Gracenote) C:\Windows\SysWOW64\CddbLangRU.dll
2017-09-09 19:16 - 2017-09-09 19:17 - 000000000 ____D C:\Users\Edza\Desktop\Sony Vegas 12
2017-09-09 19:16 - 2017-09-09 19:16 - 000000000 ____D C:\Users\Edza\Downloads\Portable SONY Vegas Pro 12.0 Build 670 x64
2017-09-09 19:15 - 2017-09-09 19:15 - 000019834 _____ C:\Users\Edza\Downloads\Sony Vegas Pro v 12.0 Build 714 [2013, ENG RUS] Portable by Punsh [rutracker-4537636].torrent
2017-09-09 19:15 - 2017-09-09 19:15 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\uTorrent
2017-09-09 16:26 - 2017-09-09 16:37 - 000001277 _____ C:\Users\Edza\Desktop\7 Days To Die.lnk
2017-09-09 16:08 - 2017-09-09 17:19 - 000000000 ____D C:\Users\Edza\Desktop\7 Days To Die v14.7
2017-09-09 16:08 - 2017-09-09 16:08 - 000085819 _____ C:\Users\Edza\Downloads\[В разработке] 7 Days To Die [P] [ENG] (2013) (Alpha 14.7) [rutracker-5273084].torrent
2017-09-09 14:19 - 2017-09-09 14:19 - 065942208 _____ (Malwarebytes ) C:\Users\Edza\Desktop\mb3-setup-1878.1878-3.2.2.2018.exe
2017-09-09 14:19 - 2017-09-09 14:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-09 14:18 - 2017-09-09 14:19 - 065942208 _____ (Malwarebytes ) C:\Users\Edza\Downloads\mb3-setup-1878.1878-3.2.2.2018.exe
2017-09-09 13:46 - 2017-09-09 14:19 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-09 13:46 - 2017-09-09 13:46 - 026680904 _____ C:\Users\Edza\Downloads\RogueKiller_portable64.exe
2017-09-09 13:46 - 2017-09-09 13:46 - 026680904 _____ C:\Users\Edza\Desktop\RogueKiller_portable64.exe
2017-09-09 13:46 - 2017-09-09 13:46 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-09 00:18 - 2017-09-09 00:18 - 000030803 _____ C:\Users\Edza\Desktop\Untitled.camproj
2017-09-08 23:37 - 2017-09-09 19:21 - 000000000 ____D C:\Users\Edza\Desktop\SpelesLV intro
2017-09-08 23:34 - 2017-09-08 23:34 - 005292146 _____ C:\Users\Edza\Downloads\looperman-l-1882465-0111323-ev054-big-room-is-alive.wav
2017-09-08 23:34 - 2017-09-08 23:34 - 005292146 _____ C:\Users\Edza\Desktop\looperman-l-1882465-0111323-ev054-big-room-is-alive.wav
2017-09-08 23:27 - 2017-09-08 23:27 - 000000000 ____D C:\Windows\SysWOW64\QuickTime
2017-09-08 23:13 - 2017-09-08 23:14 - 000000000 ____D C:\Users\Edza\Downloads\Camtasia.Studio.v7.1.0.1631
2017-09-08 23:12 - 2017-09-08 23:12 - 000014506 _____ C:\Users\Edza\Downloads\TechSmith Camtasia Studio 7.1.0 Build 1631 x86+x64 [2010, ENG] [rutracker-3318627].torrent
2017-09-08 22:58 - 2017-09-08 22:58 - 516107296 _____ C:\Users\Edza\Desktop\SpelesLV Intro [No sound].avi
2017-09-08 21:14 - 2017-09-08 21:14 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsignb300c5471a8388a5
2017-09-08 21:14 - 2017-09-08 21:14 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsign57d7855a1a269c72
2017-09-08 21:10 - 2017-09-08 23:10 - 000005373 _____ C:\Users\Edza\Desktop\Untitled Project.tscproj
2017-09-08 21:01 - 2017-09-09 19:12 - 000000000 ____D C:\ProgramData\TechSmith
2017-09-08 21:01 - 2017-09-08 21:01 - 000000000 ____D C:\Program Files\TechSmith
2017-09-08 20:52 - 2017-09-08 20:52 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsignc77e861c459b074d
2017-09-08 20:52 - 2017-09-08 20:52 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsign3e4cfb1fe0e2d10b
2017-09-08 20:50 - 2017-09-08 20:52 - 000000000 ____D C:\Users\Edza\Downloads\TechSmith Camtasia Studio v9.0.4 Build 1948 Final (x64) Eng_Rus
2017-09-08 20:50 - 2017-09-08 20:50 - 000011991 _____ C:\Users\Edza\Downloads\TechSmith Camtasia Studio v9.0.4 Build 1948 Final (x64) [2017,Eng Rus] [rutracker-5392280].torrent
2017-09-08 20:46 - 2017-09-08 21:02 - 000000000 ____D C:\Users\Edza\AppData\Roaming\TechSmith
2017-09-08 20:45 - 2017-09-08 23:27 - 000000000 ____D C:\Users\Edza\Documents\Camtasia Studio
2017-09-08 20:45 - 2017-09-08 21:05 - 000000000 ____D C:\Users\Edza\AppData\Local\TechSmith
2017-09-08 20:39 - 2017-09-08 20:40 - 000000000 ____D C:\Users\Edza\Downloads\Camtasia Studio 9.0.5.2021 RePack by PooShock ENG-RUS
2017-09-08 20:38 - 2017-09-08 20:38 - 000014338 _____ C:\Users\Edza\Downloads\TechSmith Camtasia Studio 9.0.5 build 2021 RePack by PooShock [2017, ENG + RUS] [rutracker-5450394].torrent
2017-09-08 16:48 - 2017-09-08 16:48 - 000406192 _____ C:\Windows\Minidump\090817-32417-01.dmp
2017-09-08 16:21 - 2017-09-08 16:21 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsignc7a5b3d262ac175b
2017-09-08 16:21 - 2017-09-08 16:21 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsignc729e23a2a2147aa
2017-09-08 16:16 - 2017-09-08 16:16 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsign4a75e10ce3c0be57
2017-09-08 16:16 - 2017-09-08 16:16 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsign0a800fabd4bef874
2017-09-08 16:14 - 2017-09-08 16:14 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Publish Providers
2017-09-08 16:06 - 2017-09-08 16:11 - 000000000 ____D C:\Users\Edza\Downloads\Sony Vegas Pro v13.0 Build 453 (x64) Rus Portable by Punsh
2017-09-08 16:05 - 2017-09-08 16:05 - 000011689 _____ C:\Users\Edza\Downloads\Sony Vegas Pro v13.0 Build 453 (x64) Portable by Punsh [2015,Rus,x64] [rutracker-5023694].torrent
2017-09-08 15:34 - 2017-09-08 15:36 - 000000000 ____D C:\Fraps
2017-09-08 15:34 - 2017-09-08 15:34 - 000000562 _____ C:\Users\Edza\Desktop\Fraps.lnk
2017-09-08 15:34 - 2017-09-08 15:34 - 000000000 ____D C:\Users\Edza\Downloads\Beepa Fraps v3.4.7 Build 13808 Retail
2017-09-08 15:34 - 2017-09-08 15:34 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2017-09-08 15:33 - 2017-09-08 15:33 - 000005524 _____ C:\Users\Edza\Downloads\Fraps 3.4.7 Build 13808 [2011, ENG + RUS] [rutracker-4044111].torrent
2017-09-08 14:22 - 2017-09-08 14:22 - 000000738 _____ C:\Users\Edza\Desktop\Outlast.lnk
2017-09-08 14:22 - 2017-09-08 14:22 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Outlast
2017-09-08 14:22 - 2017-09-08 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2017-09-08 14:10 - 2017-09-08 14:14 - 000000000 ____D C:\Users\Edza\Downloads\Outlast [RePack] [RUS  RUS] (2013) + DLC Whistleblower [ENG  RUS]
2017-09-08 14:10 - 2017-09-08 14:10 - 000016584 _____ C:\Users\Edza\Downloads\Outlast [RePack] [RUS RUS] (2013) + DLC Whistleblower [ENG RUS] (2014) [rutracker-5137167].torrent
2017-09-08 00:51 - 2017-09-08 00:51 - 000000000 ____D C:\ProgramData\Unknown Worlds
2017-09-08 00:49 - 2017-09-08 00:49 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\Unknown Worlds
2017-09-08 00:16 - 2017-09-08 00:27 - 997500194 _____ C:\Users\Edza\Downloads\Subnautica_build761_v52724.rar
2017-09-08 00:16 - 2017-09-08 00:16 - 000013079 _____ C:\Users\Edza\Downloads\[В разработке] Subnautica [RePack] [RUS ENG] (2014) (build 761 (52724)) [rutracker-5414966].torrent
2017-09-07 23:10 - 2017-09-09 01:49 - 000000000 ____D C:\Users\Edza\AppData\Roaming\hL140
2017-09-07 23:08 - 2017-09-07 23:08 - 000001091 _____ C:\Users\Public\Desktop\Kerbal Space Program.lnk
2017-09-07 23:08 - 2017-09-07 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program
2017-09-07 23:04 - 2017-09-07 23:08 - 000000000 ____D C:\Program Files (x86)\Kerbal Space Program
2017-09-07 23:00 - 2017-09-07 23:03 - 980714137 _____ ( ) C:\Users\Edza\Downloads\Kerbal Space Program(ENG).exe
2017-09-07 23:00 - 2017-09-07 23:00 - 000019178 _____ C:\Users\Edza\Downloads\Kerbal Space Program [L] [ENG] (2015) (1.3.0.1804) [rutracker-5440552].torrent
2017-09-07 22:50 - 2017-09-07 22:49 - 000052190 _____ C:\Users\Edza\Desktop\csteamworks (1).zip
