Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkillable Virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 biggiecheese

biggiecheese

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 01 May 2018 - 10:38 PM

Hello all. About 3 weeks ago I was infected with an extremely annoying virus. I don't know how I got it.

It seems to have disguised itself as many Windows Processes, and therefore cannot be removed. Other .exe files from this virus are hidden in a folder, and if I try to access it, all I get is an error saying "Access Denied." 

If I look into Task Manager, many "Windows Process Manager" processes are eating up 80 percent of my CPU at all times during startup. If I go to the file location, I get an "Access Denied". Ending the task also results in the same error. 

With this virus, I cannot:

1. Reset my PC, when I click on "Get Started" nothing happens.

2. Play any resource demanding games, huge FPS drops occur now due to the high CPU usage from the virus. 

3. Watch Youtube videos comfortably, they often load slowly, and freeze multiple times. 

4. Use Command Prompt/Powershell/MoveonBoot to end these processes, not even as admin.

5. Run any sort of antivirus, it either crashes or does not detect it. 

 

 

Some more useful information:

1. When I go to "Details" for this Windows Process Manager virus, I see a .exe file called "nvirgek.exe", posted below. 

2. The folder that "nvirgek.exe" is located in is called "reeibgh", and in my task manager I also see that there is a .exe file called "reeibgh", but is disguising as a print driver host. The folder, like said before, cannot be accessed. 

3. Other shady processes are posted below. 

4. When trying to look at the "Security" tab for this "reeibgh" folder I cannot read the permissions, even though I am this computer's administrator. 

 

I know I can fix this by booting from a flash drive, but I want to see if there is anything else I can do before I have to reset using advanced startup. I have lots of games and other files saved on my computer that I would not like to re-download. 

 

Thanks for the help.

Attached Files


Edited by biggiecheese, 01 May 2018 - 10:44 PM.


BC AdBot (Login to Remove)

 


#2 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 AM

Posted 02 May 2018 - 12:28 AM

Before we do anything I'd like to get a bit more information, to see if you've got what I think you've got.
 
So please do the following ....
  • If your computer is 32 bit Download FRST to your Desktop.
  • If it's 64 bit Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.


#3 biggiecheese

biggiecheese
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 02 May 2018 - 08:22 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018
Ran by maxvh (administrator) on BEST (02-05-2018 06:19:41)
Running from C:\Users\maxvh\Downloads
Loaded Profiles: maxvh (Available Profiles: maxvh & Administrator)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\vsswdgzsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Farbar) C:\Users\maxvh\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [exemptions] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKLM\...\Run: [exemptionsgaultier] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [unsubtle] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKLM-x32\...\Run: [unsubtleluxembourg] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Google Update] => C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Discord] => C:\Users\maxvh\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Spotify] => C:\Users\maxvh\AppData\Roaming\Spotify\Spotify.exe [22454160 2018-04-03] (Spotify Ltd)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [luxembourg] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [luxembourgunsubtle] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [luxembourgluxembourg] => "C:\Program Files (x86)\Fina\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [gaultier] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [gaultierexemptions] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [gaultiergaultier] => "C:\Program Files (x86)\Fina\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [capitalistic] => "C:\Program Files (x86)\coolant\capitalistic.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [fadlallah] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Gaijin.Net Agent] => C:\Users\maxvh\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2116168 2018-01-22] (Gaijin Entertainment)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Spotify Web Helper] => C:\Users\maxvh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-03] (Spotify Ltd)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\MountPoints2: {3d731859-4690-11e8-989a-f48c50c05642} - "E:\LaunchU3.exe" 
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\MountPoints2: {3d73187e-4690-11e8-989a-f48c50c05642} - "E:\LaunchU3.exe" 
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\internet explorer\iexplore.exe -restart /WERRESTART <==== ATTENTION
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdijdvev.lnk [2018-03-22]
ShortcutTarget: bdijdvev.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\siding.lnk [2018-03-22]
ShortcutTarget: siding.lnk -> C:\Program Files (x86)\Antonovich\wolfgang.exe (No File)
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidingsiding.lnk [2018-03-22]
ShortcutTarget: sidingsiding.lnk -> C:\Program Files (x86)\entails\permitted.exe (No File)
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-02-15]
ShortcutTarget: Twitch.lnk -> C:\Users\maxvh\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2a62609e-fb7c-4c7d-b0a3-55f978db5ba1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{83333052-3835-4821-9324-52b953259e75}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ea35a717-84de-4cdb-afde-5fd53bd4a3de}: [DhcpNameServer] 172.17.128.24
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-31] (Oracle Corporation)
BHO-x32: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-31] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001 -> hxxp://bing.com/
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2018-04-25]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\maxvh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @talk.google.com/O1DPlugin -> C:\Users\maxvh\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @tools.google.com/Google Update;version=3 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @tools.google.com/Google Update;version=9 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\maxvh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\maxvh\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default [2018-05-02]
CHR Extension: (Slides) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-13]
CHR Extension: (YouTube) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-13]
CHR Extension: (Adblock Plus) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-27]
CHR Extension: (Sheets) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Adblocker for Youtube™) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcpkohnhcheajaneelkpaiebgkbdafmi [2018-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-15]
CHR Extension: (Save to Google Drive) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-01-11]
CHR Extension: (diep.io) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpllkpbhkocdjeakcpknppngdnodnmgn [2017-08-31]
CHR Extension: (idiots.win) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmlbggbmchnffeifgapbcodkijoplohn [2017-08-31]
CHR Extension: (DrawThis.io!) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmmkmpcdolknhdjmdckbbaclgciikgk [2017-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR Profile: C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-03-22]
CHR Extension: (__MSG_appName__) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\gcpkohnhcheajaneelkpaiebgkbdafmi [2018-03-22]
CHR Extension: (No Name) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR Profile: C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-22]
CHR Extension: (__MSG_appName__) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gcpkohnhcheajaneelkpaiebgkbdafmi [2018-03-22]
CHR Extension: (No Name) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Adblocker for Youtube™) - C:\Users\maxvh\AppData\Roaming\Opera Software\Opera Stable\Extensions\kedpicenkkndemblkfpnngmcihdfhndn [2018-03-22]
OPR Extension: (Quick Searcher) - C:\Users\maxvh\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\hnilrbpe <==== ATTENTION (Rootkit!)
 
