Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Critical Structure Corruption, Watchdog violation, System Thread Unhandle


  • Please log in to reply
8 replies to this topic

#1 Heather106

Heather106

  • Members
  • 15 posts
  • ONLINE
  •  
  • Local time:06:13 PM

Posted 12 April 2018 - 09:14 PM

I do not know the exact origin of what is affecting the pc only the bsod's that it is causing. I currently have only tried updating drivers, uninstalling certain programs, and installing avast and advanced systemcare. Besides that I had made two previous topics that I will link this one into later for them to be closed or seen. One in Pc errors, the other in Am I infected, and was asked to come here next. Through the advice of the volunteers I have tried and successfully used speccy, ccleaner, adwcleaner, and sysnativefilecollection. I was unable to use or run malwarebytes and esetsmartinsaller due to the pc currently only being able to turn on through safe mode. Now I have used FRST and will be copying the files to here now.

 

Thank you for your time and patience.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Raul (administrator) on SQUIRRELFISH (12-04-2018 20:47:27)
Running from F:\
Loaded Profiles: Raul (Available Profiles: Raul)
Platform: Windows 10 Home Single Language Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) F:\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [SERVICE] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Discord] => C:\Users\Raul\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Advanced SystemCare 11] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Spotify Web Helper] => C:\Users\Raul\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-04] (Spotify Ltd)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe --helperBridgeName={22016340-D362-4973-B65E-78C5AE867616} --lbsInstallerWorkflowID={E8C19CCB-FEFA-4FE5-9583 (the data entry has 177 more characters).
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [976896 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-10-03] ()
Startup: C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 b5
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{0184a88c-871f-4942-afe0-ffe156c8fda3}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{244d7b94-dd03-44b7-909c-5425ee4da650}: [DhcpNameServer] 8.8.4.4 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{9688eee9-c0c2-49c9-9685-c76f1ebb8e15}: [DhcpNameServer] 8.8.4.4 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{dda22f55-c0a4-41f6-b7a6-92c7d1f035af}: [DhcpNameServer] 172.16.3.19
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-04-04] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2018-01-10] (Perfect World Entertainment Inc)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-04] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Arc\plugins\flash\NPSWF32.dll [2018-01-10] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-30] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2018-01-10] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
CHR Extension: (Slides) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Destiny Item Manager Shortcut) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna [2018-02-03]
CHR Extension: (YouTube) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Avast SafePrice) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-30]
CHR Extension: (Sheets) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Word Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-30]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-03-09]
CHR Extension: (Avast Online Security) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-30]
CHR Extension: (Excel Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2016-05-29]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-09-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-26]
CHR Extension: (PowerPoint Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2015-09-02]
CHR Extension: (Office Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02]
CHR Extension: (Chrome Media Router) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-30]
CHR Profile: C:\Users\Raul\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2732871966-1470559089-260824378-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"pbbpquwj" => service could not be unlocked. <==== ATTENTION
 
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2018-01-10] (Perfect World Entertainment Inc)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2018-02-21] (EasyAntiCheat Ltd)
S4 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel® Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) [File not signed]
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [166152 2016-10-03] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-15] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154816 2018-01-20] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3024712 2018-01-20] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1453384 2018-03-25] (Overwolf LTD)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-02-04] ()
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-02] (AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-02] (AVAST Software)
S0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-02] (AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-02] (AVAST Software)
S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147224 2018-04-09] (AVAST Software)
S1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98792 2018-03-11] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2018-03-11] (Intel Corporation)
S3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [66440 2018-03-11] (Intel Corporation)
S3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31112 2018-03-11] (ASUS)
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-03-11] (REALiX™)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79528 2018-03-11] (Intel Corporation)
S3 m76usb; C:\WINDOWS\System32\drivers\m76usb.sys [563360 2015-06-03] (Ralink Technology Corp.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_f551aaf97b83a587\nvlddmkm.sys [17526688 2018-03-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-30] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-15] (NVIDIA Corporation)
S1 prilock; C:\WINDOWS\System32\drivers\prilock.sys [122776 2018-02-08] ()
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-30] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2018-03-11] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-10-07] (Wellbia.com Co., Ltd.)
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]
R5 pbbpquwj;  <==== ATTENTION: Locked Service
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-12 20:47 - 2018-04-12 20:47 - 000000000 ____D C:\FRST
2018-04-12 00:13 - 2018-04-12 00:13 - 000001922 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-12 00:13 - 2018-04-12 00:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-12 00:13 - 2018-04-12 00:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-12 00:13 - 2018-04-12 00:13 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-12 00:13 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-11 19:14 - 2018-04-11 19:14 - 000000000 ____D C:\Program Files (x86)\ESET
2018-04-11 18:32 - 2018-04-11 18:34 - 000000000 ____D C:\AdwCleaner
2018-04-11 18:30 - 2018-04-12 20:47 - 001493300 _____ C:\WINDOWS\ntbtlog.txt
2018-04-11 18:26 - 2018-04-11 18:26 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-04-11 18:26 - 2018-04-11 18:26 - 000000000 ____D C:\Program Files\CCleaner
2018-04-10 23:26 - 2018-04-10 23:26 - 000000000 ____D C:\Program Files\Speccy
2018-04-10 23:15 - 2018-04-10 23:15 - 002146423 _____ C:\Users\Raul\Documents\SysnativeFileCollectionApp.zip
2018-04-10 23:05 - 2018-04-10 23:09 - 000000000 ____D C:\Users\Raul\Documents\SysnativeFileCollectionApp
2018-04-10 23:00 - 2018-04-11 19:26 - 4192700319 _____ C:\WINDOWS\MEMORY.DMP
2018-04-09 11:57 - 2018-04-09 11:57 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-04-09 11:57 - 2018-04-09 11:57 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-04-09 11:54 - 2018-04-09 11:54 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-04-09 11:50 - 2018-04-09 11:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-09 11:50 - 2018-04-09 11:50 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-04-09 11:49 - 2018-04-09 11:48 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-09 11:49 - 2018-04-09 11:48 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000111352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-09 11:49 - 2018-04-09 11:47 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-09 11:49 - 2018-04-09 11:46 - 000227784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-04-09 11:29 - 2018-04-09 11:29 - 000003028 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Raul)
2018-04-04 04:31 - 2018-04-04 04:31 - 008224188 _____ C:\Users\Raul\Downloads\memtest86-usb.zip
2018-04-04 04:30 - 2018-04-04 04:30 - 005580769 _____ C:\Users\Raul\Downloads\memtest86-iso.zip
2018-04-04 04:21 - 2018-04-04 04:21 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-04-04 03:47 - 2018-04-06 09:23 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-04 03:47 - 2018-04-04 03:50 - 000002750 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-04-04 03:47 - 2018-04-04 03:47 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-04-04 03:47 - 2018-04-04 03:47 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-04-04 03:47 - 2018-04-04 03:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-04-04 03:47 - 2018-01-11 01:25 - 000041512 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2018-04-04 03:45 - 2018-04-04 03:45 - 013884872 _____ (Intel) C:\Users\Raul\Downloads\Intel Driver and Support Assistant Installer.exe
2018-04-04 03:41 - 2018-04-04 03:41 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:41 - 2018-04-04 03:41 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:41 - 2018-04-04 03:41 - 000001519 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-04-04 03:41 - 2018-04-04 03:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-04 03:41 - 2018-03-15 19:57 - 002480064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-04-04 03:41 - 2018-03-15 19:57 - 002137024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-04-04 03:41 - 2018-03-15 19:57 - 001310144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-04-04 03:40 - 2018-04-04 03:40 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-03-15 19:57 - 000189784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-04-04 03:40 - 2018-03-15 19:57 - 000152408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-04-04 03:40 - 2018-03-15 19:57 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-04-04 03:40 - 2018-03-15 17:40 - 005952640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 002589576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 001767816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000634256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-04-04 03:40 - 2018-03-15 17:39 - 008099202 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-04-04 03:39 - 2018-04-04 03:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-04-04 03:39 - 2018-03-15 19:57 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-04-04 03:37 - 2018-03-16 13:12 - 000997280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-04 03:37 - 2018-03-16 13:12 - 000949176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-04 03:37 - 2018-03-16 13:12 - 000625592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-04 03:37 - 2018-03-16 13:12 - 000515672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 040278616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 035189336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 004318464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 003719200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001985280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439124.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439124.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001138432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001066072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 019854816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 016496072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 013571008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 011131872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 001346128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 001153568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 000811992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 000650232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 012966216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 011000296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 004629824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 003937000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 001061168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-04 03:37 - 2018-03-15 19:57 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-04-04 03:37 - 2018-03-15 19:57 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-04-04 03:10 - 2018-04-04 03:16 - 464777024 _____ (NVIDIA Corporation) C:\Users\Raul\Downloads\391.24-notebook-win10-64bit-international-whql.exe