2017-09-07 22:49 - 2017-09-07 22:49 - 000052190 _____ C:\Users\Edza\Downloads\csteamworks (1).zip
2017-09-07 22:46 - 2017-09-09 17:38 - 000000000 ____D C:\Users\Edza\AppData\Roaming\7DaysToDie
2017-09-07 22:34 - 2017-09-07 22:34 - 000013843 _____ C:\Users\Edza\Downloads\[В разработке] 7 Days To Die [P] [RUS ENG] (2013) (15 b105) [rutracker-5295360].torrent
2017-09-07 19:13 - 2017-09-07 19:13 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\Freejam
2017-09-07 19:04 - 2017-09-07 19:04 - 000000000 ____D C:\Users\Edza\AppData\Roaming\EasyAntiCheat
2017-09-07 19:02 - 2017-09-07 19:02 - 000000222 _____ C:\Users\Edza\Desktop\Robocraft.url
2017-09-07 00:50 - 2017-09-07 00:50 - 000000000 ____D C:\Users\Edza\Desktop\FRST-OlderVersion
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\Users\Edza\Documents\Rockstar Games
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\Users\Edza\AppData\Local\Rockstar Games
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\ProgramData\Steam
2017-09-06 23:34 - 2017-09-06 23:34 - 000000000 ____D C:\ProgramData\Socialclub
2017-09-06 23:33 - 2017-09-06 23:33 - 000406232 _____ C:\Windows\Minidump\090617-36395-01.dmp
2017-09-06 21:44 - 2017-09-06 21:44 - 000011807 _____ C:\Users\Edza\Downloads\7 Days to Die (Action) (RePack) [2013] PC (1).torrent
2017-09-06 21:33 - 2017-09-06 21:33 - 004212384 _____ (Husdawg, LLC) C:\Users\Edza\Downloads\Detection (1).exe
2017-09-06 20:23 - 2017-09-06 20:49 - 000000000 ____D C:\Users\Edza\Downloads\Grand Theft Auto V by xatab
2017-09-06 20:22 - 2017-09-06 20:22 - 000334452 _____ C:\Users\Edza\Downloads\Grand Theft Auto V [RePack] [RUS ENG MULTI11 ENG] (2015) (1.0.877.1) [rutracker-5317562].torrent
2017-09-06 18:47 - 2017-09-08 16:48 - 000000000 ____D C:\Windows\Minidump
2017-09-06 18:47 - 2017-09-06 18:47 - 000406216 _____ C:\Windows\Minidump\090617-29702-01.dmp
2017-09-06 18:46 - 2017-09-08 16:48 - 346971641 _____ C:\Windows\MEMORY.DMP
2017-09-06 17:29 - 2017-09-06 17:35 - 000000000 ____D C:\Users\Edza\Downloads\The.Long.Dark.Season.One-Wintermute-v.1.0.build32178-MULti16-ORiGiNS
2017-09-06 17:29 - 2017-09-06 17:29 - 000018625 _____ C:\Users\Edza\Downloads\The Long Dark [2017] PC.torrent
2017-09-06 16:02 - 2017-09-06 16:02 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-09-06 16:02 - 2017-08-22 02:10 - 000549312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-09-06 16:02 - 2017-08-22 02:10 - 000082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-09-06 16:02 - 2017-08-22 01:33 - 000135800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-09-06 16:02 - 2017-06-15 22:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2017-09-06 16:02 - 2017-06-15 22:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-09-06 16:02 - 2017-06-15 22:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-09-06 16:02 - 2017-06-15 22:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-09-06 15:59 - 2017-08-22 03:40 - 040240248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 035881592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 035314112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 028985976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 023132184 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 021405440 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 018849272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 018704744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 017807096 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 015409088 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-09-06 15:59 - 2017-08-22 03:40 - 014687256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 013782904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 012225984 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 011692528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 010072768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 004188872 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 003802048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 003692216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 003354560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438541.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001597888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438541.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001067456 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000972920 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000924280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000690320 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000512672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000491720 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000429920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-09-06 15:59 - 2017-08-22 03:40 - 000171384 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000149040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-09-06 15:59 - 2017-08-22 03:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-09-06 15:59 - 2017-08-22 03:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-09-06 15:53 - 2017-09-06 15:53 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-06 15:53 - 2017-09-06 15:53 - 000001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-09-06 15:53 - 2017-08-22 01:54 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-09-06 15:53 - 2017-08-18 07:32 - 001923008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-09-06 15:53 - 2017-08-17 19:26 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-09-06 15:52 - 2017-08-18 07:32 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-09-06 15:52 - 2017-08-18 07:32 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-09-06 15:50 - 2017-09-06 15:51 - 083769592 _____ (NVIDIA Corporation) C:\Users\Edza\Downloads\GeForce_Experience_v3.9.0.61.exe
2017-09-04 21:07 - 2017-09-04 21:07 - 001724056 _____ ( ) C:\Users\Edza\Downloads\cpu-z_1.80-en.exe
2017-09-04 21:07 - 2017-09-04 21:07 - 000000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2017-09-04 21:07 - 2017-09-04 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-09-04 21:07 - 2017-09-04 21:07 - 000000000 ____D C:\Program Files\CPUID
2017-09-04 19:18 - 2017-09-04 19:19 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Notepad++
2017-09-04 19:18 - 2017-09-04 19:18 - 000000000 ____D C:\Users\Edza\AppData\Local\Notepad++
2017-09-04 19:18 - 2017-09-04 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-09-04 19:18 - 2017-09-04 19:18 - 000000000 ____D C:\Program Files\Notepad++
2017-09-04 19:17 - 2017-09-04 19:17 - 003078176 _____ C:\Users\Edza\Downloads\npp.7.5.1.Installer.x64.exe
2017-09-04 18:48 - 2017-09-04 18:48 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsign4540401172a2dfd4
2017-09-04 18:47 - 2017-09-04 18:47 - 000000000 ____D C:\Users\Edza\AppData\Local\Tempzxpsignffcae53d6d9245b0
2017-09-02 20:05 - 2017-09-02 20:04 - 694422142 _____ C:\Users\Edza\Desktop\CSS.rar
2017-09-02 20:03 - 2017-09-02 20:04 - 694422142 _____ C:\Users\Edza\Downloads\CSS.rar
2017-09-02 18:47 - 2017-09-02 18:47 - 000000220 _____ C:\Users\Edza\Desktop\Garry's Mod.url
2017-09-01 22:57 - 2017-09-01 22:57 - 016772153 _____ C:\Users\Edza\Desktop\huzuni.zip
2017-08-29 18:54 - 2017-08-29 19:09 - 000148676 _____ C:\Windows\ntbtlog.txt
2017-08-29 15:50 - 2017-08-29 15:50 - 000000000 ____D C:\Users\Edza\AppData\Local\Microsoft Games