S2 72bc99a690813ca8ff9d5e778ea01e06; C:\WINDOWS\72bc99a690813ca8ff9d5e778ea01e06.dll [2150400 2018-03-22] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S4 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [15288 2016-12-16] (ASUS)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-24] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566440 2018-04-23] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2215168 2016-10-31] (Intel Corporation)
S4 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-12] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [181520 2016-09-08] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
S4 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel Corporation)
S4 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-13] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-13] (Microsoft Corporation)
S4 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
S2 0280061521839785mcinstcleanup; C:\Users\maxvh\AppData\Local\Temp\028006~1.EXE -cleanup -nolog [X] <==== ATTENTION
S2 cfa69096c170645ce9128bafeb108737; "C:\Program Files\cfa69096c170645ce9128bafeb108737\5437b4505aa430c9c5e94111cbe717f8.exe" [X]
S3 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\WINDOWS\system32\DRIVERS\ASMMAP64.sys [36696 2016-04-27] (ASUSTek Computer Inc.)
R3 AsusHFilter; C:\WINDOWS\System32\drivers\AsusHFilter.sys [30200 2016-12-22] ()
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [107008 2016-09-01] (ASUS Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66616 2016-10-31] (Intel Corporation)
U4 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [807112 2018-05-01] (EasyAntiCheat Oy)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-31] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUS)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [723728 2016-09-08] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-08-18] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-03-23] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S4 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation)
S4 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-14] (The OpenVPN Project)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3146760 2016-09-13] (Realtek Semiconductor Corp.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [211704 2018-01-15] (Oracle Corporation)
U5 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138432 2017-09-13] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-13] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-13] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-04-09] (Zemana Ltd.)
S1 05fe4151663018e99e0a6adc039ec2b3; \??\C:\WINDOWS\system32\drivers\05fe4151663018e99e0a6adc039ec2b3.sys [X]
S4 bcngr; System32\drivers\tichwblo.sys [X]
S3 DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
S3 twzcgj; system32\drivers\zcfjmp.sys [X]
R3 vybfil; system32\drivers\beilos.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-02 06:19 - 2018-05-02 06:19 - 002405888 _____ (Farbar) C:\Users\maxvh\Downloads\FRST64 (1).exe
2018-05-02 06:19 - 2018-05-02 06:19 - 000032247 _____ C:\Users\maxvh\Downloads\FRST.txt
2018-05-01 21:44 - 2018-05-01 21:44 - 000000267 _____ C:\Users\maxvh\Desktop\Clustertruck.url
2018-05-01 21:44 - 2018-05-01 21:44 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games
2018-05-01 21:40 - 2018-05-01 21:40 - 000000000 ____D C:\Program Files (x86)\Twitch
2018-05-01 21:34 - 2018-05-01 21:34 - 005800224 _____ (Enigma Software Group USA, LLC.) C:\Users\maxvh\Downloads\SpyHunter-Installer.exe
2018-05-01 21:27 - 2018-05-02 06:19 - 000000000 ____D C:\FRST
2018-05-01 21:27 - 2018-05-01 21:27 - 002405888 _____ (Farbar) C:\Users\maxvh\Downloads\FRST64.exe
2018-05-01 07:06 - 2018-05-01 07:06 - 000000000 ____D C:\Users\maxvh\AppData\Local\lsckutd
2018-05-01 07:03 - 2018-05-01 07:03 - 000142672 ____N C:\WINDOWS\system32\Drivers\wiehkoru.sys
2018-05-01 06:46 - 2018-05-01 06:46 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\EasyAntiCheat
2018-04-30 20:01 - 2018-04-30 20:01 - 000000000 ____D C:\Users\maxvh\AppData\Local\nvowmih
2018-04-28 22:40 - 2018-04-28 22:40 - 000000000 ____D C:\Users\maxvh\AppData\Local\zamgbdo
2018-04-28 17:47 - 2018-04-28 17:47 - 000000000 ____D C:\ProgramData\Emsisoft
2018-04-28 17:46 - 2018-04-28 22:32 - 000000000 ____D C:\EEK
2018-04-28 17:40 - 2018-04-28 17:46 - 328383888 _____ C:\Users\maxvh\Downloads\EmsisoftEmergencyKit.exe
2018-04-28 17:11 - 2018-04-28 17:11 - 005636696 _____ (Gaijin Entertainment ) C:\Users\maxvh\Downloads\wt_launcher_1.0.3.100 (1).exe
2018-04-28 14:40 - 2018-04-28 14:40 - 000000000 ____D C:\Users\maxvh\AppData\Local\Skyrim Special Edition
2018-04-28 14:38 - 2018-04-28 14:38 - 000000000 ____D C:\Users\maxvh\AppData\Local\zadxcuw
2018-04-28 14:22 - 2018-04-28 14:22 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\EMCO
2018-04-28 14:21 - 2018-04-28 14:22 - 054054384 _____ (EMCO Software) C:\Users\maxvh\Downloads\MoveOnBootSetup.exe
2018-04-28 14:15 - 2018-04-28 14:15 - 000000000 ____D C:\Users\maxvh\AppData\Local\dwdhazx