2018-04-04 02:52 - 2018-04-04 02:52 - 000000000 ____D C:\WINDOWS\Sun
2018-04-04 02:51 - 2018-04-04 02:51 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-04-04 02:51 - 2018-04-04 02:51 - 000000000 ____D C:\Users\Raul\AppData\Roaming\Sun
2018-04-04 02:51 - 2018-04-04 02:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-04 02:51 - 2018-04-04 02:51 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-30 22:57 - 2018-03-30 22:57 - 000000000 ____D C:\Program Files\Google
2018-03-30 18:30 - 2018-03-30 18:30 - 001026896 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-03-30 18:29 - 2018-03-30 18:29 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-03-30 18:23 - 2018-03-30 18:23 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-30 18:23 - 2018-03-30 18:23 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-30 18:06 - 2018-04-03 22:20 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-30 18:06 - 2018-03-30 18:09 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-12 20:45 - 2017-11-30 23:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-12 00:17 - 2016-03-07 14:28 - 000000000 ____D C:\Users\Raul\AppData\Local\CrashDumps
2018-04-11 19:27 - 2018-01-10 11:00 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-11 19:21 - 2017-07-11 00:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-11 19:20 - 2017-11-30 23:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-11 18:34 - 2018-03-02 02:29 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\IObit
2018-04-11 18:34 - 2018-03-02 02:28 - 000000000 ____D C:\Users\Raul\AppData\Roaming\IObit
2018-04-11 18:34 - 2018-03-02 02:28 - 000000000 ____D C:\ProgramData\IObit
2018-04-11 18:34 - 2018-03-02 02:28 - 000000000 ____D C:\Program Files (x86)\IObit
2018-04-11 18:29 - 2017-11-29 18:13 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-11 18:29 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-11 18:29 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-11 18:29 - 2015-09-05 03:26 - 000000000 ____D C:\Users\Raul\AppData\Roaming\uTorrent
2018-04-10 00:16 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-09 11:53 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-09 11:28 - 2016-07-12 15:43 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-04-09 11:27 - 2015-09-02 14:09 - 000000165 _____ C:\Users\Raul\AppData\Roaming\sp_data.sys
2018-04-09 11:26 - 2018-03-02 15:07 - 000852148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-09 11:23 - 2017-11-30 23:16 - 000000000 ____D C:\Users\Raul
2018-04-06 11:44 - 2015-09-02 14:40 - 000000000 ____D C:\Users\Raul\AppData\Roaming\Spotify
2018-04-06 09:29 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-06 09:28 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-06 09:20 - 2015-09-02 14:41 - 000000000 ____D C:\Users\Raul\AppData\Local\Spotify
2018-04-04 04:51 - 2018-03-11 23:37 - 000003260 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2018-04-04 04:51 - 2017-11-30 23:42 - 000003216 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-04-04 04:51 - 2017-07-11 00:02 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-04-04 04:44 - 2015-11-14 09:34 - 000000000 ____D C:\Users\Raul\AppData\Local\ElevatedDiagnostics
2018-04-04 04:21 - 2015-06-04 04:58 - 000000000 ____D C:\ProgramData\Intel
2018-04-04 04:13 - 2016-03-03 13:28 - 000000000 ____D C:\Users\Raul\AppData\Local\NVIDIA Corporation
2018-04-04 03:47 - 2014-12-03 23:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-04 03:46 - 2017-07-11 00:02 - 000000000 ____D C:\Program Files\Intel
2018-04-04 03:45 - 2015-09-02 14:08 - 000000000 ____D C:\Users\Raul\AppData\Local\NVIDIA
2018-04-04 03:41 - 2017-07-11 00:01 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-04 03:41 - 2017-07-11 00:01 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-04 03:41 - 2015-06-04 05:03 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-04 03:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Help
2018-04-04 03:40 - 2016-03-14 23:19 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-04 03:34 - 2016-03-14 16:51 - 000000000 ____D C:\Fraps
2018-04-04 02:52 - 2016-09-06 03:37 - 000000000 ____D C:\ProgramData\Oracle
2018-04-04 02:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\registration
2018-04-03 22:45 - 2018-03-02 15:11 - 000001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-04-03 22:45 - 2018-03-02 15:11 - 000001975 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-03 22:43 - 2018-02-25 18:42 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-04-03 22:19 - 2018-02-11 21:10 - 000000000 ____D C:\Users\Raul\Desktop\Photoshop Edited
2018-04-03 22:07 - 2018-03-02 02:29 - 000000000 ____D C:\ProgramData\ProductData
2018-04-03 00:14 - 2018-03-02 15:07 - 000002250 _____ C:\Users\Public\Desktop\Advanced SystemCare 11.lnk
2018-03-30 22:57 - 2017-09-14 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-03-30 22:57 - 2016-01-08 20:18 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-30 19:17 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-30 18:42 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-30 18:31 - 2018-03-11 23:20 - 000002357 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2018-03-30 18:27 - 2015-09-04 09:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-30 18:22 - 2017-11-30 23:42 - 000003028 _____ C:\WINDOWS\System32\Tasks\Update Checker
2018-03-30 18:22 - 2017-11-30 23:42 - 000002576 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2018-03-30 18:22 - 2016-10-29 17:51 - 000000000 ____D C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2018-03-30 18:12 - 2017-10-11 01:55 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-30 18:11 - 2015-09-04 09:13 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-30 18:01 - 2017-03-03 21:37 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2018-03-30 18:01 - 2015-10-02 21:07 - 000000000 ____D C:\Users\Raul\AppData\Local\Battle.net
2018-03-30 18:01 - 2015-10-02 21:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-30 17:56 - 2015-09-02 14:23 - 000000000 ____D C:\Users\Raul\AppData\Local\Google
2018-03-30 17:40 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-30 17:38 - 2016-05-30 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office 2016
2018-03-30 17:38 - 2014-12-03 23:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-30 16:18 - 2015-09-05 04:43 - 000000000 ____D C:\Users\Raul\AppData\Roaming\vlc
2018-03-26 02:46 - 2018-03-02 03:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-03-26 02:46 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-03-26 02:46 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\setup
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-26 02:46 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-26 02:46 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-26 02:46 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\servicing
2018-03-26 02:46 - 2016-05-26 02:06 - 000000000 ___RD C:\Users\Raul\Google Drive
2018-03-26 02:45 - 2018-01-15 22:18 - 000000000 ____D C:\Users\Raul\AppData\Local\CANON_INC
2018-03-26 02:45 - 2017-11-30 23:44 - 000000000 ___RD C:\Users\Raul\3D Objects
2018-03-26 02:45 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-26 02:45 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-26 02:45 - 2016-10-29 17:51 - 000000000 ____D C:\Users\Raul\AppData\Local\Package Cache
2018-03-26 02:45 - 2016-05-30 00:59 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-03-26 02:45 - 2016-04-27 00:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-26 02:45 - 2016-01-24 05:05 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\raidcall
2018-03-26 02:45 - 2015-09-09 03:35 - 000000000 ____D C:\Program Files (x86)\Arc
2018-03-26 02:45 - 2015-09-02 22:49 - 000000000 ____D C:\ProgramData\Origin
2018-03-26 02:45 - 2015-06-04 05:27 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-26 02:20 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SystemApps
2018-03-26 02:15 - 2017-05-31 01:39 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\TheGameBakers
2018-03-26 02:15 - 2016-09-06 03:38 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\Sun
2018-03-26 02:15 - 2016-01-24 05:05 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\RCTW
2018-03-26 02:14 - 2015-09-22 23:55 - 000000000 ____D C:\ProgramData\Apple
2018-03-16 15:52 - 2015-09-02 14:09 - 000000000 ___RD C:\Users\Raul\OneDrive
2018-03-14 11:29 - 2015-09-02 14:06 - 000000000 __SHD C:\Users\Raul\IntelGraphicsProfiles
2018-03-13 08:56 - 2018-02-11 01:46 - 000000000 ____D C:\Users\Raul\Documents\Adobe
2018-03-13 08:56 - 2015-09-02 14:06 - 000000000 ____D C:\Users\Raul\AppData\Roaming\Adobe
2018-03-13 04:11 - 2018-03-09 20:50 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2732871966-1470559089-260824378-1001
2018-03-13 04:11 - 2018-03-06 08:03 - 000014496 _____ C:\WINDOWS\System32\Tasks\HP Color LaserJet 3700 PCL 6
2018-03-13 04:11 - 2018-03-02 15:07 - 000002348 _____ C:\WINDOWS\System32\Tasks\ASC11_SkipUac_Raul
2018-03-13 04:11 - 2018-02-25 18:43 - 000003244 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2018-03-13 04:11 - 2018-02-11 01:47 - 000002758 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-raulss26@hotmail.com
2018-03-13 04:11 - 2017-11-30 23:42 - 000003482 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-13 04:11 - 2017-11-30 23:42 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-13 04:11 - 2017-11-30 23:42 - 000003258 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-13 04:11 - 2017-11-30 23:42 - 000002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2018-03-13 04:11 - 2017-11-30 23:42 - 000002782 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2018-03-13 04:11 - 2017-11-30 23:42 - 000002748 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2732871966-1470559089-260824378-500
2018-03-13 04:11 - 2017-11-30 23:42 - 000002656 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2018-03-13 04:11 - 2017-11-30 23:42 - 000002188 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2018-03-13 04:11 - 2017-11-30 23:42 - 000002054 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2018-03-13 04:01 - 2017-05-07 05:24 - 000000000 ____D C:\Program Files (x86)\Hearthstone
 