2017-08-29 15:29 - 2017-08-29 15:29 - 000013133 _____ C:\Users\Edza\Desktop\Windows Defender - Shortcut.lnk
2017-08-29 15:19 - 2017-09-07 00:48 - 000007613 _____ C:\Users\Edza\AppData\Local\Resmon.ResmonCfg
2017-08-28 18:00 - 2017-08-28 18:01 - 000000000 ____D C:\Users\Edza\Documents\TheWildEight
2017-08-28 17:59 - 2017-08-28 17:59 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\8 Points
2017-08-28 17:55 - 2017-08-28 17:55 - 000000000 ____D C:\Users\Edza\Downloads\The Wild Eight 5.6.2
2017-08-28 17:54 - 2017-08-28 17:54 - 000011199 _____ C:\Users\Edza\Downloads\The Wild Eight [2017] PC.torrent
2017-08-27 14:41 - 2017-09-09 14:29 - 000000000 ___HD C:\Users\Edza\AppData\Roaming\LtdTemp19
2017-08-23 19:01 - 2017-08-23 19:01 - 000000918 _____ C:\Users\Edza\Desktop\Farming Simulator 17.lnk
2017-08-23 19:01 - 2017-08-23 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2017-08-23 18:48 - 2017-08-23 18:48 - 000000000 ___HD C:\Users\Edza\AppData\Roaming\CompMicrosoft19
2017-08-23 18:42 - 2017-08-23 18:43 - 000000000 ____D C:\Users\Edza\Downloads\Farming Simulator 17 by xatab
2017-08-23 18:42 - 2017-08-23 18:42 - 000018245 _____ C:\Users\Edza\Downloads\Farming Simulator 17(Simulator) (v121) [2016 ] PC.torrent
2017-08-23 14:48 - 2017-08-23 14:49 - 000736789 _____ C:\Users\Edza\Downloads\DeathBot 3.91.rar
2017-08-23 14:39 - 2017-09-06 19:02 - 000000000 ____D C:\Users\Edza\AppData\Roaming\.minecraft
2017-08-23 14:39 - 2017-08-23 14:39 - 001680054 _____ (Titan Launcher) C:\Users\Edza\Desktop\Minecraft.exe
2017-08-22 20:16 - 2017-08-22 20:16 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\R-Age
2017-08-22 10:06 - 2017-08-22 10:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-08-22 10:06 - 2017-08-22 10:06 - 000000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-09 19:57 - 2017-05-16 14:57 - 000000000 ____D C:\Users\Edza\AppData\Roaming\uTorrent
2017-09-09 19:55 - 2017-05-22 23:16 - 000014963 _____ C:\Users\Edza\Desktop\FRST.txt
2017-09-09 19:52 - 2017-05-16 14:38 - 000000000 ____D C:\Users\Edza\AppData\Roaming\Skype
2017-09-09 19:50 - 2017-05-22 23:16 - 000000000 ____D C:\FRST
2017-09-09 19:12 - 2017-05-15 22:47 - 000000000 ____D C:\Users\Edza
2017-09-09 15:17 - 2017-05-15 23:55 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-09 14:38 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-09 14:38 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-09 14:36 - 2017-05-16 00:08 - 000716518 _____ C:\Windows\system32\perfh019.dat
2017-09-09 14:36 - 2017-05-16 00:08 - 000150824 _____ C:\Windows\system32\perfc019.dat
2017-09-09 14:36 - 2009-07-14 08:13 - 001649730 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-09 14:36 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2017-09-09 14:33 - 2017-05-16 21:50 - 000000000 ____D C:\Users\Edza\AppData\Local\LogMeIn Hamachi
2017-09-09 14:33 - 2017-05-15 23:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-09 14:30 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-09 14:29 - 2002-01-01 05:02 - 000000000 ___HD C:\Users\Edza\AppData\Roaming\SystemLocal63
2017-09-09 13:42 - 2009-07-14 07:45 - 005102920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-08 23:11 - 2017-05-15 23:01 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-08 21:02 - 2017-05-15 23:51 - 000113624 _____ C:\Users\Edza\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-08 15:17 - 2017-05-20 20:29 - 000000000 ____D C:\Users\Edza\Documents\My Games
2017-09-08 14:16 - 2017-05-16 19:57 - 000000000 ____D C:\Games
2017-09-08 00:10 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\LiveKernelReports
2017-09-07 16:13 - 2017-05-16 22:23 - 000000000 ____D C:\Users\Edza\AppData\Local\CrashDumps
2017-09-07 15:56 - 2017-05-15 23:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-07 00:55 - 2017-05-22 23:17 - 000044188 _____ C:\Users\Edza\Desktop\Addition.txt
2017-09-07 00:50 - 2017-05-22 23:16 - 002395648 _____ (Farbar) C:\Users\Edza\Desktop\FRST64.exe
2017-09-06 23:31 - 2017-05-16 19:57 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-09-06 17:47 - 2017-06-27 16:35 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\Hinterland
2017-09-06 17:47 - 2017-06-15 23:44 - 000000000 ____D C:\Users\Edza\AppData\Local\Hinterland
2017-09-06 17:27 - 2017-05-16 00:10 - 000000000 ____D C:\Users\Edza\Documents\Euro Truck Simulator 2
2017-09-06 16:06 - 2017-05-15 23:05 - 000000000 ____D C:\Users\Edza\AppData\Local\NVIDIA Corporation
2017-09-06 16:05 - 2017-05-15 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-09-06 16:03 - 2017-05-15 22:56 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-06 16:01 - 2017-05-15 23:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-06 15:54 - 2017-05-15 23:03 - 000000000 ____D C:\Users\Edza\AppData\Local\NVIDIA
2017-09-05 16:34 - 2017-05-16 15:04 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-09-04 19:23 - 2017-05-23 20:46 - 000000000 ____D C:\Program Files (x86)\MTA San Andreas 1.5
2017-09-04 19:12 - 2017-05-23 20:47 - 000000000 ____D C:\Users\Edza\Desktop\server
2017-09-02 17:42 - 2017-05-16 00:24 - 000000000 ____D C:\ProgramData\TruckersMP
2017-08-29 19:32 - 2017-05-16 14:36 - 000000000 ____D C:\Users\Edza\Desktop\Sistēmas ģēlas
2017-08-29 15:36 - 2017-05-23 13:20 - 000000000 ____D C:\Users\Edza\AppData\Roaming\IObit
2017-08-29 15:36 - 2017-05-23 13:20 - 000000000 ____D C:\Users\Edza\AppData\LocalLow\IObit
2017-08-29 15:36 - 2017-05-22 17:43 - 000000000 ____D C:\AdwCleaner
2017-08-29 15:20 - 2017-05-23 13:20 - 000000000 ____D C:\ProgramData\ProductData
2017-08-29 15:15 - 2017-05-23 15:02 - 000002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Edza)
2017-08-28 23:07 - 2017-05-23 15:57 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 23:07 - 2017-05-23 15:57 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 02:28 - 2017-05-29 17:04 - 000000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2017-08-23 02:28 - 2017-05-29 17:04 - 000000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2017-08-22 17:18 - 2017-05-16 15:31 - 000000000 ____D C:\Users\Edza\AppData\Roaming\.simplemc
2017-08-22 10:06 - 2017-05-29 17:04 - 000000153 _____ C:\Users\Default\BullseyeCoverageError.txt
2017-08-22 10:06 - 2017-05-16 21:30 - 000000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2017-08-22 10:04 - 2017-05-29 17:04 - 000000176 _____ C:\Users\Edza\BullseyeCoverageError.txt
2017-08-22 03:40 - 2017-05-15 23:02 - 000512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-08-22 03:40 - 2017-05-15 23:02 - 000418936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-08-22 03:40 - 2017-05-15 22:57 - 000044190 _____ C:\Windows\system32\nvinfo.pb
2017-08-22 02:10 - 2017-05-15 23:02 - 006463424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 002479224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 001762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 000392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-08-22 02:10 - 2017-05-15 23:02 - 000069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-08-21 21:09 - 2017-05-16 14:38 - 000000000 ____D C:\ProgramData\Skype
2017-08-19 10:10 - 2017-05-15 23:02 - 008142301 _____ C:\Windows\system32\nvcoproc.bin
2017-08-18 07:32 - 2017-05-16 15:04 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-08-18 07:32 - 2017-05-16 15:04 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
 