2018-04-28 14:01 - 2018-04-28 14:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\416746D2.sys
2018-04-28 14:00 - 2018-04-28 14:11 - 000000000 ____D C:\Users\maxvh\Desktop\mbar
2018-04-28 14:00 - 2018-04-28 14:00 - 014161479 _____ C:\Users\maxvh\Downloads\mbar-1.10.3.1001-nr (1).exe
2018-04-27 21:18 - 2018-04-27 21:18 - 000000919 _____ C:\Users\maxvh\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk
2018-04-27 21:18 - 2018-04-27 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition
2018-04-27 19:29 - 2018-04-27 19:29 - 000000000 ____D C:\Users\maxvh\AppData\Local\nvdrtme
2018-04-27 19:28 - 2018-04-27 19:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-04-27 18:39 - 2018-04-27 18:40 - 002011760 _____ (WiperSoft) C:\Users\maxvh\Downloads\WiperSoft-installer.exe
2018-04-26 15:31 - 2018-04-26 15:31 - 000000000 ____D C:\Users\maxvh\AppData\Local\lsieprm
2018-04-26 07:43 - 2018-04-28 14:13 - 000000000 ____D C:\Program Files\Reimage
2018-04-26 07:43 - 2018-04-28 11:27 - 000000140 _____ C:\WINDOWS\Reimage.ini
2018-04-26 07:43 - 2018-04-26 07:43 - 000605424 _____ (Reimage) C:\Users\maxvh\Downloads\ReimageRepair.exe
2018-04-25 21:28 - 2018-04-25 21:46 - 000000000 ___HD C:\$SysReset
2018-04-25 21:28 - 2018-04-25 21:28 - 000000000 ____D C:\$Windows.~BT
2018-04-25 20:59 - 2018-04-25 20:59 - 000000000 ____D C:\Users\maxvh\AppData\Local\seodvzw
2018-04-25 13:03 - 2018-04-25 13:03 - 000000000 ____D C:\Users\maxvh\AppData\Local\psivuer
2018-04-25 06:44 - 2018-04-25 06:44 - 000000000 ____D C:\Users\maxvh\AppData\Local\psmhotu
2018-04-24 21:37 - 2018-04-24 21:37 - 000034476 _____ C:\TDSSKiller.3.1.0.17_24.04.2018_21.37.16_log.txt
2018-04-24 21:36 - 2018-04-24 21:37 - 004949824 _____ (AO Kaspersky Lab) C:\Users\maxvh\Downloads\tdsskiller.exe
2018-04-24 20:48 - 2018-04-24 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-04-24 20:48 - 2018-04-24 20:48 - 000000000 ____D C:\Program Files\qBittorrent
2018-04-24 20:46 - 2018-04-24 20:47 - 022476558 _____ (The qBittorrent project) C:\Users\maxvh\Downloads\qbittorrent_4.0.4_x64_setup.exe
2018-04-24 06:30 - 2018-04-24 06:30 - 000000000 ____D C:\Users\maxvh\AppData\Local\pcbnwze
2018-04-23 06:27 - 2018-04-23 06:27 - 000000000 ____D C:\Users\maxvh\AppData\Local\exabizk
2018-04-22 17:51 - 2018-04-22 17:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\svmgcxi
2018-04-22 17:37 - 2018-04-22 17:37 - 000000000 ____D C:\Users\maxvh\AppData\Local\reezoug
2018-04-22 09:59 - 2018-04-22 09:59 - 000000000 ____D C:\Users\maxvh\AppData\Local\svkzxet
2018-04-22 09:49 - 2018-04-22 09:49 - 000000000 ____D C:\Users\maxvh\AppData\Local\rargskz
2018-04-22 09:46 - 2018-04-22 09:46 - 000000000 ____D C:\Users\maxvh\AppData\Local\rtkexvh
2018-04-21 22:31 - 2018-04-21 22:31 - 000000000 ____D C:\Users\maxvh\AppData\Local\scadumg
2018-04-21 22:24 - 2018-04-21 22:24 - 000000000 ____D C:\Users\maxvh\AppData\Local\nvkpbst
2018-04-21 22:23 - 2018-05-01 09:16 - 000088793 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-21 22:19 - 2018-04-21 22:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\wmcagent
2018-04-21 22:16 - 2018-04-21 22:16 - 000003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-04-21 22:16 - 2018-04-21 22:16 - 000002389 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-21 22:15 - 2018-04-28 14:11 - 000000000 ____D C:\Users\Administrator\AppData\Local\seetzwh
2018-04-21 22:15 - 2018-04-21 22:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\kingsoft
2018-04-21 22:15 - 2018-04-21 22:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\rahpwgi
2018-04-21 22:15 - 2018-04-21 22:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2018-04-21 22:14 - 2018-04-25 21:47 - 000000000 ____D C:\Users\Administrator
2018-04-21 22:14 - 2018-04-21 22:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-04-21 22:14 - 2018-04-21 22:14 - 000000258 __RSH C:\Users\Administrator\ntuser.pol
2018-04-21 22:14 - 2018-04-21 22:14 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-04-21 22:13 - 2018-04-21 22:13 - 000000000 ____D C:\Users\maxvh\AppData\Local\sihzpcu
2018-04-21 21:54 - 2018-04-21 21:54 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-21 21:54 - 2018-04-21 21:54 - 000002848 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-21 21:54 - 2018-04-21 21:54 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-21 21:54 - 2018-04-21 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-21 21:54 - 2018-04-21 21:54 - 000000000 ____D C:\Program Files\CCleaner
2018-04-21 21:52 - 2018-04-21 21:54 - 015333512 _____ (Piriform Ltd) C:\Users\maxvh\Downloads\ccsetup541.exe
2018-04-21 21:10 - 2018-04-28 13:52 - 000000000 ____D C:\Users\maxvh\AppData\Local\WarThunder
2018-04-21 21:10 - 2018-04-21 21:10 - 000002031 _____ C:\Users\maxvh\Desktop\WarThunder.lnk
2018-04-21 21:10 - 2018-04-21 21:10 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2018-04-21 21:10 - 2018-04-21 21:10 - 000000000 ____D C:\Users\maxvh\AppData\Local\Gaijin