==================== Files in the root of some directories =======
 
2016-05-26 01:59 - 2016-05-26 01:59 - 000987728 _____ (Google Inc.) C:\Users\Raul\googledrivesync.exe
2015-09-02 14:09 - 2018-04-09 11:27 - 000000165 _____ () C:\Users\Raul\AppData\Roaming\sp_data.sys
2016-02-14 03:19 - 2018-02-14 00:20 - 000007591 _____ () C:\Users\Raul\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\uconkbhm.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-03-30 19:04
 
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Raul (12-04-2018 20:49:24)
Running from F:\
Windows 10 Home Single Language Version 1709 16299.248 (X64) (2017-12-01 04:44:00)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2732871966-1470559089-260824378-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2732871966-1470559089-260824378-503 - Limited - Disabled)
Guest (S-1-5-21-2732871966-1470559089-260824378-501 - Limited - Disabled)
Raul (S-1-5-21-2732871966-1470559089-260824378-1001 - Administrator - Enabled) => C:\Users\Raul
WDAGUtilityAccount (S-1-5-21-2732871966-1470559089-260824378-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.1.0 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.05.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.57 - ICEpower a/s)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.60.197 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.60.197 - NC Interactive, LLC)
Brother MFL-Pro Suite MFC-J415W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.2.32.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.2.20.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 0.9.0.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.2.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.15.20.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.24 - NVIDIA Corporation) Hidden
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Git version 2.10.1 (HKLM\...\Git_is1) (Version: 2.10.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{1C41AEAE-7DD5-29D6-FA5F-D1E8A12ECE4E}) (Version: 11.0.760.0 - Mediatek)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.10.24870 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.21 - Overwolf Ltd.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (HKLM-x32\...\{7E08C4EE-B1C7-4138-8227-7CD3837636AA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.55.0 - Ralink)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8264 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version:  - Ubisoft)
Spotify (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 6.0.0.66) (HKLM\...\82D024CBD181D16D72E5AE45A426919815D5F456) (Version: 11/11/2015 6.0.0.66 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2732871966-1470559089-260824378-1001_Classes\CLSID\{815122c0-eab9-44c1-9edb-a3ba6f448a67}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2013-12-18] (Foxit Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-15] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0638DED1-479E-43B9-AAC8-0504B46E0F21} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {07E5270C-CD10-4409-98DA-6CE443D48B4A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {1067DABD-1F64-446F-A76F-DF26DB29A525} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-15] (NVIDIA Corporation)
Task: {10A4833C-404C-4152-9B77-7F26924A79AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
Task: {1F59FB6C-8809-496C-8403-1CC476618ABC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2D4F92B1-BDB3-452A-990E-15A8E5FF6BDF} - System32\Tasks\HP Color LaserJet 3700 PCL 6 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\HP Color LaserJet 3700 PCL 6\HP Color LaserJet 3700 PCL 6.dll",hvBdFw <==== ATTENTION
Task: {2FC750BB-F0FE-4A3A-BEE5-1F2D15D2B440} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-15] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {378F30DE-9023-488B-A314-75453DEF9A65} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-03-25] (Overwolf LTD)
Task: {3A77543D-41E6-4807-8E01-E0926767BE82} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-15] (NVIDIA Corporation)
Task: {3B04003F-70F5-465C-8D34-2996009FF7F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {3D663730-EC51-4735-9202-9E056DC4BA71} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4157B838-5F13-49BA-A20D-F913F28D34CE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-15] (NVIDIA Corporation)
Task: {458EE8EE-2380-42EF-93AF-C3815D861E56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {46646A02-2FEF-495F-994D-84FF7C474F31} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4896C97E-C3F9-426F-AFC5-8DCDA7A840BB} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-03-11] (Realtek Semiconductor)
Task: {4B190456-30D3-46DB-8122-885D36417233} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {51F99B3B-EC40-46CF-828B-04C191A03249} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {52BA367B-D369-4A08-A5E5-C6D01492A052} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-15] (NVIDIA Corporation)
Task: {562D1D55-7FDD-4DFE-97B2-5C7F256CD5A0} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {5CF3B471-309D-4507-9962-17AA15867C57} - System32\Tasks\Driver Booster SkipUAC (Raul) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe [2018-01-29] (IObit)
Task: {5EAD96E3-F7ED-46BA-9B4A-A21C1006D8AF} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-11-05] (ASUS)
Task: {60F627D1-697B-4145-9DF1-314B20CC3677} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-raulss26@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {6627163E-7A10-431E-A235-FEC9B55EDA2A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66F562C3-B80D-44FA-AA71-3E9FA4654E34} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-09] (AVAST Software)
Task: {683F72A1-F99D-429F-82E9-CC945464D7F7} - System32\Tasks\ASC11_SkipUac_Raul => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: {6E4112F8-CC18-46D5-B8BE-312F85B69E0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {6EB9E881-F725-41E4-B8A6-253301AD084B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {769A4952-C7D6-47D1-9A18-988A27FA6C5D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {79071368-D8BF-4C97-B743-864F60A0601E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7CBF9315-8B2D-427C-ACC2-54D34BAAD624} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {7CD157CE-ACA0-4E51-B6AD-B2BC1C1B46D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {86BB638F-F282-4DA4-9234-5516B190FCD0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {8B84ACF4-1BF0-4136-873F-3F96F3571718} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9364BE56-FA4B-464C-ADBD-7C6D35480C1A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
Task: {94B529EF-E291-498D-8E75-8CA16E771414} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-30] (Microsoft Corporation)
Task: {99F06266-8F01-4EAF-8FF3-9DCC18F365CB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {A44E890B-C878-4347-9467-5BDC412E5680} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A654A9BC-49C6-4A54-A8AA-6078157BBFCA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-03-02] (AVAST Software)
Task: {ABD459C1-0476-4935-BCAA-89D8A5DDC200} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {B7F32437-93E5-4BE1-9F53-7E014B542EA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B956F83C-2190-4DA5-99A6-411676AF1679} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-15] (NVIDIA Corporation)
Task: {BEF2EE7D-40A7-40F6-89DA-031AA4692709} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-15] (NVIDIA Corporation)
Task: {BF9F0E64-0427-4589-8E17-087351376072} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C2E58D1B-0D61-4F1F-B9FC-30647C40666E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-03-11] (Realtek Semiconductor)
Task: {CC938749-2FF4-43C8-838B-9252DF27B142} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {D0EA648E-8CBE-4B01-97E1-F44E9F2011B3} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {D5432B35-9ACC-4EAE-85D6-E5B527348D61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E2957188-AF1E-4B26-826B-F8D82770751A} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {EB6C5F24-A19B-40F0-B1C4-38B8AF30BBD8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {EC2DB076-4BBE-428B-8B6D-AA619B068BE4} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\WINDOWS\System32\GWX\GWX.exe
Task: {ED2A4F92-6B27-447A-A46F-94EE7ED7083D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-11] (ASUSTek Computer Inc.)
Task: {F0FEC7ED-5175-4EB4-984B-68075128FC80} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {F5A0F676-C749-43CB-92F2-525CB888873C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {FCE3E2A2-FC7C-4E97-93C4-38D786340991} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FFC94CEF-1242-494D-A2A1-724478AF8CDD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-15] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-14 21:12 - 2018-02-09 23:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-14 21:12 - 2018-02-09 23:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-21 13:03 - 2017-12-21 13:03 - 002945024 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.3.3472.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-12-21 13:03 - 2017-12-21 13:03 - 000130560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.3.3472.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-12-21 13:03 - 2017-12-21 13:03 - 007848448 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.3.3472.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-03-02 03:13 - 000000838 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 b5
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Raul\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: 0257221455953473mcinstcleanup => 2
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: aswbIDSAgent => 3
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: chromoting => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "RaidCall"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Advanced SystemCare 11"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{669D89C7-081B-42E5-A64A-59D2A994B7A6}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{7F837E10-25AE-41FB-AE9E-E29D7F8F3353}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{85E1AA01-A41A-4F78-A03E-424E117CF8B5}] => (Allow) D:\SteamLibrary\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{68B30EF6-28C5-421C-8A6A-F71BCDCF55D7}] => (Allow) D:\SteamLibrary\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{7A5A3E87-119B-43F3-8DEE-5FCBBE40F84D}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{AC3835A5-7135-4498-A7EE-7BA61FD29D13}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [UDP Query User{2AA286F9-6221-4FCB-8405-F83BD4925423}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{1F03C973-87CC-4384-83CA-99A4283A6DED}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{9416310C-D528-477C-8A82-A5D3350F217A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{920B8733-8856-4343-9218-06AF00FCC80A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A9FF1CA4-385D-410D-BE72-1556874F13D6}] => (Allow) C:\Users\Raul\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F367AC14-2671-4753-92C6-D91AE3044A9E}] => (Allow) C:\Users\Raul\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE59B8E5-86AF-47DC-BD9A-6971D3504892}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{23FFB2A3-DB04-497A-95CD-931D47AD28B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0E854376-2720-48F7-9D97-3EAB4BC1BF3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{0629A3DB-B8B6-473B-9B34-47A5A812747E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [TCP Query User{DC5E039A-07E3-4B77-9628-33E356F15C03}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{86B3DCF8-FE12-4BF8-AFEC-412528DBDAF0}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{0AF2CD5D-082D-423F-ABBA-CFE7239F46AF}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{2B51D9FE-45AC-4993-93AF-0CAB64BEAFDE}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{1E691FAA-381B-47DC-AB77-0E58745F2578}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14838093-413F-49A7-8AEE-B9B78FBAC021}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8F1005EA-9736-4045-BDD0-778282A5BA12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1630E9ED-252E-4DA5-8EB2-C2D7E032E339}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DB802C70-4B68-455A-9FFC-0B0835D50889}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{FAC68D0E-1C6F-491B-9D05-BF263A86091B}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B771867F-BE3A-4478-9E72-156EED12111A}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{60694D14-FE75-453F-AE23-BDEF469B8D46}] => (Allow) D:\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{C96A92EC-7BD1-4D8A-BF8F-429773471770}] => (Allow) D:\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [TCP Query User{0A6A5F78-2988-43DE-A009-4C9D087D0630}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{8682D3D2-6275-4617-BBD3-A35A906703E7}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{37DC6022-040D-4D3D-B915-9C6943756464}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{96D37877-2532-45F5-93CB-70A6C28A2F0F}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E226CE38-ED5A-44A9-9DB1-BA5121DFE81E}] => (Allow) D:\SteamLibrary\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{A6162D30-56C2-43E5-AD5D-D3CD05F86DD7}] => (Allow) D:\SteamLibrary\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{201ED956-F07B-4710-8E77-C4FCFFA65B19}] => (Allow) D:\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{AD3F9614-B4A3-484C-A5B8-963E60A8C843}] => (Allow) D:\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{43AB2731-BBE7-47A7-8DC2-8162F4593E69}] => (Allow) LPort=54925
FirewallRules: [{3B08008A-A2B2-4C6D-86C8-698CCDC7EC0D}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{6BC75D3D-20D8-41D2-A556-44F12CC0CDDB}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{2B30DDB3-CA1F-495F-ADB4-5BD18D5D3294}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{72A0A7FE-1FCD-488F-8580-64A05CFA8D39}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{2BFB0498-7425-486B-AC2F-1674166B831C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{07BFB8CE-AF80-4F60-93D1-94575BFC87B1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B434BD9C-D51F-4BD2-88D9-AB297C30BA66}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{898E9607-8C55-4721-B26F-58816B86F1A9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CFD7075C-EA39-4D73-9C59-8879D2FCE8B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F0F01366-EB9D-46EF-B77F-DDE5E89E0433}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{E286D85A-7325-4F3B-B3C5-0C42E9AC2592}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{F35C70E7-D2C1-4B6D-B25F-027A7891276C}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{A8747CC3-100C-4B2B-ADBD-225B9B97C0C7}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{DCB737C5-63F0-46FF-933F-C2E27B327BD2}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{D36ED5CF-A8B0-4FF3-9143-5DF9E67A901B}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{B614B491-0B3A-4F15-B747-357DC85F626C}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{BF69D2CA-2C5D-4A8B-96A4-CBA67D7C2877}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{D874FAFF-8758-4CDE-A3F4-6D3610F08438}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{C6572790-4C41-4C69-BE39-08F4E07A68CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{2ABA410A-0F4E-48C1-9749-BD5AB2386A9C}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{59750762-E80E-4715-BD24-9EEB6E18C463}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{D7510764-F2C8-4938-9B75-F25447B14B90}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A8A9DBCE-C2BF-4370-BC0F-1115E6DEC0D3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{E47122E5-5002-473C-9B3E-30D8C56ACEC7}] => (Allow) D:\SteamLibrary\steamapps\common\Furi\Furi.exe
FirewallRules: [{DC54C6B2-54C4-4621-A782-8EE64F9BBD2D}] => (Allow) D:\SteamLibrary\steamapps\common\Furi\Furi.exe
FirewallRules: [{0CB90A80-AD2D-4B9F-8F0E-12F705313C77}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{20A598AA-2FC3-4797-A395-414C6A6DD812}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{92D634FC-182A-4BD4-A110-6FB08A388D8E}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{68D571D7-3498-4706-9591-959344AE725C}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{714EA223-A684-4E56-99DE-D1CC368A6A5C}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{64AAA4ED-81E0-4D81-93E3-E9A8AD4946BE}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{B694F55E-5A96-4BD8-A4C8-AA820D8FFBF6}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{2F314294-2D17-4940-BB8B-E83240B61483}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{083675F0-2C5F-4A96-8E4A-189965EB1CB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{FF9B1B71-51B0-4D56-B895-81396C3481C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{7995B5E4-4956-494A-8056-81CCE56C48D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{AA47ABE1-1978-489E-AF62-977E2EA49DCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{2A4D73DB-708F-4AA0-BD21-2CCAA0DC9403}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{CD2610A4-843D-40CD-8E06-BF327EAB2DBF}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{2141D904-74F3-4A6D-9281-B0B52F6B7B87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{D6C04AB1-0685-4E29-8855-4C8270AF47FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{5AB2D560-8707-459B-9BE0-CFFB54AF7AEF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{71206385-9AFE-4916-899F-9DD89C71FA3A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AB00D6F2-16EA-45E4-AF66-95F7BF144707}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{BE1EB300-E367-45AD-A555-1666210EAA25}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{D9EC03E3-2A95-4C87-8120-0DFF22478F83}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{1EF657C4-914B-4079-8B90-CE8DE26557AC}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{BC96237A-D13A-448E-8D24-A566B2D4C111}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{7F69B000-9A24-4B72-BC3D-76A685C9EECB}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe
FirewallRules: [{EC0E5208-BB40-4864-8076-78F36046B431}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe
FirewallRules: [{4210BA33-F68E-440E-A710-C12923D33ABD}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{8ED5E534-8E36-4079-A630-6BA7B268FFE8}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{7AF831B1-53BB-4D71-A990-73E9368D12AC}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{34A9BB9E-3C4F-40E9-93EB-C056E292C171}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{CAB2F28F-31FB-47E9-86B2-EEEDF148E410}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{3BDC9378-A2F0-4ADE-82EE-F20FD7C842CC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{56653246-5921-4B42-A849-4115FBD8A3BD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{86A39A7B-5AF6-48AD-B5D3-D31E654DFB64}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{59293B44-EDFB-4180-B61D-831E10489B54}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{B3B67005-7F86-4128-A9E5-CCDEBD284675}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4E59E985-3162-4F24-BDC4-67CB92F728D5}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
FirewallRules: [{12FA2C9D-5DB3-4508-AA81-4C120AF1A882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{760CD905-8BEB-4D95-9FC6-1B2D131FBECD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{40C04F75-4FE7-4F6E-B8B4-10CEFF6E2CD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7ECC2A55-10D4-4E27-BE8F-A071F6100571}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E0F07092-5BF9-4909-BB9C-15DC0C588F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{23E6AC8C-7C02-4157-B292-740C51E78702}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C0169721-B44E-4DF1-8090-BCFF69CAFF37}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{095B254E-5AD9-4C88-B4E6-2009BE6FF091}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{1F4F2E97-91DC-449F-A032-A0448D0BF048}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A6F0EDBD-4CAB-4DEF-86CD-D713823E7FEA}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
 