==================== Files in the root of some directories =======
 
2017-08-29 15:19 - 2017-09-07 00:48 - 000007613 _____ () C:\Users\Edza\AppData\Local\Resmon.ResmonCfg
2017-05-16 14:21 - 2017-05-16 14:21 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-08-02 00:45 - 2017-08-02 00:45 - 000857088 _____ () C:\Users\Edza\AppData\Local\Temp\architecture.exe
2017-05-29 17:04 - 2017-05-29 17:04 - 000008720 _____ () C:\Users\Edza\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-09-09 13:46 - 2010-11-21 06:23 - 001731936 _____ (Microsoft Corporation) C:\Users\Edza\AppData\Local\Temp\dllnt_dump.dll
2017-09-06 16:00 - 2016-11-14 12:45 - 000834104 _____ (NVIDIA Corporation) C:\Users\Edza\AppData\Local\Temp\nvStInst.exe
2015-07-31 16:51 - 2015-07-31 16:51 - 000202928 ____R (Microsoft Corporation) C:\Users\Edza\AppData\Local\Temp\ose00000.exe
2017-08-02 04:21 - 2017-08-02 04:21 - 000905611 _____ (Microsoft Security                                          ) C:\Users\Edza\AppData\Local\Temp\persistense32.exe
2017-08-02 04:22 - 2017-08-02 04:22 - 000901967 _____ (Microsoft Security                                          ) C:\Users\Edza\AppData\Local\Temp\persistense64.exe
2017-08-21 21:06 - 2017-08-21 21:06 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Edza\AppData\Local\Temp\SkypeSetup.exe
2017-05-15 23:41 - 2017-05-15 23:41 - 006030288 _____ (Innovative Solutions                                        ) C:\Users\Edza\AppData\Local\Temp\tmp-drivermax4189563.exe
2017-08-28 18:06 - 2017-08-28 17:58 - 000193011 _____ () C:\Users\Edza\AppData\Local\Temp\Uninstall.exe
2017-05-16 14:36 - 2017-05-16 14:36 - 014456872 _____ (Microsoft Corporation) C:\Users\Edza\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-22 10:22
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Edza (09-09-2017 19:58:40)
Running from C:\Users\Edza\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-05-15 19:47:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1235451165-3031807778-106306492-500 - Administrator - Disabled)
Edza (S-1-5-21-1235451165-3031807778-106306492-1000 - Administrator - Enabled) => C:\Users\Edza
Guest (S-1-5-21-1235451165-3031807778-106306492-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe After Effects CC 2017 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F2}) (Version: 14.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
Farming Simulator 17 v.1.2.1.0 (HKLM-x32\...\Farming Simulator 17_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.47.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.47.0000 - GIGABYTE Technology Co.,Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\GTA San Andreas_is1) (Version:  - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kerbal Space Program version 1.3.0 (HKLM-x32\...\{33052EB8-C4DB-4ECA-AD13-7D50E3999E02}_is1) (Version: 1.3.0 - )
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MTA:SA v1.5.4 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.4 - Multi Theft Auto)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outlast (HKLM-x32\...\Outlast_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8045 - Realtek Semiconductor Corp.)
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.15.0.17 - GOG.com)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Windows Driver Package - AMD (amdkmpfd) System  (12/09/2016 16.60.0.0000) (HKLM\...\D2BE684635541753B7ADEB903A532F1A701A5CB7) (Version: 12/09/2016 16.60.0.0000 - AMD)
Windows Driver Package - ATK (MTsensor) System  (05/05/2009 1043.6.0.0) (HKLM\...\A1CE88ECEE452DF2F78DB201E0D9BED96DD08791) (Version: 05/05/2009 1043.6.0.0 - ATK)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\168A519C3E7721ED8CB11C23826D1F5686653733) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Logitech (LHidFilt) Mouse  (06/09/2015 5.90.38) (HKLM\...\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LUsbFilt) HIDClass  (06/09/2015 5.90.38) (HKLM\...\509216C30E3CB187CAF035C305FE09C148B2FCBC) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech DriverInterface  (06/09/2015 5.90.38) (HKLM\...\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - NVIDIA (nvvad_WaveExtensible) MEDIA  (04/05/2017 3.70.2) (HKLM\...\31548E2999ED270B8AB52AF386F2CB12DC2AD878) (Version: 04/05/2017 3.70.2 - NVIDIA)
Windows Driver Package - Qualcomm Atheros (L1C) Net  (01/29/2016 2.1.0.25) (HKLM\...\AD2D37471D7C4AB3F71443E12F84D998444AEB5E) (Version: 01/29/2016 2.1.0.25 - Qualcomm Atheros)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (08/24/2016 2.12.4.0) (HKLM\...\20A343331E4A2AE70DEC0500F4F54CD5DD520E54) (Version: 08/24/2016 2.12.4.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (02/16/2012 2.9.317.0215) (HKLM\...\E0CAD92FE250FCC14EC93AC25546B3C462D94B71) (Version: 02/16/2012 2.9.317.0215 - SAMSUNG Electronics Co., Ltd. )
World of Tanks (HKU\S-1-5-21-1235451165-3031807778-106306492-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B7F2FF5-FFB3-48CA-B92D-14563D19320E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {1C9CA889-137C-45F9-B8A8-81694077FDD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {25BA7B66-17B3-4317-9E4C-96175B4EFEC4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {30B922D0-7C97-42A6-8467-5C4A78D71581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
Task: {50C56A2C-FCC3-4AC6-BC90-465DDB3C6088} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {5DC7DFB4-A1AB-4EE1-A6FA-49611151DA4A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {7149303A-DDF5-4810-9EED-D14F574B1483} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {79541A0B-F8AC-4A77-A8CB-1233796C70FD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {820A4F90-8C25-4C4E-A07E-19AF53D8D254} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {9FAE2CB0-AB99-46F2-982E-2A9BE63585E3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {AD2C7F81-1BC4-436C-B4D4-163714EDA5AE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {C50955EE-2BF8-42B0-8D40-A8EC90ED2EC9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {DB4C680A-EBF3-4E06-A61A-D157F48C66D9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {F27239A5-8BAC-416B-89FC-2D9050EB740A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-23] (Adobe Systems Incorporated)
Task: {F8E99383-518B-4C39-B24C-6E937476BAE9} - System32\Tasks\Driver Booster SkipUAC (Edza) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
Task: {F99B947F-0F9E-406A-B4BC-FCAB40E07AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-15 23:02 - 2017-08-22 02:10 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-07-31 09:59 - 2015-07-31 09:59 - 008901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-29 03:43 - 2017-08-29 03:43 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-08-28 23:07 - 2017-08-23 11:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 23:07 - 2017-08-23 11:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-09 19:16 - 2013-09-10 12:12 - 001913120 _____ () C:\Users\Edza\Desktop\Sony Vegas 12\App\Sony\Vegas Pro 12.0\OpenColorIO.dll
2017-09-09 19:16 - 2013-09-10 12:11 - 000058656 _____ () C:\Users\Edza\Desktop\Sony Vegas 12\App\Sony\Vegas Pro 12.0\FileIOProxyStubx64.dll
2017-09-09 19:16 - 2013-09-10 12:11 - 012440864 _____ () C:\Users\Edza\Desktop\Sony Vegas 12\App\Sony\Vegas Pro 12.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Win64\Vfx1.ofx
2017-07-24 15:57 - 2017-07-24 15:57 - 001991640 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2015-07-31 09:57 - 2015-07-31 09:57 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-09-06 15:53 - 2017-08-18 07:32 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-15 23:56 - 2017-08-05 00:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-05-15 23:56 - 2016-09-01 04:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-05-15 23:56 - 2016-09-01 04:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-05-15 23:56 - 2016-09-01 04:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-05-15 23:56 - 2017-09-07 07:51 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2017-05-15 23:56 - 2016-01-27 10:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-05-15 23:56 - 2016-01-27 10:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-05-15 23:56 - 2016-01-27 10:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-05-15 23:56 - 2016-01-27 10:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-05-15 23:56 - 2016-01-27 10:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-05-15 23:56 - 2017-09-07 07:51 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-05-15 23:56 - 2016-07-05 01:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-05-15 23:57 - 2017-07-18 01:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 15:09 - 2017-05-17 04:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-05-15 23:56 - 2015-09-25 02:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-09 19:19 - 2017-09-09 19:19 - 000011264 _____ () C:\Users\Edza\AppData\Local\Temp\nsb5B5F.tmp\System.dll
2017-09-09 19:19 - 2017-09-09 19:19 - 000029696 _____ () C:\Users\Edza\AppData\Local\Temp\nsb5B5F.tmp\registry.dll
2017-09-09 19:19 - 2017-09-09 19:19 - 000008704 _____ () C:\Users\Edza\AppData\Local\Temp\nsb5B5F.tmp\newadvsplash.dll
2017-09-09 19:16 - 2013-09-10 12:11 - 000047392 _____ () C:\Users\Edza\Desktop\Sony Vegas 12\App\Sony\Vegas Pro 12.0\x86\FileIOProxyStubx86.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2017-09-08 20:58 - 000001131 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1    www.techsmith.com