2018-04-21 21:09 - 2018-04-21 21:10 - 005636696 _____ (Gaijin Entertainment ) C:\Users\maxvh\Downloads\wt_launcher_1.0.3.100.exe
2018-04-20 18:26 - 2018-04-20 18:26 - 000000000 ____D C:\Users\maxvh\AppData\Local\ussedrk
2018-04-15 11:10 - 2018-04-15 11:10 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-15 11:10 - 2017-12-08 15:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-04-15 11:10 - 2017-12-08 15:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-04-15 11:10 - 2017-12-08 15:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-04-15 11:10 - 2017-12-08 15:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-04-15 10:59 - 2018-04-15 11:00 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-04-15 10:59 - 2018-04-15 10:59 - 002314240 _____ C:\Users\maxvh\Downloads\MinecraftInstaller.msi
2018-04-15 10:59 - 2018-04-15 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2018-04-14 17:29 - 2018-04-14 17:29 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-04-14 17:28 - 2018-04-14 17:28 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-03-23 18:19 - 002480064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 002137024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 001310144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 000189784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 000152408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-04-14 17:28 - 2018-03-23 16:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-04-14 17:27 - 2018-04-14 17:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-04-14 17:26 - 2018-03-25 09:15 - 000998424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-14 17:26 - 2018-03-25 09:15 - 000950016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-14 17:26 - 2018-03-25 09:15 - 000625504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-14 17:26 - 2018-03-25 09:15 - 000516024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 004318112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 003719096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001985112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439135.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001683712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439135.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001138720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001065888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-14 17:26 - 2018-03-25 09:13 - 040278608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-14 17:26 - 2018-03-25 09:13 - 035188992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-14 17:26 - 2018-03-25 09:10 - 013571520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-14 17:26 - 2018-03-25 09:10 - 011132384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 019855144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 016496776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 001346128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 001153744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 000650232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-14 17:26 - 2018-03-25 09:08 - 012967056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-14 17:26 - 2018-03-25 09:08 - 011001504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-14 17:26 - 2018-03-25 09:08 - 003939624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-14 17:26 - 2018-03-23 18:19 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-04-14 17:26 - 2018-03-23 18:19 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-04-14 17:15 - 2018-04-14 17:21 - 467026848 _____ (NVIDIA Corporation) C:\Users\maxvh\Downloads\391.35-notebook-win10-64bit-international-whql.exe
2018-04-14 16:44 - 2018-04-14 16:44 - 000000000 ____D C:\Users\maxvh\AppData\Local\TslGame
2018-04-14 15:55 - 2018-04-14 15:55 - 005112480 _____ (Husdawg, LLC) C:\Users\maxvh\Downloads\Detection.exe
2018-04-13 21:22 - 2018-04-13 21:22 - 000000000 ____D C:\Users\maxvh\AppData\Local\lmbeuid
2018-04-13 06:51 - 2018-04-13 06:51 - 000000219 _____ C:\Users\maxvh\Desktop\Counter-Strike Global Offensive.url
2018-04-11 20:51 - 2018-04-11 20:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\Targem
2018-04-11 19:55 - 2018-04-11 19:55 - 000000000 ____D C:\ProgramData\Gaijin
2018-04-11 19:54 - 2018-04-11 19:54 - 004965880 _____ ( ) C:\Users\maxvh\Downloads\crossout_launcher_1.0.3.38.exe
2018-04-11 19:54 - 2018-04-11 19:54 - 004965880 _____ ( ) C:\Users\maxvh\Downloads\crossout_launcher_1.0.3.38 (1).exe
2018-04-11 19:54 - 2018-04-11 19:54 - 000000683 _____ C:\Users\maxvh\Desktop\Crossout Launcher.lnk
2018-04-11 19:54 - 2018-04-11 19:54 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout
2018-04-11 19:25 - 2018-04-11 19:25 - 000000512 _____ C:\Users\maxvh\Downloads\yeahs
2018-04-11 19:21 - 2018-04-11 19:21 - 000080384 _____ C:\Users\maxvh\Downloads\MBRCheck.exe
2018-04-11 19:20 - 2018-04-11 19:20 - 005659794 _____ (Swearware) C:\Users\maxvh\Downloads\ComboFix.exe
2018-04-11 19:20 - 2018-04-11 19:20 - 005659794 _____ (Swearware) C:\Users\maxvh\Downloads\ComboFix (1).exe