==================== Restore Points =========================
 
30-03-2018 18:06:28 Windows Update
04-04-2018 02:22:39 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Intel Collaborative Processor Performance Control (CPPC) Driver
Description: Intel Collaborative Processor Performance Control (CPPC) Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: IntelHSWPcc
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/12/2018 08:46:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_15ced204935f55d7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_5d7c08dba7db7edd.manifest.
 
Error: (04/12/2018 12:18:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (04/12/2018 12:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0x848
Faulting application start time: 0x01d3d21d7f30cc44
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 161d8f79-beb6-472c-a2c2-845eeba7966a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/12/2018 12:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0x85c
Faulting application start time: 0x01d3d21d7ebbea8a
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 70f6a36a-8d2b-44e4-a169-039bd1774357
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/12/2018 12:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0x8f0
Faulting application start time: 0x01d3d21d3cee8079
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: fc9ecfb5-19a1-4000-8348-ab240b494a68
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/12/2018 12:15:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0x904
Faulting application start time: 0x01d3d21d3bdfb829
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 5c8171d1-a760-443f-9263-7557afb98022
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/12/2018 12:15:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0xb30
Faulting application start time: 0x01d3d21d364845c0
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 55280224-7a53-4da5-8101-29f51de4237e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/12/2018 12:13:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0x908
Faulting application start time: 0x01d3d21cfa3f0160
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: fcba70cd-5fba-465a-b4a9-266766a938a5
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/12/2018 08:50:41 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (04/12/2018 08:50:34 PM) (Source: DCOM) (EventID: 10005) (User: SQUIRRELFISH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/12/2018 08:49:24 PM) (Source: DCOM) (EventID: 10005) (User: SQUIRRELFISH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/12/2018 08:48:41 PM) (Source: DCOM) (EventID: 10005) (User: SQUIRRELFISH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/12/2018 08:48:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (04/12/2018 08:47:54 PM) (Source: DCOM) (EventID: 10005) (User: SQUIRRELFISH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/12/2018 08:47:37 PM) (Source: DCOM) (EventID: 10005) (User: SQUIRRELFISH)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/12/2018 08:47:34 PM) (Source: DCOM) (EventID: 10005) (User: SQUIRRELFISH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Windows Defender:
===================================
Date: 2018-03-02 01:50:57.161
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-02 01:50:35.727
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-02 01:49:48.488
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-02 01:48:56.406
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Raul\AppData\Roaming\uTorrent\uTorrent.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-01-31 14:49:22.460
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {95BBA354-DD9C-4F16-BCF4-126E971562BB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-02-19 08:29:46.391
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-02-19 08:28:46.112
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.1319.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-01-31 14:31:57.311
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.441.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-31 14:31:57.311
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-31 14:31:56.430
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.441.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
CodeIntegrity:
===================================
 
Date: 2018-03-02 02:43:41.313
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:43:41.312
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:40:46.914
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:40:46.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:48.081
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:48.079
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:40.360
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:40.359
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 7%
Total physical RAM: 12189.83 MB
Available physical RAM: 11239.02 MB
Total Virtual: 24989.83 MB
Available Virtual: 24161.69 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:99.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:542.8 GB) (Free:9.95 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:6.88 GB) FAT32
 
\\?\Volume{42b5899e-929f-4a47-8005-f9a899c0782e}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{6b024e34-ada4-48b4-bb82-4c5a7e6f11ae}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{efcc7097-5f01-4632-92cc-2d3f97865b62}\ (Restore) (Fixed) (Total:15.01 GB) (Free:2.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81F37948)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 Heather106

Heather106
  • Topic Starter

  • Members
  • 15 posts
  • ONLINE
  •  
  • Local time:06:13 PM

Posted 12 April 2018 - 09:33 PM

I sincerely apologize to anyone, this is the one I had originally wanted to post. My pc had an error with the website which made me believe it had not uploaded. It had uploaded about 6 times though.



#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:13 PM

Posted 15 April 2018 - 03:35 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)

There is a rootkit in your system.

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file Attached File  Fixlist.txt   9.79KB   4 downloads and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums

Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:
  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.
Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:13 PM

Posted 17 April 2018 - 02:00 PM

How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Heather106

Heather106
  • Topic Starter

  • Members
  • 15 posts
  • ONLINE
  •  
  • Local time:06:13 PM

Posted 17 April 2018 - 11:51 PM

I apologize but in trying to run frst64 through the command prompt it says that it is not recognized as an internal or external command operable program or batch file. the usb is g and i have typed g:\frst64 but that is what it replies back with. Redownloaded on usb and now works will update with attachments in a bit.


Edited by Heather106, 17 April 2018 - 11:57 PM.