127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1235451165-3031807778-106306492-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Edza\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{41E1645F-2046-42FB-8F82-64EBDE0353A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B3BA01B0-1582-4FFE-9697-E0BDA5408A0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1BA94A24-6107-424E-81F6-34A895022177}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FB9BFC99-8D47-4251-B495-8BA5EC175574}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4E6E4E4A-3433-4996-A9FE-7137F373D5EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C2148CD9-3349-4D5A-AAC8-88050083DB8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6B93F093-3A54-4A65-867C-6211113A212A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{86067D3D-F271-4C73-AE2F-2A8086B3C1EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{3B104D0C-57F2-4D94-BE88-F0C80854B346}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{98CA230A-6D2D-41C2-9A23-AFC013064334}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5FC8F561-F096-40BD-9CD6-246363B15C24}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FD594C1-7D5B-4DA0-B1E5-F9DBBBA0A8E3}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{60FFA0D9-599F-4C82-BAA9-62CC529441EC}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAB1677E-7B04-4534-B894-33B131E12F73}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2F63D0B8-0CDE-4861-AE7A-6984F1901A32}] => (Allow) C:\Users\Edza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{3088C21A-3BB0-462E-8563-5405D1F77183}C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe] => (Allow) C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe
FirewallRules: [UDP Query User{0A2C9D32-6183-485C-800E-A40C37F95278}C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe] => (Allow) C:\users\edza\appdata\roaming\.simplemc\java\java\bin\javaw.exe
FirewallRules: [{992C5402-3DDF-4175-A7B5-DE96E4160120}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{5D014A06-808E-4A84-B9A9-3F47671F4B24}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0D998650-6AC2-48B7-8BCC-307AE9B84060}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{39D7092A-761A-4444-8484-10F22D923FFB}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [TCP Query User{40B859C4-BDC9-4B1F-9053-94F50AB1D202}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{BB4D8A5C-0938-498E-9822-CD8F004A6B92}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{A56A19FE-9A8E-41D4-8334-E5DE51C4FFB0}C:\program files\java\jre1.8.0_131\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\java.exe
FirewallRules: [UDP Query User{048484AA-B05A-494B-955E-8D9EF57721BF}C:\program files\java\jre1.8.0_131\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\java.exe
FirewallRules: [{CC91B185-BCCE-4768-A278-24DA641C383D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E18AD3EB-96BE-4D61-A7CF-B6725C8C324D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{CDAD2452-E975-404C-B3B7-B58FDCDE314C}C:\program files (x86)\spintires v.03.03.16\spintires.exe] => (Allow) C:\program files (x86)\spintires v.03.03.16\spintires.exe
FirewallRules: [UDP Query User{5B5BD3CF-F86B-410B-AF47-3481AEC543E0}C:\program files (x86)\spintires v.03.03.16\spintires.exe] => (Allow) C:\program files (x86)\spintires v.03.03.16\spintires.exe
FirewallRules: [TCP Query User{CCA033AC-CB17-4E38-A602-6059B966755C}C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe] => (Allow) C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe
FirewallRules: [UDP Query User{CC022590-D948-4ED7-A67F-74222FD2568E}C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe] => (Allow) C:\users\edza\desktop\my summer car v08.11.2016\mysummercar.exe
FirewallRules: [TCP Query User{6808A32B-0B1D-4FBB-8B5D-8DA12E73E786}C:\users\edza\desktop\7daystodie32rus\7daystodie.exe] => (Allow) C:\users\edza\desktop\7daystodie32rus\7daystodie.exe
FirewallRules: [UDP Query User{F60536EE-3515-4769-A332-F058807254DB}C:\users\edza\desktop\7daystodie32rus\7daystodie.exe] => (Allow) C:\users\edza\desktop\7daystodie32rus\7daystodie.exe
FirewallRules: [TCP Query User{89BCA63E-EC49-4E99-A6F5-15A6126BEDFC}C:\games\terraria\terrariaserver.exe] => (Allow) C:\games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{72F263B9-B1D4-4600-A1B2-2FED0304578B}C:\games\terraria\terrariaserver.exe] => (Allow) C:\games\terraria\terrariaserver.exe
FirewallRules: [{704CE559-8340-4B07-BDDF-DCE8998D68FE}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{39A96B7B-0DDF-4DEB-956F-116883354929}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{EC2436ED-0E25-4A78-8690-4C350590EA3F}C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe] => (Allow) C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe
FirewallRules: [UDP Query User{847F608B-DC8F-4992-9C02-28EFD3F2D124}C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe] => (Allow) C:\users\edza\desktop\terraria modded 1.3.4.4\tmodloaderserver.exe
FirewallRules: [TCP Query User{BA17F3D4-75F1-4AAF-B960-A0A4F70AB69A}C:\program files (x86)\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{8DE53C9B-3B0F-489C-AD69-C6CC9A3DEA24}C:\program files (x86)\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\7 days to die\7daystodie.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{5674009A-0E3F-474A-86DE-F2B267CF392D}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{0546430F-5EA0-447B-9534-90476CCDA306}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{7D9F564F-928D-4E62-85E2-7038E2C86AC4}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{EF77FBE8-037E-4B94-8CFE-8EEDB159071E}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [TCP Query User{6F8A603B-7AE9-4F23-88F2-FC3BC507EF3F}D:\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) D:\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [UDP Query User{4B4A4FD3-4E6E-4C21-9E5E-B020E4FE97EC}D:\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) D:\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [{3684D3D2-D7DE-492E-9FE0-8546B579716B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EC14C870-6B9E-4853-BD3C-102C48DED9EB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EC3DB368-089B-4973-B194-DB4E4B2263D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{3835DD9F-EF35-4780-A1C2-A03566022AC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{9DEA7C45-DD6B-464E-9167-F0CBE0B430D5}C:\games\event[0]\event0.exe] => (Allow) C:\games\event[0]\event0.exe
FirewallRules: [UDP Query User{043AD836-45A3-41B7-8CA8-13FA6D795604}C:\games\event[0]\event0.exe] => (Allow) C:\games\event[0]\event0.exe
FirewallRules: [{AE878070-6F7B-4824-A687-180DD5C0CA01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{106996B2-7365-48A1-BE01-2EF863EA0735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B26503E8-1CC2-414B-9FFC-A041B44D373C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{09E5F189-97CC-4428-9ECE-A3D01142AD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{08655C8B-D763-46DC-8796-6B7D1510DBD2}C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe] => (Allow) C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe
FirewallRules: [UDP Query User{82B6C1FD-F06F-43DC-A919-D3996BE31830}C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe] => (Allow) C:\users\edza\desktop\terraria\terraria 1.3.4.4\terrariaserver.exe
FirewallRules: [TCP Query User{4338E0E0-B751-4780-AA73-C9CBB65AB237}C:\games\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) C:\games\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [UDP Query User{FD0A8562-5D29-4702-BCD5-AA117055B68A}C:\games\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) C:\games\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [{2E7867E6-43F4-4939-B81E-F7D1268AA1A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D75CFF32-F5E4-4EF9-B4B3-C841BEB51E11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3E12A499-FA0B-409D-92BF-2483E2B0F362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{100E0106-D80C-4F43-B25C-93E9819D7661}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [UDP Query User{27272F82-CBEE-45F6-A09D-C2542078204E}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [TCP Query User{7DB9BDF0-32E3-4669-A37B-51FCAFF342D0}C:\users\edza\desktop\server\mta server.exe] => (Allow) C:\users\edza\desktop\server\mta server.exe
FirewallRules: [UDP Query User{F3CF3A43-3352-417F-A036-7E5DD4325C09}C:\users\edza\desktop\server\mta server.exe] => (Allow) C:\users\edza\desktop\server\mta server.exe
FirewallRules: [{57424FC9-9392-4EF4-8274-5C3E88EE5E28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C79F42E3-26CF-4EBF-BE38-4F15E91DDE43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D990E384-6DE9-4AEA-A517-B9BC345A926D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EF3CD52A-EA3F-48E5-BEAF-C18E7AC229EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D5056DC4-BAF0-4AEC-B0EB-44F69558FB23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4427DA44-72F3-47C5-A3C8-1F278D598E9A}C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe] => (Allow) C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe
FirewallRules: [UDP Query User{A471AD9E-A9E4-417B-8A33-A9510D4E6668}C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe] => (Allow) C:\program files (x86)\hinterland studio inc\thelongdark\tld.exe
FirewallRules: [TCP Query User{572A6D4B-97D1-48F9-806D-331D53E0F745}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0981C87D-83B2-401D-861B-C4917BF737B5}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe
FirewallRules: [{0DAFA16D-3B68-48B1-8EA2-55826B79A2F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{3C61D47F-D647-4DB2-BB48-E17E781EE265}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{D2115CD5-99B2-423E-8CDB-C5B9E0869505}C:\users\edza\desktop\subnautica\subnautica.exe] => (Allow) C:\users\edza\desktop\subnautica\subnautica.exe
FirewallRules: [UDP Query User{A9F33085-3F03-43C8-88D3-D02C87D98EF0}C:\users\edza\desktop\subnautica\subnautica.exe] => (Allow) C:\users\edza\desktop\subnautica\subnautica.exe
FirewallRules: [TCP Query User{96E5D6B6-3F09-4867-A938-F0661372A83E}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{8A65B19E-5E7C-4E20-B2A9-9F14BDF2F000}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{AD464782-DE06-4557-8E6D-FE4760E63E5E}C:\users\edza\desktop\terraria\terraria modded 1.3.4.4\tmodloaderserver.exe] => (Allow) C:\users\edza\desktop\terraria\terraria modded 1.3.4.4\tmodloaderserver.exe
FirewallRules: [UDP Query User{E552E113-B096-40E6-9753-5CEED5E0E896}C:\users\edza\desktop\terraria\terraria modded 1.3.4.4\tmodloaderserver.exe] => (Allow) C:\users\edza\desktop\terraria\terraria modded 1.3.4.4\tmodloaderserver.exe
FirewallRules: [TCP Query User{1C82EECE-C3CB-46C9-9E20-4D6CC412588A}C:\users\edza\desktop\7 days to die v14.7\7daystodie.exe] => (Allow) C:\users\edza\desktop\7 days to die v14.7\7daystodie.exe
FirewallRules: [UDP Query User{A6779D32-AE64-4172-A6AB-6C97E2F214BF}C:\users\edza\desktop\7 days to die v14.7\7daystodie.exe] => (Allow) C:\users\edza\desktop\7 days to die v14.7\7daystodie.exe
 