2018-04-11 19:05 - 2018-04-11 19:05 - 001931969 _____ C:\Users\maxvh\Downloads\ProcessExplorer.zip
2018-04-10 19:58 - 2018-04-10 19:58 - 002527376 _____ (Trend Micro Inc.) C:\Users\maxvh\Downloads\HousecallLauncher64.exe
2018-04-09 20:55 - 2018-04-09 20:55 - 000000000 ____D C:\WINDOWS\pss
2018-04-09 19:47 - 2018-04-09 19:47 - 000881904 _____ (Plumbytes Software) C:\Users\maxvh\Downloads\antimalwaresetup.exe
2018-04-09 18:51 - 2018-04-12 17:58 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-04-09 18:51 - 2018-04-11 18:59 - 000342913 _____ C:\WINDOWS\ZAM.krnl.trace
2018-04-09 18:51 - 2018-04-09 18:51 - 005766464 _____ (Zemana Ltd. ) C:\Users\maxvh\Downloads\eXplorer (2).exe
2018-04-09 18:51 - 2018-04-09 18:51 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-04-09 18:51 - 2018-04-09 18:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\Zemana
2018-04-09 07:05 - 2018-04-09 07:05 - 005766464 _____ (Zemana Ltd. ) C:\Users\maxvh\Downloads\eXplorer (1).exe
2018-04-09 07:04 - 2018-04-09 07:04 - 005766464 _____ (Zemana Ltd. ) C:\Users\maxvh\Downloads\eXplorer.exe
2018-04-09 07:03 - 2018-04-09 07:03 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\maxvh\Downloads\breh.exe
2018-04-09 07:01 - 2018-04-09 07:01 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\maxvh\Downloads\rkill-unsigned.exe
2018-04-09 06:53 - 2018-04-09 06:53 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\11321470.sys
2018-04-09 06:52 - 2018-04-28 14:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-09 06:52 - 2018-04-28 14:00 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-04-09 06:52 - 2018-04-09 06:52 - 014161479 _____ C:\Users\maxvh\Downloads\mbar-1.10.3.1001-nr.exe
2018-04-08 19:49 - 2018-04-30 07:51 - 000003896 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForceNow_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-08 19:49 - 2018-04-30 07:51 - 000001488 _____ C:\Users\Public\Desktop\NVIDIA GeForce NOW.lnk
2018-04-08 19:49 - 2018-04-14 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-08 19:20 - 2018-04-08 19:23 - 057942864 _____ (NVIDIA Corporation) C:\Users\maxvh\Downloads\GeForceNOW-release.exe
2018-04-08 11:22 - 2018-05-01 06:43 - 000000000 ____D C:\Program Files\Fortnite
2018-04-06 12:51 - 2018-04-06 12:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\pcirtgl
2018-04-06 12:39 - 2018-04-06 12:40 - 072480328 _____ (Malwarebytes ) C:\Users\maxvh\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4626.exe
2018-04-05 09:08 - 2018-04-05 09:08 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-02 06:18 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-02 06:18 - 2017-08-13 14:34 - 000000000 __SHD C:\Users\maxvh\IntelGraphicsProfiles
2018-05-01 22:10 - 2018-02-15 23:11 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Twitch
2018-05-01 22:10 - 2017-08-16 12:21 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-01 22:10 - 2017-08-13 15:29 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-01 22:08 - 2018-03-22 21:30 - 000000000 ____D C:\Users\maxvh\AppData\Local\reeibgh
2018-05-01 21:31 - 2017-10-18 20:21 - 000007613 _____ C:\Users\maxvh\AppData\Local\Resmon.ResmonCfg
2018-05-01 21:12 - 2017-12-28 18:31 - 000000000 ____D C:\Users\maxvh\AppData\Local\Spotify
2018-05-01 20:55 - 2017-12-28 18:30 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Spotify
2018-05-01 19:51 - 2017-08-13 19:46 - 000000200 _____ C:\Users\maxvh\AppData\Roaming\sp_data.sys
2018-05-01 19:19 - 2017-12-14 17:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-01 15:49 - 2017-12-14 17:38 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8FDB9909-6BCD-4D4E-A2F7-380995E575B4}
2018-05-01 15:31 - 2018-03-23 18:16 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-01 15:31 - 2018-03-23 18:16 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-01 08:55 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-01 07:10 - 2017-12-14 17:40 - 002474438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-01 07:09 - 2017-12-14 17:38 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4229614920-2763462209-2835931092-1001
2018-05-01 07:09 - 2017-08-13 14:36 - 000002369 _____ C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-01 07:09 - 2017-08-13 14:36 - 000000000 ___RD C:\Users\maxvh\OneDrive
2018-05-01 07:04 - 2018-03-22 21:29 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\vsswdgzsvc.exe
2018-05-01 07:04 - 2017-12-14 17:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-01 07:03 - 2017-09-29 01:45 - 025690112 _____ C:\WINDOWS\system32\config\HARDWARE
2018-05-01 07:03 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-01 06:55 - 2017-02-25 16:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-01 06:46 - 2018-03-08 07:28 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-01 06:30 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-01 06:30 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-30 12:46 - 2017-08-14 12:09 - 000000000 ____D C:\Users\maxvh\AppData\Local\CrashDumps