#6 Heather106

Heather106
  • Topic Starter

  • Members
  • 15 posts
  • ONLINE
  •  
  • Local time:06:13 PM

Posted 18 April 2018 - 12:23 AM

Frst normal mode

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Raul (administrator) on SQUIRRELFISH (18-04-2018 00:11:19)
Running from C:\Users\Raul\Desktop
Loaded Profiles: Raul (Available Profiles: Raul)
Platform: Windows 10 Home Single Language Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Ubisoft) D:\Ubisoft\Ubisoft Game Launcher\upc.exe
(Ubisoft) D:\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\overseer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [SERVICE] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Discord] => C:\Users\Raul\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Advanced SystemCare 11] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [Spotify Web Helper] => C:\Users\Raul\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-04] (Spotify Ltd)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe --helperBridgeName={22016340-D362-4973-B65E-78C5AE867616} --lbsInstallerWorkflowID={E8C19CCB-FEFA-4FE5-9583 (the data entry has 177 more characters).
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-10-03] ()
Startup: C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 b5
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{0184a88c-871f-4942-afe0-ffe156c8fda3}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{244d7b94-dd03-44b7-909c-5425ee4da650}: [DhcpNameServer] 8.8.4.4 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{9688eee9-c0c2-49c9-9685-c76f1ebb8e15}: [DhcpNameServer] 8.8.4.4 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{dda22f55-c0a4-41f6-b7a6-92c7d1f035af}: [DhcpNameServer] 172.16.3.19
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-04-04] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2018-01-10] (Perfect World Entertainment Inc)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-04] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Arc\plugins\flash\NPSWF32.dll [2018-01-10] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-30] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2018-01-10] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
CHR Extension: (Slides) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Destiny Item Manager Shortcut) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna [2018-02-03]
CHR Extension: (YouTube) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Avast SafePrice) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-30]
CHR Extension: (Sheets) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Word Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-30]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-03-09]
CHR Extension: (Avast Online Security) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-30]
CHR Extension: (Excel Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2016-05-29]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-09-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-26]
CHR Extension: (PowerPoint Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2015-09-02]
CHR Extension: (Office Online) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02]
CHR Extension: (Chrome Media Router) - C:\Users\Raul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-30]
CHR Profile: C:\Users\Raul\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2732871966-1470559089-260824378-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2018-01-10] (Perfect World Entertainment Inc)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2018-02-21] (EasyAntiCheat Ltd)
S4 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel® Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [166152 2016-10-03] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-15] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-15] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154816 2018-01-20] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3024712 2018-01-20] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1453384 2018-03-25] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-02-04] ()
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-02] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-02] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-02] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-02] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147224 2018-04-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98792 2018-03-11] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2018-03-11] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [66440 2018-03-11] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31112 2018-03-11] (ASUS)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-03-11] (REALiX™)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79528 2018-03-11] (Intel Corporation)
R3 m76usb; C:\WINDOWS\System32\drivers\m76usb.sys [563360 2015-06-03] (Ralink Technology Corp.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_f551aaf97b83a587\nvlddmkm.sys [17526688 2018-03-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-30] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-15] (NVIDIA Corporation)
R1 prilock; C:\WINDOWS\System32\drivers\prilock.sys [122776 2018-02-08] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-30] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2018-03-11] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-10-07] (Wellbia.com Co., Ltd.)
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-18 00:11 - 2018-04-18 00:14 - 000025586 _____ C:\Users\Raul\Desktop\FRST.txt
2018-04-18 00:08 - 2018-04-18 00:08 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-18 00:08 - 2018-04-18 00:08 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-04-18 00:08 - 2018-04-18 00:08 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-04-18 00:03 - 2018-04-17 23:38 - 002403328 _____ (Farbar) C:\Users\Raul\Desktop\FRST64.exe
2018-04-12 20:47 - 2018-04-18 00:11 - 000000000 ____D C:\FRST
2018-04-12 00:13 - 2018-04-12 00:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-12 00:13 - 2018-04-12 00:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-12 00:13 - 2018-04-12 00:13 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-12 00:13 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-11 19:14 - 2018-04-11 19:14 - 000000000 ____D C:\Program Files (x86)\ESET
2018-04-11 18:32 - 2018-04-11 18:34 - 000000000 ____D C:\AdwCleaner
2018-04-11 18:30 - 2018-04-12 20:58 - 001493612 _____ C:\WINDOWS\ntbtlog.txt
2018-04-11 18:26 - 2018-04-11 18:26 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-04-11 18:26 - 2018-04-11 18:26 - 000000000 ____D C:\Program Files\CCleaner
2018-04-10 23:26 - 2018-04-10 23:26 - 000000000 ____D C:\Program Files\Speccy
2018-04-10 23:15 - 2018-04-10 23:15 - 002146423 _____ C:\Users\Raul\Documents\SysnativeFileCollectionApp.zip
2018-04-10 23:05 - 2018-04-10 23:09 - 000000000 ____D C:\Users\Raul\Documents\SysnativeFileCollectionApp
2018-04-10 23:00 - 2018-04-11 19:26 - 4192700319 _____ C:\WINDOWS\MEMORY.DMP
2018-04-09 11:54 - 2018-04-18 00:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-04-09 11:50 - 2018-04-09 11:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-09 11:50 - 2018-04-09 11:50 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-04-09 11:49 - 2018-04-09 11:48 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-09 11:49 - 2018-04-09 11:48 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys.152402802057801
2018-04-09 11:49 - 2018-04-09 11:48 - 000111352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-09 11:49 - 2018-04-09 11:48 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-09 11:49 - 2018-04-09 11:47 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-09 11:49 - 2018-04-09 11:46 - 000227784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-04-09 11:49 - 2018-03-02 15:09 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-04-09 11:29 - 2018-04-09 11:29 - 000003028 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Raul)
2018-04-04 04:31 - 2018-04-04 04:31 - 008224188 _____ C:\Users\Raul\Downloads\memtest86-usb.zip
2018-04-04 04:30 - 2018-04-04 04:30 - 005580769 _____ C:\Users\Raul\Downloads\memtest86-iso.zip
2018-04-04 04:21 - 2018-04-04 04:21 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-04-04 03:47 - 2018-04-06 09:23 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-04 03:47 - 2018-04-04 03:50 - 000002750 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-04-04 03:47 - 2018-04-04 03:47 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-04-04 03:47 - 2018-04-04 03:47 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-04-04 03:47 - 2018-04-04 03:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-04-04 03:47 - 2018-01-11 01:25 - 000041512 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2018-04-04 03:45 - 2018-04-04 03:45 - 013884872 _____ (Intel) C:\Users\Raul\Downloads\Intel Driver and Support Assistant Installer.exe
2018-04-04 03:41 - 2018-04-04 03:41 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:41 - 2018-04-04 03:41 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:41 - 2018-04-04 03:41 - 000001519 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-04-04 03:41 - 2018-04-04 03:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-04 03:41 - 2018-03-15 19:57 - 002480064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-04-04 03:41 - 2018-03-15 19:57 - 002137024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-04-04 03:41 - 2018-03-15 19:57 - 001310144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-04-04 03:40 - 2018-04-04 03:40 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-04-04 03:40 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-04 03:40 - 2018-03-15 19:57 - 000189784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-04-04 03:40 - 2018-03-15 19:57 - 000152408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-04-04 03:40 - 2018-03-15 19:57 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-04-04 03:40 - 2018-03-15 17:40 - 005952640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 002589576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 001767816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000634256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-04-04 03:40 - 2018-03-15 17:40 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-04-04 03:40 - 2018-03-15 17:39 - 008099202 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-04-04 03:39 - 2018-04-04 03:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-04-04 03:39 - 2018-03-15 19:57 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-04-04 03:37 - 2018-03-16 13:12 - 000997280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-04 03:37 - 2018-03-16 13:12 - 000949176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-04 03:37 - 2018-03-16 13:12 - 000625592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-04 03:37 - 2018-03-16 13:12 - 000515672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 040278616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 035189336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 004318464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 003719200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001985280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439124.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439124.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001138432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-04 03:37 - 2018-03-16 13:11 - 001066072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 019854816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 016496072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 013571008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 011131872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 001346128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 001153568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 000811992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-04 03:37 - 2018-03-16 13:01 - 000650232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 012966216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 011000296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 004629824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 003937000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-04 03:37 - 2018-03-16 13:00 - 001061168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-04 03:37 - 2018-03-15 19:57 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-04-04 03:37 - 2018-03-15 19:57 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-04-04 03:10 - 2018-04-04 03:16 - 464777024 _____ (NVIDIA Corporation) C:\Users\Raul\Downloads\391.24-notebook-win10-64bit-international-whql.exe
2018-04-04 02:52 - 2018-04-04 02:52 - 000000000 ____D C:\WINDOWS\Sun
2018-04-04 02:51 - 2018-04-04 02:51 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-04-04 02:51 - 2018-04-04 02:51 - 000000000 ____D C:\Users\Raul\AppData\Roaming\Sun
2018-04-04 02:51 - 2018-04-04 02:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-04 02:51 - 2018-04-04 02:51 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-30 22:57 - 2018-03-30 22:57 - 000000000 ____D C:\Program Files\Google
2018-03-30 18:30 - 2018-03-30 18:30 - 001026896 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-03-30 18:29 - 2018-03-30 18:29 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-03-30 18:23 - 2018-03-30 18:23 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-30 18:23 - 2018-03-30 18:23 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-30 18:06 - 2018-04-03 22:20 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-30 18:06 - 2018-03-30 18:09 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-18 00:14 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-18 00:14 - 2015-09-04 09:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-18 00:13 - 2017-10-11 01:55 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-18 00:13 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-18 00:13 - 2015-09-04 09:13 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-18 00:10 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-18 00:08 - 2015-09-02 23:09 - 000000000 ____D C:\Users\Raul\AppData\Local\Ubisoft Game Launcher
2018-04-18 00:06 - 2017-07-11 00:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-18 00:06 - 2015-09-02 14:09 - 000000165 _____ C:\Users\Raul\AppData\Roaming\sp_data.sys
2018-04-18 00:06 - 2015-06-04 05:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-18 00:04 - 2016-01-09 01:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2018-04-18 00:03 - 2016-07-12 15:43 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-04-17 23:58 - 2017-11-30 23:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-17 23:58 - 2017-11-30 23:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-12 00:17 - 2016-03-07 14:28 - 000000000 ____D C:\Users\Raul\AppData\Local\CrashDumps
2018-04-11 19:27 - 2018-01-10 11:00 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-11 18:34 - 2018-03-02 02:29 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\IObit
2018-04-11 18:34 - 2018-03-02 02:28 - 000000000 ____D C:\Users\Raul\AppData\Roaming\IObit
2018-04-11 18:34 - 2018-03-02 02:28 - 000000000 ____D C:\ProgramData\IObit
2018-04-11 18:34 - 2018-03-02 02:28 - 000000000 ____D C:\Program Files (x86)\IObit
2018-04-11 18:29 - 2017-11-29 18:13 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-11 18:29 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-11 18:29 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-11 18:29 - 2015-09-05 03:26 - 000000000 ____D C:\Users\Raul\AppData\Roaming\uTorrent
2018-04-09 11:26 - 2018-03-02 15:07 - 000852148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-09 11:23 - 2017-11-30 23:16 - 000000000 ____D C:\Users\Raul
2018-04-06 11:44 - 2015-09-02 14:40 - 000000000 ____D C:\Users\Raul\AppData\Roaming\Spotify
2018-04-06 09:28 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-06 09:20 - 2015-09-02 14:41 - 000000000 ____D C:\Users\Raul\AppData\Local\Spotify
2018-04-04 04:51 - 2018-03-11 23:37 - 000003260 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2018-04-04 04:51 - 2017-11-30 23:42 - 000003216 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-04-04 04:51 - 2017-07-11 00:02 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-04-04 04:44 - 2015-11-14 09:34 - 000000000 ____D C:\Users\Raul\AppData\Local\ElevatedDiagnostics
2018-04-04 04:21 - 2015-06-04 04:58 - 000000000 ____D C:\ProgramData\Intel
2018-04-04 04:13 - 2016-03-03 13:28 - 000000000 ____D C:\Users\Raul\AppData\Local\NVIDIA Corporation
2018-04-04 03:47 - 2014-12-03 23:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-04 03:46 - 2017-07-11 00:02 - 000000000 ____D C:\Program Files\Intel
2018-04-04 03:45 - 2015-09-02 14:08 - 000000000 ____D C:\Users\Raul\AppData\Local\NVIDIA
2018-04-04 03:41 - 2017-07-11 00:01 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-04 03:41 - 2017-07-11 00:01 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-04 03:41 - 2015-06-04 05:03 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-04 03:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Help
2018-04-04 03:40 - 2016-03-14 23:19 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-04 03:34 - 2016-03-14 16:51 - 000000000 ____D C:\Fraps
2018-04-04 02:52 - 2016-09-06 03:37 - 000000000 ____D C:\ProgramData\Oracle
2018-04-04 02:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\registration
2018-04-03 22:45 - 2018-03-02 15:11 - 000001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-04-03 22:45 - 2018-03-02 15:11 - 000001975 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-03 22:43 - 2018-02-25 18:42 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-04-03 22:19 - 2018-02-11 21:10 - 000000000 ____D C:\Users\Raul\Desktop\Photoshop Edited
2018-04-03 22:07 - 2018-03-02 02:29 - 000000000 ____D C:\ProgramData\ProductData
2018-03-30 22:57 - 2017-09-14 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-03-30 22:57 - 2016-01-08 20:18 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-30 19:17 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-30 18:42 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-30 18:31 - 2018-03-11 23:20 - 000002357 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2018-03-30 18:22 - 2017-11-30 23:42 - 000003028 _____ C:\WINDOWS\System32\Tasks\Update Checker
2018-03-30 18:22 - 2017-11-30 23:42 - 000002576 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2018-03-30 18:22 - 2016-10-29 17:51 - 000000000 ____D C:\Users\Raul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2018-03-30 18:01 - 2017-03-03 21:37 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2018-03-30 18:01 - 2015-10-02 21:07 - 000000000 ____D C:\Users\Raul\AppData\Local\Battle.net
2018-03-30 18:01 - 2015-10-02 21:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-30 17:56 - 2015-09-02 14:23 - 000000000 ____D C:\Users\Raul\AppData\Local\Google
2018-03-30 17:40 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-30 17:38 - 2016-05-30 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office 2016
2018-03-30 17:38 - 2014-12-03 23:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-30 16:18 - 2015-09-05 04:43 - 000000000 ____D C:\Users\Raul\AppData\Roaming\vlc
2018-03-26 02:46 - 2018-03-02 03:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-03-26 02:46 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-03-26 02:46 - 2017-09-29 09:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\setup
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-26 02:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-26 02:46 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-26 02:46 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-26 02:46 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\servicing
2018-03-26 02:46 - 2016-05-26 02:06 - 000000000 ___RD C:\Users\Raul\Google Drive
2018-03-26 02:45 - 2018-01-15 22:18 - 000000000 ____D C:\Users\Raul\AppData\Local\CANON_INC
2018-03-26 02:45 - 2017-11-30 23:44 - 000000000 ___RD C:\Users\Raul\3D Objects
2018-03-26 02:45 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-26 02:45 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-26 02:45 - 2016-10-29 17:51 - 000000000 ____D C:\Users\Raul\AppData\Local\Package Cache
2018-03-26 02:45 - 2016-05-30 00:59 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-03-26 02:45 - 2016-04-27 00:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-26 02:45 - 2016-01-24 05:05 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\raidcall
2018-03-26 02:45 - 2015-09-09 03:35 - 000000000 ____D C:\Program Files (x86)\Arc
2018-03-26 02:45 - 2015-09-02 22:49 - 000000000 ____D C:\ProgramData\Origin
2018-03-26 02:45 - 2015-06-04 05:27 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-26 02:20 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SystemApps
2018-03-26 02:15 - 2017-05-31 01:39 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\TheGameBakers
2018-03-26 02:15 - 2016-09-06 03:38 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\Sun
2018-03-26 02:15 - 2016-01-24 05:05 - 000000000 ____D C:\Users\Raul\AppData\LocalLow\RCTW
2018-03-26 02:14 - 2015-09-22 23:55 - 000000000 ____D C:\ProgramData\Apple
 