==================== Restore Points =========================
 
08-09-2017 20:42:32 Camtasia 9
08-09-2017 20:48:08 Camtasia 9
08-09-2017 21:00:41 Camtasia 9
08-09-2017 23:10:58 Camtasia 9
08-09-2017 23:26:32 Installed Camtasia Studio 7
09-09-2017 19:10:34 Removed Camtasia Studio 7
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2017 04:42:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program 7DaysToDie.exe version 5.3.5.8123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1690
 
Start Time: 01d32970d04024d3
 
Termination Time: 462
 
Application Path: C:\Users\Edza\Desktop\7 Days To Die v14.7\7DaysToDie.exe
 
Report Id: ac26c1c8-9564-11e7-8da4-14dae99adadb
 
Error: (09/09/2017 02:32:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/09/2017 01:43:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/08/2017 04:49:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/08/2017 04:21:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AfterFX.exe version 14.2.0.198 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17ec
 
Start Time: 01d328a492b9e6e5
 
Termination Time: 136
 
Application Path: C:\Program Files\Adobe\Adobe After Effects CC 2017\Support Files\AfterFX.exe
 
Report Id: 91bd1a6c-9498-11e7-b952-14dae99adadb
 
Error: (09/08/2017 01:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/07/2017 04:11:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERVD.exe, version: 0.0.0.0, time stamp: 0x59650efc
Faulting module name: ERVD.exe, version: 0.0.0.0, time stamp: 0x59650efc
Exception code: 0xc0000005
Fault offset: 0x0003e250
Faulting process id: 0x3744
Faulting application start time: 0x01d327daccec3862
Faulting application path: C:\Users\Edza\AppData\Roaming\hL140\ERVD.exe
Faulting module path: C:\Users\Edza\AppData\Roaming\hL140\ERVD.exe
Report Id: 0c43f11c-93ce-11e7-98f5-14dae99adadb
 
Error: (09/07/2017 03:10:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/06/2017 11:34:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/06/2017 06:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (09/09/2017 03:16:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/09/2017 03:16:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (09/09/2017 01:54:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout.
 
Error: (09/08/2017 04:48:32 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0xfffffa8601f6522a, 0x0000000000000002, 0x0000000000000000, 0xfffff80002edb537). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090817-32417-01.
 
Error: (09/08/2017 04:48:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:46:57 on ‎2017.‎09.‎08. was unexpected.
 
Error: (09/07/2017 03:08:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
The service has not been started.
 
Error: (09/06/2017 11:33:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0xfffffa8600563c8a, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ed597f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090617-36395-01.
 
Error: (09/06/2017 11:32:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:31:54 on ‎2017.‎09.‎06. was unexpected.
 
Error: (09/06/2017 11:22:25 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (09/06/2017 06:47:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0xfffffa86009e068a, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ecd97f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090617-29702-01.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-09 14:30:33.585
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-09 14:30:33.585
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-09 14:30:33.585
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-09 14:30:33.585
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-09 13:41:43.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-09 13:41:43.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-09 13:41:43.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-09 13:41:43.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-08 16:48:15.833
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-09-08 16:48:15.833
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5472 @ 3.00GHz
Percentage of memory in use: 71%
Total physical RAM: 4095.12 MB
Available physical RAM: 1167.57 MB
Total Virtual: 8188.43 MB
Available Virtual: 3735.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:345.48 GB) (Free:34.41 GB) NTFS
Drive d: (data) (Fixed) (Total:585.94 GB) (Free:472.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 15581557)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=345.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 09 September 2017 - 01:16 PM

Looks like there are only 2 remnants left to remove :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 KaiminsLV

KaiminsLV
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 10 September 2017 - 03:33 AM

Fixlist Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2017
Ran by Edza (10-09-2017 11:21:26) Run:1
Running from C:\Users\Edza\Desktop
Loaded Profiles: Edza (Available Profiles: Edza)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
Task: {1B7F2FF5-FFB3-48CA-B92D-14563D19320E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
 
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
 
C:\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19
C:\Users\Edza\AppData\Roaming\hL140
C:\Users\Edza\AppData\Roaming\SystemLocal63
C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19
 
Folder: C:\FRST\Quarantine
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B7F2FF5-FFB3-48CA-B92D-14563D19320E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B7F2FF5-FFB3-48CA-B92D-14563D19320E} => key removed successfully
C:\Windows\System32\Tasks\KMSAutoNet => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => key removed successfully
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully.
C:\ProgramData\MTA San Andreas All => ":NT2" ADS removed successfully.
C:\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19 => moved successfully
C:\Users\Edza\AppData\Roaming\hL140 => moved successfully
C:\Users\Edza\AppData\Roaming\SystemLocal63 => moved successfully
C:\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19 => moved successfully
 