2018-04-30 07:50 - 2017-08-16 12:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-28 14:40 - 2017-08-22 08:29 - 000000000 ____D C:\Users\maxvh\Documents\My Games
2018-04-28 14:11 - 2017-12-09 18:44 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\qBittorrent
2018-04-27 19:28 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-27 19:28 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-27 19:28 - 2017-02-25 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-27 19:28 - 2017-02-25 17:04 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-27 15:21 - 2017-08-14 09:14 - 000000000 ____D C:\Users\maxvh\ansel
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 __RSD C:\WINDOWS\media
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\setup
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\ras
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\ias
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\com
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\IME
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Cursors
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\addins
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\Services
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-04-25 21:47 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\servicing
2018-04-25 21:46 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-04-25 21:43 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\registration
2018-04-25 20:58 - 2017-12-14 17:34 - 000000000 ____D C:\Users\maxvh
2018-04-25 20:26 - 2017-02-25 16:45 - 001367461 _____ C:\DUMP1750.tmp
2018-04-25 13:05 - 2018-02-08 19:52 - 000000000 ____D C:\Users\maxvh\AppData\Local\NVIDIA Corporation
2018-04-24 21:01 - 2018-02-24 22:41 - 000000000 ____D C:\Users\maxvh\AppData\Local\Last.fm
2018-04-23 08:44 - 2017-12-14 17:34 - 000000000 ____D C:\Users\maxvh\AppData\Local\Packages
2018-04-22 17:42 - 2017-08-16 12:01 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-04-21 22:14 - 2017-02-25 16:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-15 12:09 - 2017-08-15 19:13 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\.minecraft
2018-04-15 11:14 - 2017-08-24 16:39 - 000000000 ____D C:\Users\maxvh\AppData\Local\NVIDIA
2018-04-15 08:14 - 2018-02-12 07:37 - 000000000 ____D C:\ProgramData\Logishrd
2018-04-14 17:28 - 2017-08-16 12:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-14 17:28 - 2017-08-16 12:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-13 21:49 - 2017-12-14 17:38 - 000003936 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1504649893
2018-04-13 21:49 - 2017-09-05 15:18 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-04-13 21:49 - 2017-09-01 14:45 - 000000000 ____D C:\Program Files\Opera
2018-04-09 20:59 - 2017-08-14 14:45 - 000000000 ____D C:\Users\maxvh\AppData\Local\ElevatedDiagnostics
2018-04-09 06:53 - 2017-09-04 18:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-05 17:02 - 2018-01-12 19:38 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\discord
2018-04-03 12:37 - 2017-09-29 06:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-03 12:37 - 2017-09-29 06:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-08-13 19:46 - 2018-05-01 19:51 - 000000200 _____ () C:\Users\maxvh\AppData\Roaming\sp_data.sys
2017-10-16 19:34 - 2017-10-17 17:18 - 000005120 _____ () C:\Users\maxvh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-18 20:21 - 2018-05-01 21:31 - 000007613 _____ () C:\Users\maxvh\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-04-14 16:45 - 2018-04-20 18:50 - 000000000 _____ () C:\Users\maxvh\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-04-14 16:45 - 2018-04-20 18:50 - 000000017 _____ () C:\Users\maxvh\AppData\Local\Temp\a076beaf9db173977b97658ca7f5c11a.dll
2018-04-26 07:43 - 2018-04-26 07:43 - 014768072 _____ (Reimage) C:\Users\maxvh\AppData\Local\Temp\ReimagePackage.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wiehkoru.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-04-14 08:22
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by maxvh (02-05-2018 06:20:15)
Running from C:\Users\maxvh\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-15 00:39:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4229614920-2763462209-2835931092-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4229614920-2763462209-2835931092-503 - Limited - Disabled)
Guest (S-1-5-21-4229614920-2763462209-2835931092-501 - Limited - Disabled)
maxvh (S-1-5-21-4229614920-2763462209-2835931092-1001 - Administrator - Enabled) => C:\Users\maxvh
WDAGUtilityAccount (S-1-5-21-4229614920-2763462209-2835931092-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}) (Version: 20.24.401.14520 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}) (Version: 20.24.401.14520 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.21 - ASUS)