==================== Files in the root of some directories =======
 
2016-05-26 01:59 - 2016-05-26 01:59 - 000987728 _____ (Google Inc.) C:\Users\Raul\googledrivesync.exe
2015-09-02 14:09 - 2018-04-18 00:06 - 000000165 _____ () C:\Users\Raul\AppData\Roaming\sp_data.sys
2016-02-14 03:19 - 2018-02-14 00:20 - 000007591 _____ () C:\Users\Raul\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-30 19:04
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Raul (18-04-2018 00:16:27)
Running from C:\Users\Raul\Desktop
Windows 10 Home Single Language Version 1709 16299.248 (X64) (2017-12-01 04:44:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2732871966-1470559089-260824378-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2732871966-1470559089-260824378-503 - Limited - Disabled)
Guest (S-1-5-21-2732871966-1470559089-260824378-501 - Limited - Disabled)
Raul (S-1-5-21-2732871966-1470559089-260824378-1001 - Administrator - Enabled) => C:\Users\Raul
WDAGUtilityAccount (S-1-5-21-2732871966-1470559089-260824378-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.1.0 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.05.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.57 - ICEpower a/s)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Brother MFL-Pro Suite MFC-J415W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.2.32.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.2.20.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 0.9.0.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.2.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.15.20.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.24 - NVIDIA Corporation) Hidden
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Git version 2.10.1 (HKLM\...\Git_is1) (Version: 2.10.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{1C41AEAE-7DD5-29D6-FA5F-D1E8A12ECE4E}) (Version: 11.0.760.0 - Mediatek)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.10.24870 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.21 - Overwolf Ltd.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (HKLM-x32\...\{7E08C4EE-B1C7-4138-8227-7CD3837636AA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.55.0 - Ralink)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8264 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version:  - Ubisoft)
Spotify (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 6.0.0.66) (HKLM\...\82D024CBD181D16D72E5AE45A426919815D5F456) (Version: 11/11/2015 6.0.0.66 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2732871966-1470559089-260824378-1001_Classes\CLSID\{815122c0-eab9-44c1-9edb-a3ba6f448a67}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2013-12-18] (Foxit Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-15] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0638DED1-479E-43B9-AAC8-0504B46E0F21} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {07E5270C-CD10-4409-98DA-6CE443D48B4A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {1067DABD-1F64-446F-A76F-DF26DB29A525} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-15] (NVIDIA Corporation)
Task: {10A4833C-404C-4152-9B77-7F26924A79AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
Task: {1F59FB6C-8809-496C-8403-1CC476618ABC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2D4F92B1-BDB3-452A-990E-15A8E5FF6BDF} - System32\Tasks\HP Color LaserJet 3700 PCL 6 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\HP Color LaserJet 3700 PCL 6\HP Color LaserJet 3700 PCL 6.dll",hvBdFw <==== ATTENTION
Task: {2FC750BB-F0FE-4A3A-BEE5-1F2D15D2B440} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-15] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {378F30DE-9023-488B-A314-75453DEF9A65} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-03-25] (Overwolf LTD)
Task: {3A77543D-41E6-4807-8E01-E0926767BE82} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-15] (NVIDIA Corporation)
Task: {3B04003F-70F5-465C-8D34-2996009FF7F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {3D663730-EC51-4735-9202-9E056DC4BA71} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4157B838-5F13-49BA-A20D-F913F28D34CE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-15] (NVIDIA Corporation)
Task: {458EE8EE-2380-42EF-93AF-C3815D861E56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {46646A02-2FEF-495F-994D-84FF7C474F31} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4896C97E-C3F9-426F-AFC5-8DCDA7A840BB} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-03-11] (Realtek Semiconductor)
Task: {4B190456-30D3-46DB-8122-885D36417233} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {51F99B3B-EC40-46CF-828B-04C191A03249} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-26] (Google Inc.)
Task: {52BA367B-D369-4A08-A5E5-C6D01492A052} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-15] (NVIDIA Corporation)
Task: {562D1D55-7FDD-4DFE-97B2-5C7F256CD5A0} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {5CF3B471-309D-4507-9962-17AA15867C57} - System32\Tasks\Driver Booster SkipUAC (Raul) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe [2018-01-29] (IObit)
Task: {5EAD96E3-F7ED-46BA-9B4A-A21C1006D8AF} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-11-05] (ASUS)
Task: {60F627D1-697B-4145-9DF1-314B20CC3677} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-raulss26@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {6627163E-7A10-431E-A235-FEC9B55EDA2A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66F562C3-B80D-44FA-AA71-3E9FA4654E34} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-09] (AVAST Software)
Task: {683F72A1-F99D-429F-82E9-CC945464D7F7} - System32\Tasks\ASC11_SkipUac_Raul => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: {6E4112F8-CC18-46D5-B8BE-312F85B69E0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {6EB9E881-F725-41E4-B8A6-253301AD084B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {769A4952-C7D6-47D1-9A18-988A27FA6C5D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {79071368-D8BF-4C97-B743-864F60A0601E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7CBF9315-8B2D-427C-ACC2-54D34BAAD624} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {7CD157CE-ACA0-4E51-B6AD-B2BC1C1B46D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {86BB638F-F282-4DA4-9234-5516B190FCD0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {8B84ACF4-1BF0-4136-873F-3F96F3571718} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9364BE56-FA4B-464C-ADBD-7C6D35480C1A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
Task: {94B529EF-E291-498D-8E75-8CA16E771414} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-30] (Microsoft Corporation)
Task: {96E84EE5-86E7-4E2C-A265-1D2972A1116F} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {A44E890B-C878-4347-9467-5BDC412E5680} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A654A9BC-49C6-4A54-A8AA-6078157BBFCA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-03-02] (AVAST Software)
Task: {ABD459C1-0476-4935-BCAA-89D8A5DDC200} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {B7F32437-93E5-4BE1-9F53-7E014B542EA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B956F83C-2190-4DA5-99A6-411676AF1679} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-15] (NVIDIA Corporation)
Task: {BCD359D6-E6B4-4D49-B143-6C6DA34BA7CB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {BEF2EE7D-40A7-40F6-89DA-031AA4692709} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-15] (NVIDIA Corporation)
Task: {BF9F0E64-0427-4589-8E17-087351376072} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C2E58D1B-0D61-4F1F-B9FC-30647C40666E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-03-11] (Realtek Semiconductor)
Task: {D0EA648E-8CBE-4B01-97E1-F44E9F2011B3} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {D5432B35-9ACC-4EAE-85D6-E5B527348D61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E2957188-AF1E-4B26-826B-F8D82770751A} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {EB6C5F24-A19B-40F0-B1C4-38B8AF30BBD8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {EC2DB076-4BBE-428B-8B6D-AA619B068BE4} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\WINDOWS\System32\GWX\GWX.exe
Task: {ED2A4F92-6B27-447A-A46F-94EE7ED7083D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-11] (ASUSTek Computer Inc.)
Task: {F0FEC7ED-5175-4EB4-984B-68075128FC80} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {F5A0F676-C749-43CB-92F2-525CB888873C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {FCE3E2A2-FC7C-4E97-93C4-38D786340991} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FFC94CEF-1242-494D-A2A1-724478AF8CDD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-15] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-04 03:40 - 2018-03-15 19:57 - 000544384 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2015-09-03 10:59 - 2017-02-04 03:47 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-09-27 03:26 - 2005-04-21 23:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2018-04-04 03:40 - 2018-03-15 19:57 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-02-14 21:12 - 2018-02-09 23:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-14 21:12 - 2018-02-09 23:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-11-05 14:44 - 2014-11-05 14:44 - 000037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-11-05 14:44 - 2014-11-05 14:44 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2016-03-10 02:14 - 2018-02-10 20:03 - 068505088 _____ () D:\Ubisoft\Ubisoft Game Launcher\libcef.dll
2018-01-05 07:54 - 2018-01-05 07:54 - 040524776 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2018-03-02 03:13 - 000000838 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 b5
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Raul\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: 0257221455953473mcinstcleanup => 2
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: aswbIDSAgent => 3
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: chromoting => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "RaidCall"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2732871966-1470559089-260824378-1001\...\StartupApproved\Run: => "Advanced SystemCare 11"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{669D89C7-081B-42E5-A64A-59D2A994B7A6}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{7F837E10-25AE-41FB-AE9E-E29D7F8F3353}] => (Allow) D:\SteamLibrary\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{85E1AA01-A41A-4F78-A03E-424E117CF8B5}] => (Allow) D:\SteamLibrary\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{68B30EF6-28C5-421C-8A6A-F71BCDCF55D7}] => (Allow) D:\SteamLibrary\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{7A5A3E87-119B-43F3-8DEE-5FCBBE40F84D}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{AC3835A5-7135-4498-A7EE-7BA61FD29D13}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [UDP Query User{2AA286F9-6221-4FCB-8405-F83BD4925423}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{1F03C973-87CC-4384-83CA-99A4283A6DED}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{9416310C-D528-477C-8A82-A5D3350F217A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{920B8733-8856-4343-9218-06AF00FCC80A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A9FF1CA4-385D-410D-BE72-1556874F13D6}] => (Allow) C:\Users\Raul\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F367AC14-2671-4753-92C6-D91AE3044A9E}] => (Allow) C:\Users\Raul\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE59B8E5-86AF-47DC-BD9A-6971D3504892}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{23FFB2A3-DB04-497A-95CD-931D47AD28B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0E854376-2720-48F7-9D97-3EAB4BC1BF3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{0629A3DB-B8B6-473B-9B34-47A5A812747E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [TCP Query User{DC5E039A-07E3-4B77-9628-33E356F15C03}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{86B3DCF8-FE12-4BF8-AFEC-412528DBDAF0}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{0AF2CD5D-082D-423F-ABBA-CFE7239F46AF}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{2B51D9FE-45AC-4993-93AF-0CAB64BEAFDE}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{1E691FAA-381B-47DC-AB77-0E58745F2578}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14838093-413F-49A7-8AEE-B9B78FBAC021}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8F1005EA-9736-4045-BDD0-778282A5BA12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1630E9ED-252E-4DA5-8EB2-C2D7E032E339}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DB802C70-4B68-455A-9FFC-0B0835D50889}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{FAC68D0E-1C6F-491B-9D05-BF263A86091B}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B771867F-BE3A-4478-9E72-156EED12111A}C:\users\raul\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raul\appdata\roaming\spotify\spotify.exe
FirewallRules: [{60694D14-FE75-453F-AE23-BDEF469B8D46}] => (Allow) D:\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{C96A92EC-7BD1-4D8A-BF8F-429773471770}] => (Allow) D:\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [TCP Query User{0A6A5F78-2988-43DE-A009-4C9D087D0630}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{8682D3D2-6275-4617-BBD3-A35A906703E7}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{37DC6022-040D-4D3D-B915-9C6943756464}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{96D37877-2532-45F5-93CB-70A6C28A2F0F}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E226CE38-ED5A-44A9-9DB1-BA5121DFE81E}] => (Allow) D:\SteamLibrary\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{A6162D30-56C2-43E5-AD5D-D3CD05F86DD7}] => (Allow) D:\SteamLibrary\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{201ED956-F07B-4710-8E77-C4FCFFA65B19}] => (Allow) D:\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{AD3F9614-B4A3-484C-A5B8-963E60A8C843}] => (Allow) D:\SteamLibrary\steamapps\common\Special Edition\DevilMayCry4SpecialEdition.exe
FirewallRules: [{43AB2731-BBE7-47A7-8DC2-8162F4593E69}] => (Allow) LPort=54925
FirewallRules: [{3B08008A-A2B2-4C6D-86C8-698CCDC7EC0D}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{6BC75D3D-20D8-41D2-A556-44F12CC0CDDB}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{2B30DDB3-CA1F-495F-ADB4-5BD18D5D3294}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{72A0A7FE-1FCD-488F-8580-64A05CFA8D39}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{2BFB0498-7425-486B-AC2F-1674166B831C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{07BFB8CE-AF80-4F60-93D1-94575BFC87B1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B434BD9C-D51F-4BD2-88D9-AB297C30BA66}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{898E9607-8C55-4721-B26F-58816B86F1A9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CFD7075C-EA39-4D73-9C59-8879D2FCE8B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F0F01366-EB9D-46EF-B77F-DDE5E89E0433}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{E286D85A-7325-4F3B-B3C5-0C42E9AC2592}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{F35C70E7-D2C1-4B6D-B25F-027A7891276C}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{A8747CC3-100C-4B2B-ADBD-225B9B97C0C7}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{DCB737C5-63F0-46FF-933F-C2E27B327BD2}D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{D36ED5CF-A8B0-4FF3-9143-5DF9E67A901B}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{B614B491-0B3A-4F15-B747-357DC85F626C}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{BF69D2CA-2C5D-4A8B-96A4-CBA67D7C2877}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{D874FAFF-8758-4CDE-A3F4-6D3610F08438}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{C6572790-4C41-4C69-BE39-08F4E07A68CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{2ABA410A-0F4E-48C1-9749-BD5AB2386A9C}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{59750762-E80E-4715-BD24-9EEB6E18C463}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{D7510764-F2C8-4938-9B75-F25447B14B90}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A8A9DBCE-C2BF-4370-BC0F-1115E6DEC0D3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{E47122E5-5002-473C-9B3E-30D8C56ACEC7}] => (Allow) D:\SteamLibrary\steamapps\common\Furi\Furi.exe
FirewallRules: [{DC54C6B2-54C4-4621-A782-8EE64F9BBD2D}] => (Allow) D:\SteamLibrary\steamapps\common\Furi\Furi.exe
FirewallRules: [{0CB90A80-AD2D-4B9F-8F0E-12F705313C77}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{20A598AA-2FC3-4797-A395-414C6A6DD812}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{92D634FC-182A-4BD4-A110-6FB08A388D8E}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{68D571D7-3498-4706-9591-959344AE725C}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{714EA223-A684-4E56-99DE-D1CC368A6A5C}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{64AAA4ED-81E0-4D81-93E3-E9A8AD4946BE}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{B694F55E-5A96-4BD8-A4C8-AA820D8FFBF6}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{2F314294-2D17-4940-BB8B-E83240B61483}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{083675F0-2C5F-4A96-8E4A-189965EB1CB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{FF9B1B71-51B0-4D56-B895-81396C3481C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bayonetta\Bayonetta.exe
FirewallRules: [{7995B5E4-4956-494A-8056-81CCE56C48D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{AA47ABE1-1978-489E-AF62-977E2EA49DCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{2A4D73DB-708F-4AA0-BD21-2CCAA0DC9403}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{CD2610A4-843D-40CD-8E06-BF327EAB2DBF}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{2141D904-74F3-4A6D-9281-B0B52F6B7B87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{D6C04AB1-0685-4E29-8855-4C8270AF47FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{5AB2D560-8707-459B-9BE0-CFFB54AF7AEF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{71206385-9AFE-4916-899F-9DD89C71FA3A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{AB00D6F2-16EA-45E4-AF66-95F7BF144707}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{BE1EB300-E367-45AD-A555-1666210EAA25}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{D9EC03E3-2A95-4C87-8120-0DFF22478F83}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{1EF657C4-914B-4079-8B90-CE8DE26557AC}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{BC96237A-D13A-448E-8D24-A566B2D4C111}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{7F69B000-9A24-4B72-BC3D-76A685C9EECB}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe
FirewallRules: [{EC0E5208-BB40-4864-8076-78F36046B431}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe
FirewallRules: [{4210BA33-F68E-440E-A710-C12923D33ABD}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{8ED5E534-8E36-4079-A630-6BA7B268FFE8}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{7AF831B1-53BB-4D71-A990-73E9368D12AC}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{34A9BB9E-3C4F-40E9-93EB-C056E292C171}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{CAB2F28F-31FB-47E9-86B2-EEEDF148E410}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{3BDC9378-A2F0-4ADE-82EE-F20FD7C842CC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{56653246-5921-4B42-A849-4115FBD8A3BD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{86A39A7B-5AF6-48AD-B5D3-D31E654DFB64}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{59293B44-EDFB-4180-B61D-831E10489B54}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{B3B67005-7F86-4128-A9E5-CCDEBD284675}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4E59E985-3162-4F24-BDC4-67CB92F728D5}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
FirewallRules: [{12FA2C9D-5DB3-4508-AA81-4C120AF1A882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{760CD905-8BEB-4D95-9FC6-1B2D131FBECD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{40C04F75-4FE7-4F6E-B8B4-10CEFF6E2CD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7ECC2A55-10D4-4E27-BE8F-A071F6100571}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E0F07092-5BF9-4909-BB9C-15DC0C588F22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{23E6AC8C-7C02-4157-B292-740C51E78702}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C0169721-B44E-4DF1-8090-BCFF69CAFF37}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{095B254E-5AD9-4C88-B4E6-2009BE6FF091}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{1F4F2E97-91DC-449F-A032-A0448D0BF048}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{A6F0EDBD-4CAB-4DEF-86CD-D713823E7FEA}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
 