========================= Folder: C:\FRST\Quarantine ========================
 
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C\USERS
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING
2017-08-23 18:48 - 2017-08-23 18:48 - 000000000 ___HD () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19
2017-08-23 18:48 - 2017-08-23 18:48 - 004383272 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82ce02
2017-08-23 18:48 - 2017-08-23 18:48 - 000324608 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\UpdateWin.exe
2017-08-23 18:48 - 2017-08-23 18:48 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff
2015-08-16 18:08 - 2015-08-16 18:08 - 000518144 _____ (cURL, http://curl.haxx.se/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\curl.exe
2016-12-16 14:09 - 2016-12-16 14:09 - 003491208 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\geoip
2016-12-16 14:09 - 2016-12-16 14:09 - 001738513 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\geoip6
2016-11-22 02:52 - 2016-11-22 02:52 - 001990144 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\libeay32.dll
2000-01-01 06:00 - 2000-01-01 06:00 - 000417759 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\libevent_core-2-0-5.dll
2000-01-01 06:00 - 2000-01-01 06:00 - 000411369 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\libevent_extra-2-0-5.dll
2000-01-01 06:00 - 2000-01-01 06:00 - 000719217 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\libevent-2-0-5.dll
2000-01-01 06:00 - 2000-01-01 06:00 - 000523262 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\libgcc_s_sjlj-1.dll
2000-01-01 06:00 - 2000-01-01 06:00 - 000829335 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\libgmp-10.dll
2000-01-01 06:00 - 2000-01-01 06:00 - 000092599 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\libssp-0.dll
2017-07-06 12:32 - 2017-07-06 12:32 - 000000332 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\options
2016-11-22 02:52 - 2016-11-22 02:52 - 000400384 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\ssleay32.dll
2016-12-16 14:09 - 2016-12-16 14:09 - 002967040 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\svchost.exe
2017-03-08 19:16 - 2017-03-08 19:16 - 000000271 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\torrc
2017-03-07 02:38 - 2017-03-07 02:38 - 000000402 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\torrc-defaults
2000-01-01 06:00 - 2000-01-01 06:00 - 000107520 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\COMPMICROSOFT19\db82cdff\zlib1.dll
2017-09-07 23:10 - 2017-09-09 01:49 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140
2017-09-07 23:10 - 2017-09-09 01:49 - 004948480 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\ERVD.exe
2017-09-07 23:10 - 2017-09-09 13:42 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\cEoHRB
2017-09-07 23:10 - 2017-09-09 13:42 - 000000355 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\cEoHRB\0YCihB
2017-09-07 23:10 - 2017-09-09 13:42 - 000000041 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\cEoHRB\DVRElN
2017-09-07 23:10 - 2017-09-09 13:42 - 000000239 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\cEoHRB\ERVDmQN
2017-09-07 23:10 - 2017-09-09 13:42 - 000000002 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\cEoHRB\mQNlE
2017-09-07 23:10 - 2017-09-09 13:42 - 000000004 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\cEoHRB\VDE
2017-09-07 23:10 - 2017-09-09 14:29 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml
2017-09-08 16:49 - 2017-09-09 01:49 - 000000002 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm03.pk_rep
2017-09-07 23:10 - 2017-09-07 23:10 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\armr_3
2017-09-07 23:10 - 2017-09-07 23:10 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\bd_1
2017-09-07 23:10 - 2017-09-07 23:10 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\nirl_23
2017-09-07 23:10 - 2017-09-07 23:10 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\pd_6
2017-09-07 23:10 - 2017-09-07 23:10 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2
2014-09-06 12:36 - 2014-09-06 12:36 - 000256840 _____ (NVIDIA Corporation) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\cudart32_65.dll
2015-07-15 16:10 - 2015-07-15 16:10 - 000071699 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\Data.bin
2014-10-22 21:04 - 2014-10-22 21:04 - 000421200 _____ (Microsoft Corporation) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\msvcp100.dll
2014-09-24 17:48 - 2014-09-24 17:48 - 000661456 _____ (Microsoft Corporation) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\msvcp110.dll
2014-10-22 21:04 - 2014-10-22 21:04 - 000773968 _____ (Microsoft Corporation) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\msvcr100.dll
2012-11-05 22:26 - 2012-11-05 22:26 - 000849360 _____ (Microsoft Corporation) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\msvcr110.dll
2017-01-05 10:08 - 2017-01-05 10:08 - 000000076 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\options
2012-05-27 02:36 - 2012-05-27 02:36 - 000055808 _____ (Open Source Software community LGPL) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\pthreadVC2.dll
2014-09-26 10:36 - 2014-09-26 10:36 - 010875904 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xg_2\xnv.exe
2017-09-07 23:10 - 2017-09-07 23:10 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3
2017-03-04 19:44 - 2017-03-04 19:44 - 002420736 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\aes-avx.exe
2017-03-04 19:43 - 2017-03-04 19:43 - 002448384 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\aes-avx2.exe
2017-03-04 19:44 - 2017-03-04 19:44 - 002452480 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\aes-sse42.exe
2012-06-06 23:19 - 2012-06-06 23:19 - 001723196 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libcrypto.dll
2015-04-07 21:11 - 2015-04-07 21:11 - 001518592 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libcrypto-1.0.0.dll
2015-03-09 02:02 - 2015-03-09 02:02 - 000361654 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libcurl-4.dll
2011-09-15 08:52 - 2011-09-15 08:52 - 000118784 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libgcc_s_dw2-1.dll
2015-03-09 02:35 - 2015-03-09 02:35 - 000077475 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libgcc_s_seh-1.dll
2015-03-09 01:58 - 2015-03-09 01:58 - 000444399 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libgmp-10.dll
2015-03-09 01:58 - 2015-03-09 01:58 - 000032923 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libgmpxx-4.dll
2015-03-09 02:59 - 2015-03-09 02:59 - 000071103 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libjansson-4.dll
2015-03-09 04:06 - 2015-03-09 04:06 - 000062481 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libjson-c-2.dll
2011-06-06 09:37 - 2011-06-06 09:37 - 000077892 _____ (Carnegie Mellon University) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libsasl.dll
2015-03-09 02:59 - 2015-03-09 02:59 - 000026459 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libsigc-2.0-0.dll
2012-06-06 23:19 - 2012-06-06 23:19 - 000378238 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libssl.dll
2015-04-07 21:11 - 2015-04-07 21:11 - 000358400 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libssl-1.0.0.dll
2015-03-09 02:35 - 2015-03-09 02:35 - 000930660 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libstdc++-6.dll
2015-03-09 01:50 - 2015-03-09 01:50 - 000091495 _____ (MingW-W64 Project. All rights reserved.) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libwinpthread-1.dll
2015-03-09 01:52 - 2015-03-09 01:52 - 000108544 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\libz-1.dll
2017-05-19 18:32 - 2017-05-19 18:32 - 000000077 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\options
2017-03-04 19:46 - 2017-03-04 19:46 - 002411008 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\sse2.exe
2017-03-04 19:45 - 2017-03-04 19:45 - 002409984 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\lYfRRml\xm_3\sse42.exe
2017-09-07 23:10 - 2017-09-09 13:42 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT
2017-09-07 23:10 - 2017-09-07 23:10 - 000018574 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\cached-certs
2017-09-07 23:10 - 2017-09-09 13:42 - 002145048 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\cached-microdesc-consensus
2017-09-08 00:10 - 2017-09-08 00:10 - 003720560 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\cached-microdescs
2017-09-07 23:10 - 2017-09-09 13:42 - 001068941 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\cached-microdescs.new
2015-08-16 15:08 - 2015-08-16 15:08 - 000518144 _____ (cURL, http://curl.haxx.se/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\curl.exe
2016-12-16 11:09 - 2016-12-16 11:09 - 003491208 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\geoip
2016-12-16 11:09 - 2016-12-16 11:09 - 001738513 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\geoip6
2016-11-21 23:52 - 2016-11-21 23:52 - 001990144 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\libeay32.dll
2000-01-01 03:00 - 2000-01-01 03:00 - 000417759 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\libevent_core-2-0-5.dll
2000-01-01 03:00 - 2000-01-01 03:00 - 000411369 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\libevent_extra-2-0-5.dll
2000-01-01 03:00 - 2000-01-01 03:00 - 000719217 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\libevent-2-0-5.dll
2000-01-01 03:00 - 2000-01-01 03:00 - 000523262 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\libgcc_s_sjlj-1.dll
2000-01-01 03:00 - 2000-01-01 03:00 - 000829335 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\libgmp-10.dll
2000-01-01 03:00 - 2000-01-01 03:00 - 000092599 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\libssp-0.dll
2017-09-07 23:10 - 2017-09-09 13:42 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\lock
2017-03-01 23:49 - 2017-03-01 23:49 - 000000447 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\options
2016-11-21 23:52 - 2016-11-21 23:52 - 000400384 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\ssleay32.dll
2017-09-07 23:10 - 2017-09-09 13:42 - 000001324 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\state
2016-12-16 11:09 - 2016-12-16 11:09 - 002967040 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\svchost.exe
2017-03-08 16:16 - 2017-03-08 16:16 - 000000271 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\torrc
2017-03-06 23:38 - 2017-03-06 23:38 - 000000402 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\torrc-defaults
2000-01-01 03:00 - 2000-01-01 03:00 - 000107520 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\hL140\vML0iiT\zlib1.dll
2017-08-27 14:41 - 2017-09-09 14:29 - 000000000 ___HD () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\db82cdf1
2017-09-02 14:24 - 2017-09-09 14:29 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\db82cdf1\crash-reporter
2017-09-02 14:24 - 2017-09-02 14:24 - 000000004 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\db82cdf1\crash-reporter\__version__
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\db82cdf1\mb4
2017-09-02 14:24 - 2017-09-02 14:24 - 004635269 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\db82cdf1\mb4\__init__
2017-09-02 14:24 - 2017-09-02 14:24 - 000000004 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\db82cdf1\mb4\__version__
2017-07-11 20:46 - 2017-07-11 20:46 - 004948480 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\db82cdf1\mb4\1.exe
2017-09-02 14:24 - 2017-09-09 14:29 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea
2017-05-03 20:09 - 2017-05-03 20:09 - 000011264 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\adfw.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000014848 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\adfw-2.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000106496 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\cnli-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000100864 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\cnli-1.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000015360 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\coli-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000017408 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\crli-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000035328 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\dmgd-1.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000479744 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\dmgd-4.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000005349 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Doublepulsar-1.3.1.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000013824 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\esco-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000069120 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Esteemaudit-2.1.0.exe