ASUS Input Configuration (HKLM-x32\...\{7DDF7571-64BD-4232-9729-20FF10CE6C62}) (Version: 1.0.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.13 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0045 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{63A1E236-1A28-4457-B9BC-A380A89E2D67}) (Version: 3.12.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Clustertruck (HKLM-x32\...\{BB09E395-9405-44CA-A17C-98DF998CF216}) (Version:  - TinyBuild LLC)
Crossout Launcher 1.0.3.38 (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\CrossOutLauncher_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Discord (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{dd334b4b-1f2c-4218-b16c-ad011caa7fe1}) (Version: 3.0.30.1111 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{25779f5d-6b0a-4e11-89e8-441b93c6ce2b}) (Version: 19.10.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{E9D9CF4A-A8B8-4566-86D5-CD3F13624E65}) (Version: 3.0.30.1111 - Intel Corporation) Hidden
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9226.2114 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9226.2114 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Middle-Earth: Shadow of War (HKLM-x32\...\Middle-Earth: Shadow of War_is1) (Version:  - )
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA GeForce NOW 1.7.2.38 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 1.7.2.38 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
Oracle VM VirtualBox 5.2.6 (HKLM\...\{EA9602E3-0184-45B9-9E15-028776CD7A6E}) (Version: 5.2.6 - Oracle Corporation)
qBittorrent 4.0.4 (HKLM-x32\...\qBittorrent) (Version: 4.0.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11219 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
Spotify (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
Thunderbolt™ Software (HKLM-x32\...\{F55C97BF-D9B2-4BB6-B16A-25A621BC50E9}) (Version: 16.2.52.250 - Intel Corporation)
Tom Clancy's Ghost Recon Wildlands (HKLM\...\Tom Clancys Ghost Recon Wildlands_is1) (Version: 1.0 - )
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Twitch (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
VEGAS Pro 15.0 (HKLM\...\{E0F91FB0-7FC4-11E7-B8E9-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
Vernier Graphical Analysis 4.3.0-759 (HKLM-x32\...\4eb51088-1521-559c-b5d0-932221840d75) (Version: 4.3.0-759 - Vernier Software & Technology)
Vernier Interface Drivers (HKLM-x32\...\{F458AF82-CB09-4F8C-AB1F-CD8E36487435}) (Version: 2.01.000 - Vernier Software & Technology)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHFilter) HIDClass  (12/19/2016 1.0.0.2) (HKLM\...\EEDD19DDF3F0CA7CFA2F4C500D442DD1FEB434F6) (Version: 12/19/2016 1.0.0.2 - ASUS)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (08/15/2016 11.0.0.13) (HKLM\...\A2DEE012DC7578575962E3ACBE995AE145C87914) (Version: 08/15/2016 11.0.0.13 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Users\maxvh\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {020BE0F2-F813-42BF-8C79-E6FFA51E9BA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229614920-2763462209-2835931092-1001UA => C:\Users\maxvh\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {0978780A-A519-4879-93EB-043D4C0E7212} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {0BEAE191-0DC3-4E49-9A3A-86D9BD1A59EE} - System32\Tasks\WpsExternal_20161125010520 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1DDF3EA2-5C42-4A75-8633-66C3AB64ACB0} - System32\Tasks\bagatelle_bifocal => C:\Users\maxvh\AppData\Local\permitted.exe
Task: {26D696FF-FB4A-4198-9D80-7FD1336E75B5} - System32\Tasks\TechUtilities => C:\Program Files (x86)\TechUtilities\TechUtilities.exe
Task: {3818A496-0BA5-441E-9B6D-108B70DE9656} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
Task: {3981CEA6-5EC7-42D0-92E9-219392395FF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {3CA091AB-F0D9-49B2-8DC5-26CBF0A86C39} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {3E5BFC8B-9117-4D6E-A5E5-871E76F63730} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-07-07] (ASUSTek COMPUTER INC.)
Task: {4828BCD0-BFF8-4590-8DD6-492E30E49700} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-23] (NVIDIA Corporation)
Task: {49F4BE5E-2F3E-4C9C-8E3F-576FCDBB565B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {56B0AA63-F211-4C86-9111-1009ACDE9D7C} - System32\Tasks\gabagatelle_bifocalbagatelle_bifocal => C:\Users\maxvh\AppData\Local\permitted.exe
Task: {58C722C2-44C0-4BFA-BC33-26BB205931DC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {5D99CE4C-3722-49EA-9968-EC29AEF0487C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-23] (NVIDIA Corporation)
Task: {5FC321C5-707A-4A35-9006-68992273E607} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {615AE83B-26A3-405E-AC4A-63AA9E264F4A} - System32\Tasks\lauter-peachy => C:\Program Files (x86)\entails\permitted.exe
Task: {67F31AD4-93FD-49B7-BEE9-377CE947B4C9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-23] (NVIDIA Corporation)
Task: {68CA851D-C51A-4E02-9CBF-9EE3D65CC6E2} - System32\Tasks\NVIDIA GeForceNow_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Users\maxvh\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe [2018-04-24] (NVIDIA Corporation)