==================== Restore Points =========================
 
04-04-2018 02:22:39 Windows Update
18-04-2018 00:09:40 Windows Update
18-04-2018 00:10:19 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/18/2018 12:05:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (04/18/2018 12:01:21 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
Error: (04/18/2018 12:01:17 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (04/18/2018 12:01:07 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Error: (04/12/2018 08:46:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\esetsmartinstaller_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_15ced204935f55d7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_5d7c08dba7db7edd.manifest.
 
Error: (04/12/2018 12:18:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (04/12/2018 12:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0x848
Faulting application start time: 0x01d3d21d7f30cc44
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 161d8f79-beb6-472c-a2c2-845eeba7966a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/12/2018 12:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1429, time stamp: 0x5ab557c4
Faulting module name: Qt5Core.dll, version: 5.6.3.0, time stamp: 0x5a61293e
Exception code: 0xc0000005
Fault offset: 0x001aa816
Faulting process id: 0x85c
Faulting application start time: 0x01d3d21d7ebbea8a
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 70f6a36a-8d2b-44e4-a169-039bd1774357
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/18/2018 12:10:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f082f: 2018-04 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4093110).
 
Error: (04/18/2018 12:09:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/18/2018 12:03:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (04/18/2018 12:01:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/17/2018 11:59:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/17/2018 11:59:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/17/2018 11:59:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemUsageReportSvc_QUEENCREEK service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/17/2018 11:59:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemUsageReportSvc_QUEENCREEK service to connect.
 
 
Windows Defender:
===================================
Date: 2018-03-02 01:50:57.161
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-02 01:50:35.727
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-02 01:49:48.488
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-03-02 01:48:56.406
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Patcher
ID: 2147659947
Severity: Medium
Category: Tool
Path: file:_C:\Users\Raul\Desktop\Phosotopshop\[oxtorrent.com] Adobe.Photoshop.CC.2018.v19.0.0.165.Multilingual.FRENCH.WIN64-KAYPA\amtemu.v0.9.2-painter.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Raul\AppData\Roaming\uTorrent\uTorrent.exe
Signature Version: AV: 1.263.46.0, AS: 1.263.46.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-01-31 14:49:22.460
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {95BBA354-DD9C-4F16-BCF4-126E971562BB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-02-19 08:29:46.391
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-02-19 08:28:46.112
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.1319.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-01-31 14:31:57.311
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.441.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-31 14:31:57.311
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
Date: 2018-01-31 14:31:56.430
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.261.441.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
CodeIntegrity:
===================================
 
Date: 2018-03-02 02:43:41.313
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:43:41.312
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:40:46.914
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:40:46.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:48.081
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:48.079
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:40.360
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-03-02 02:35:40.359
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 12189.83 MB
Available physical RAM: 8941.94 MB
Total Virtual: 24989.83 MB
Available Virtual: 21842.4 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:104.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:542.8 GB) (Free:71.01 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:6.88 GB) FAT32
 
\\?\Volume{42b5899e-929f-4a47-8005-f9a899c0782e}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{6b024e34-ada4-48b4-bb82-4c5a7e6f11ae}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{efcc7097-5f01-4632-92cc-2d3f97865b62}\ (Restore) (Fixed) (Total:15.01 GB) (Free:2.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81F37948)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by SYSTEM (17-04-2018 23:56:48) Run:1
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION 
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION 
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION 
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION 
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION 
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION 
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION 
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION 
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION 
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION 
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION 
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION 
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION 
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION 
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION 
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION 
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION 
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION 
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION 
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION 
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION 
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION 
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION 
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION 
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION 
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION 
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION 
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION 
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION 
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION 
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION 
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION 
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION 
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION 
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION 
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION 
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION 
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION 
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION 
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION 
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION 
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION 
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION 
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION 
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION 
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION 
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION 
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION 
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION 
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION 
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION 
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION 
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION 
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION 
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION 
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION 
R5 pbbpquwj;  <==== ATTENTION: Locked Service 
C:\WINDOWS\system32\drivers\uconkbhm.sys ->
*****************
 
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138" => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\System\ControlSet001\Services\pbbpquwj" => removed successfully
pbbpquwj => service removed successfully
"C:\WINDOWS\system32\drivers\uconkbhm.sys ->" => not found
 
==== End of Fixlog 23:56:49 ====
 
I apologize but I cannot find the frst from recovery mode should i run it again or would that have affected it?