2017-05-03 20:09 - 2017-05-03 20:09 - 000000987 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Esteemaudit-2.1.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000047529 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Esteemaudit-2.1.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000000246 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Esteemaudittouch-2.1.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000002341 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Esteemaudittouch-2.1.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000179200 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\etchCore-0.x64.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000142848 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\etchCore-0.x86.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000128512 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\eteb-2.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000141824 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\etebCore-2.x64.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000112640 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\etebCore-2.x86.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000000503 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Eternalblue-2.2.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000007649 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Eternalblue-2.2.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000001118 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Eternalchampion-2.0.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000011910 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\Eternalchampion-2.0.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000022016 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\iconv.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000903168 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\libeay32.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000970393 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\libiconv-2.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000032768 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\pcrecpp-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000009728 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\pcreposix-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000006656 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\posh.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000011264 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\posh-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000016384 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\riar.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000184320 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\ssleay32.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000085504 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\x64.dll
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\dlls
2017-05-12 06:13 - 2017-05-12 06:13 - 000005120 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\dlls\64.dll
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\ea\logs
2017-09-02 14:24 - 2017-09-04 20:30 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\backup_urls_cl
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\backup_urls_cl__0
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\backup_urls_cl__1
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\backup_urls_cl__2
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\http___188.120.230.34_media_assets_e1.zip
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\http___188.120.230.34_signin_db82cdf0_
2017-09-04 20:30 - 2017-09-04 20:30 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\http___188.120.230.34_signin_password_gate__id=db82cdf0
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\http___ip-api.com_json
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\http___whatami.chickenkiller.com_media_modules_1.zip
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\http___whatami.chickenkiller.com_media_modules_reporter_X4MKmAe.zip
2017-09-02 20:24 - 2017-09-02 20:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\http___whatami.chickenkiller.com_signin_db82cdf0_
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\last_passwords
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\last_public_key_verified_pem
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\last_timestamp_signed_in
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\last_verified_command
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\next_timestamp_sign_in
2017-09-02 14:24 - 2017-09-02 14:24 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\LTDTEMP19\locks\signIn
2002-01-01 05:02 - 2017-09-09 14:29 - 000000000 ___HD () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\db82cdee
2017-09-07 00:33 - 2017-09-09 14:29 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\db82cdee\crash-reporter
2017-09-07 00:33 - 2017-09-07 00:33 - 000000004 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\db82cdee\crash-reporter\__version__
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\db82cdee\mb4
2017-09-07 00:33 - 2017-09-07 00:33 - 004635269 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\db82cdee\mb4\__init__
2017-09-07 00:33 - 2017-09-07 00:33 - 000000004 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\db82cdee\mb4\__version__
2017-07-11 20:46 - 2017-07-11 20:46 - 004948480 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\db82cdee\mb4\1.exe
2017-09-07 00:33 - 2017-09-09 14:29 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea
2017-05-03 20:09 - 2017-05-03 20:09 - 000011264 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\adfw.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000014848 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\adfw-2.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000106496 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\cnli-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000100864 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\cnli-1.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000015360 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\coli-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000017408 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\crli-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000035328 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\dmgd-1.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000479744 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\dmgd-4.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000005349 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Doublepulsar-1.3.1.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000013824 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\esco-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000069120 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Esteemaudit-2.1.0.exe
2017-05-03 20:09 - 2017-05-03 20:09 - 000000987 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Esteemaudit-2.1.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000047529 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Esteemaudit-2.1.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000000246 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Esteemaudittouch-2.1.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000002341 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Esteemaudittouch-2.1.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000179200 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\etchCore-0.x64.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000142848 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\etchCore-0.x86.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000128512 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\eteb-2.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000141824 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\etebCore-2.x64.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000112640 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\etebCore-2.x86.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000000503 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Eternalblue-2.2.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000007649 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Eternalblue-2.2.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000001118 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Eternalchampion-2.0.0.fb
2017-05-03 20:09 - 2017-05-03 20:09 - 000011910 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\Eternalchampion-2.0.0.xml
2017-05-03 20:09 - 2017-05-03 20:09 - 000022016 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\iconv.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000903168 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\libeay32.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000970393 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\libiconv-2.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000032768 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\pcrecpp-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000009728 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\pcreposix-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000006656 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\posh.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000011264 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\posh-0.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000016384 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\riar.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000184320 _____ (The OpenSSL Project, http://www.openssl.org/) C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\ssleay32.dll
2017-05-03 20:09 - 2017-05-03 20:09 - 000085504 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\x64.dll
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\dlls
2017-05-12 06:13 - 2017-05-12 06:13 - 000005120 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\dlls\64.dll
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\ea\logs
2017-09-07 00:33 - 2017-09-07 18:10 - 000000000 ____D () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\backup_urls_cl
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\backup_urls_cl__0
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\backup_urls_cl__1
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\backup_urls_cl__2
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___188.120.230.34_media_assets_e1.zip
2017-09-07 16:11 - 2017-09-07 16:11 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___188.120.230.34_signin_db82cded_
2017-09-07 18:10 - 2017-09-07 18:10 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___188.120.230.34_signin_password_gate__id=db82cded
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___ip-api.com_json
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___whatami.chickenkiller.com_media_modules_1.zip
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___whatami.chickenkiller.com_media_modules_reporter_X4MKmAe.zip
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___whatami.chickenkiller.com_signin_db82cded_
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\http___whatami.chickenkiller.com_signin_password_gate__id=db82cded
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\last_passwords
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\last_public_key_verified_pem
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\last_timestamp_signed_in
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\last_verified_command
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\next_timestamp_sign_in
2017-09-07 00:33 - 2017-09-07 00:33 - 000000000 _____ () C:\FRST\Quarantine\C\USERS\EDZA\APPDATA\ROAMING\SystemLocal63\locks\signIn
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C\Windows
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C\Windows\System32
2017-09-10 11:21 - 2017-09-10 11:21 - 000000000 ____D () C:\FRST\Quarantine\C\Windows\System32\Tasks
2017-06-07 13:41 - 2017-06-07 13:41 - 000003734 _____ () C:\FRST\Quarantine\C\Windows\System32\Tasks\KMSAutoNet.xBAD
 
====== End of Folder: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68433732 B
Java, Flash, Steam htmlcache => 76552827 B
Windows/system/drivers => 64085453 B
Edge => 0 B
Chrome => 496799896 B
Firefox => 81185060 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 17855 B
systemprofile32 => 66392 B
LocalService => 132244 B
NetworkService => 0 B
Edza => 40896299689 B
 
RecycleBin => 16230906831 B
EmptyTemp: => 53.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:25:15 ====


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 10 September 2017 - 11:03 AM

Good :) Now let's run a new scan with FRST to see if these files and folders are back.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 13 September 2017 - 07:05 PM

Hi KaiminsLV,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 15 September 2017 - 10:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users