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:13 PM

Posted 18 April 2018 - 06:58 PM

Nice logs.
  • Highlight the entire content of the quote box below.

Start::
FirewallRules: [{43AB2731-BBE7-47A7-8DC2-8162F4593E69}] => (Allow) LPort=54925
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0638DED1-479E-43B9-AAC8-0504B46E0F21} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1F59FB6C-8809-496C-8403-1CC476618ABC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2D4F92B1-BDB3-452A-990E-15A8E5FF6BDF} - System32\Tasks\HP Color LaserJet 3700 PCL 6 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\HP Color LaserJet 3700 PCL 6\HP Color LaserJet 3700 PCL 6.dll",hvBdFw <==== ATTENTION
Task: {3D663730-EC51-4735-9202-9E056DC4BA71} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {46646A02-2FEF-495F-994D-84FF7C474F31} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4B190456-30D3-46DB-8122-885D36417233} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6627163E-7A10-431E-A235-FEC9B55EDA2A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6EB9E881-F725-41E4-B8A6-253301AD084B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {769A4952-C7D6-47D1-9A18-988A27FA6C5D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {79071368-D8BF-4C97-B743-864F60A0601E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B84ACF4-1BF0-4136-873F-3F96F3571718} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A44E890B-C878-4347-9467-5BDC412E5680} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B7F32437-93E5-4BE1-9F53-7E014B542EA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BF9F0E64-0427-4589-8E17-087351376072} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {D5432B35-9ACC-4EAE-85D6-E5B527348D61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FCE3E2A2-FC7C-4E97-93C4-38D786340991} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
32\NvRtmpStreamer64.dll
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
 
 
RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Heather106

Heather106
  • Topic Starter

  • Members
  • 15 posts
  • ONLINE
  •  
  • Local time:06:13 PM

Posted Today, 05:55 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by Raul (20-04-2018 16:26:14) Run:2
Running from C:\Users\Raul\Desktop
Loaded Profiles: Raul (Available Profiles: Raul)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
FirewallRules: [{43AB2731-BBE7-47A7-8DC2-8162F4593E69}] => (Allow) LPort=54925
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0638DED1-479E-43B9-AAC8-0504B46E0F21} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1F59FB6C-8809-496C-8403-1CC476618ABC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2D4F92B1-BDB3-452A-990E-15A8E5FF6BDF} - System32\Tasks\HP Color LaserJet 3700 PCL 6 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\HP Color LaserJet 3700 PCL 6\HP Color LaserJet 3700 PCL 6.dll",hvBdFw <==== ATTENTION
Task: {3D663730-EC51-4735-9202-9E056DC4BA71} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {46646A02-2FEF-495F-994D-84FF7C474F31} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4B190456-30D3-46DB-8122-885D36417233} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6627163E-7A10-431E-A235-FEC9B55EDA2A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6EB9E881-F725-41E4-B8A6-253301AD084B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {769A4952-C7D6-47D1-9A18-988A27FA6C5D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {79071368-D8BF-4C97-B743-864F60A0601E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B84ACF4-1BF0-4136-873F-3F96F3571718} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A44E890B-C878-4347-9467-5BDC412E5680} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B7F32437-93E5-4BE1-9F53-7E014B542EA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BF9F0E64-0427-4589-8E17-087351376072} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {D5432B35-9ACC-4EAE-85D6-E5B527348D61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FCE3E2A2-FC7C-4E97-93C4-38D786340991} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
32\NvRtmpStreamer64.dll
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43AB2731-BBE7-47A7-8DC2-8162F4593E69}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0638DED1-479E-43B9-AAC8-0504B46E0F21}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0638DED1-479E-43B9-AAC8-0504B46E0F21}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F59FB6C-8809-496C-8403-1CC476618ABC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F59FB6C-8809-496C-8403-1CC476618ABC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2D4F92B1-BDB3-452A-990E-15A8E5FF6BDF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D4F92B1-BDB3-452A-990E-15A8E5FF6BDF}" => removed successfully
C:\WINDOWS\System32\Tasks\HP Color LaserJet 3700 PCL 6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Color LaserJet 3700 PCL 6" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D663730-EC51-4735-9202-9E056DC4BA71}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D663730-EC51-4735-9202-9E056DC4BA71}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46646A02-2FEF-495F-994D-84FF7C474F31}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46646A02-2FEF-495F-994D-84FF7C474F31}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B190456-30D3-46DB-8122-885D36417233}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B190456-30D3-46DB-8122-885D36417233}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6627163E-7A10-431E-A235-FEC9B55EDA2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6627163E-7A10-431E-A235-FEC9B55EDA2A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EB9E881-F725-41E4-B8A6-253301AD084B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EB9E881-F725-41E4-B8A6-253301AD084B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{769A4952-C7D6-47D1-9A18-988A27FA6C5D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{769A4952-C7D6-47D1-9A18-988A27FA6C5D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79071368-D8BF-4C97-B743-864F60A0601E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79071368-D8BF-4C97-B743-864F60A0601E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B84ACF4-1BF0-4136-873F-3F96F3571718}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B84ACF4-1BF0-4136-873F-3F96F3571718}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A44E890B-C878-4347-9467-5BDC412E5680}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44E890B-C878-4347-9467-5BDC412E5680}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B7F32437-93E5-4BE1-9F53-7E014B542EA8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7F32437-93E5-4BE1-9F53-7E014B542EA8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF9F0E64-0427-4589-8E17-087351376072}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF9F0E64-0427-4589-8E17-087351376072}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5432B35-9ACC-4EAE-85D6-E5B527348D61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5432B35-9ACC-4EAE-85D6-E5B527348D61}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCE3E2A2-FC7C-4E97-93C4-38D786340991}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE3E2A2-FC7C-4E97-93C4-38D786340991}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
32\NvRtmpStreamer64.dll => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 110904310 B
Java, Flash, Steam htmlcache => 643095192 B
Windows/system/drivers => 8887063 B
Edge => 10212 B
Chrome => 25259551 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 25179 B
systemprofile32 => 0 B
LocalService => 1642 B
NetworkService => 0 B
Raul => 240697664 B
 
RecycleBin => 4412 B
EmptyTemp: => 991.2 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-04-2018 16:29:06)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
 
==== End of Fixlog 16:29:06 ====
 
RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Gratuito) por Adlice Software
Realimentación : https://forum.adlice.com
 
Sistema Operativo : Windows 10 (10.0.16299) 64 bits version
Comenzado en : Modo Normal
Usuario : Raul [Administrador]
Iniciado desde : C:\Users\Raul\Desktop\RogueKiller_portable64.exe
Modo : Borrar -- Fecha : 04/20/2018 17:11:08 (Duración : 00:41:43)
 
¤¤¤ Procesos : 1 ¤¤¤
[Proc.Injected] explorer.exe(5064) -- C:\Windows\explorer.exe[7] -> Terminado [TermProc]
 
¤¤¤ Registro : 3 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2732871966-1470559089-260824378-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2732871966-1470559089-260824378-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dda22f55-c0a4-41f6-b7a6-92c7d1f035af} | DhcpNameServer : 172.16.3.19 ([])  -> Reemplazado ()
 
¤¤¤ Tareas : 0 ¤¤¤
 
¤¤¤ Archivos : 13 ¤¤¤
[BitMiner.Gen0][Archivo] C:\Applications\websock.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\Raul\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Borrado
[PUP.Gen1][Carpeta] C:\Users\Raul\AppData\Local\Orlando -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\Compat.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\DeviceProfiles.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\Engine.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\Game.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\GameplayTags.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\GameUserSettings.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\Input.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\Lightmass.ini -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor\Scalability.ini -> Borrado
[PUP.Gen1][Carpeta] C:\Users\Raul\AppData\Local\Orlando\Saved\Config\WindowsNoEditor -> Borrado
[PUP.Gen1][Carpeta] C:\Users\Raul\AppData\Local\Orlando\Saved\Config -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\HardwareSurvey\dxdiag.txt -> Borrado
[PUP.Gen1][Carpeta] C:\Users\Raul\AppData\Local\Orlando\Saved\HardwareSurvey -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\SaveGames\Achievements.sav -> Borrado
[PUP.Gen1][Archivo] C:\Users\Raul\AppData\Local\Orlando\Saved\SaveGames\Progression.sav -> Borrado
[PUP.Gen1][Carpeta] C:\Users\Raul\AppData\Local\Orlando\Saved\SaveGames -> Borrado
[PUP.Gen1][Carpeta] C:\Users\Raul\AppData\Local\Orlando\Saved -> Borrado
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Archivo Hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
 
¤¤¤ Exploradores Web : 0 ¤¤¤
 
¤¤¤ Comprobacion MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] 3b91e60cdfeb83917ffc1971baa204a3
[BSP] c04aa0f2df8f23e992e882afe08b7906 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 381546 MB
4 - Basic data partition | Offset (sectors): 783718400 | Size: 555824 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1922045952 | Size: 15370 MB
User = LL1 ... OK
User = LL2 ... OK
 


#9 Heather106

Heather106
  • Topic Starter

  • Members
  • 15 posts
  • ONLINE
  •  
  • Local time:06:13 PM

Posted Today, 05:56 PM

His pc is partially spanish and I couldn´t figure out how to change it to english, if that is a problem please let me know.






4 user(s) are reading this topic

2 members, 2 guests, 0 anonymous users


    bwv848, Heather106