Task: {6A447754-B938-4AEF-88D1-A9ABB7614DA6} - System32\Tasks\gaharriman phenomenalharriman phenomenal => C:\Program Files (x86)\Fina\permitted.exe
Task: {6BD199DF-B508-464F-8702-C8E968433432} - \garuffian_scarcelyruffian_scarcely -> No File <==== ATTENTION
Task: {6E6178EB-DC17-4881-AA12-CE1F3B65F803} - System32\Tasks\ruthenium => C:\Program Files (x86)\Antonovich\wolfgang.exe
Task: {780D2EA3-9E11-49E8-BEAE-30E864659F12} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2016-03-07] (ASUSTek Computer INC.)
Task: {80BC9CC0-041E-4F65-9C8F-C9B710006834} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {870531DA-819B-4804-A007-7FAF45ACB11D} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {8B6D6BD7-A0D0-4AB1-9C62-CE3EC41709AF} - System32\Tasks\garutheniumruthenium => C:\Program Files (x86)\Antonovich\wolfgang.exe
Task: {8D5B437E-896C-4D1E-AF4C-AFF7C9D2C2C6} - System32\Tasks\S-1-5-21-4229614920-2763462209-2835931092-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {8D7C30E3-14C0-45F2-8B6E-EC5D121F58A7} - System32\Tasks\gabuzzer maru violetsbuzzer maru violets => C:\Users\maxvh\AppData\Local\wolfgang.exe
Task: {9019FE7B-E324-4AF3-AF79-F9EB0DD3A8F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {96B93A77-641B-482D-AA08-C4B2CDBF73CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229614920-2763462209-2835931092-1001Core => C:\Users\maxvh\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {96DD15B6-4EF9-42E3-955E-AB2773A21A62} - System32\Tasks\buzzer maru violets => C:\Users\maxvh\AppData\Local\wolfgang.exe
Task: {AFE44623-F018-4260-A4B7-37B34DF2137D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-23] (NVIDIA Corporation)
Task: {B16CE261-C8CF-404B-B0E7-5553D2D454C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {B2407991-1F07-4E13-9567-28CB32080F70} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {BA4A357F-5C06-4062-ABA3-5C85CC6D0AB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {BAD6751E-BFBC-4637-96CC-4167A030722C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {BD3EF1C3-558C-4B0E-A9A9-EAF86C2FC044} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-27] (Microsoft Corporation)
Task: {C3E354FB-0969-4502-A2DD-4E08CC35EF86} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-27] (Microsoft Corporation)
Task: {C4F90505-6DE4-407E-9252-26BCA35E68C3} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {D16C5273-89D3-40B7-B067-B8F7C71D76C8} - \ruffian_scarcely -> No File <==== ATTENTION
Task: {D2FF7690-E516-4AF5-BB28-7E1E4F7E8C0D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {DC73DCC3-30E4-4826-8761-C3100A429A76} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {E0467F20-ADF5-4DBF-A556-080D3654B911} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {E9B327AF-2C0E-4B77-A6BE-7F9662902E7D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-10-03] (Realtek Semiconductor)
Task: {EC822F0D-54C9-40AF-9EA6-347170C659FA} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {EEFBE1E5-687C-454C-9C3A-B2423437E74D} - System32\Tasks\galauter-peachylauter-peachy => C:\Program Files (x86)\entails\permitted.exe
Task: {F04D63A8-B370-41C2-B485-F8C76F377FDF} - System32\Tasks\CheckFlipService => C:\Program Files\ASUS\ASUS FlipLock\CheckFlipService.exe [2016-12-16] ()
Task: {F126FABB-B471-4015-AC9C-FF37696F35A1} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-10-03] (Realtek Semiconductor)
Task: {F3E81A18-56F9-42DD-BB5E-632F2FE8788D} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F7BCBDA2-51B5-4BF2-A9C4-7FB8F23631E1} - System32\Tasks\Opera scheduled Autoupdate 1504649893 => C:\Program Files\Opera\launcher.exe [2018-04-10] (Opera Software)
Task: {F8235DAB-1B86-4D95-ADD2-77588DEAE0BE} - System32\Tasks\harriman phenomenal => C:\Program Files (x86)\Fina\permitted.exe
Task: {F8CE7BCC-B553-4B46-B6D1-0BC18931A7D1} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {FC22EA7E-A9CE-4FF7-8B3B-B6A8B271ECA0} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-10-12] (ASUS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files (x86)\TechUtilities\TechUtilities.exe-t C:\Program Files (x86)\TechUtilities\TechUtilities.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161125010520.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-14 17:28 - 2018-03-23 18:19 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-16 12:21 - 2018-03-23 16:02 - 000135136 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-03-13 20:50 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 20:50 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-25 06:46 - 2018-04-25 06:47 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 001949184 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2018-04-25 06:47 - 2018-04-25 06:47 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.9.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-04-25 06:47 - 2018-04-25 06:47 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.9.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-01 15:31 - 2018-04-25 20:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-05-01 15:31 - 2018-04-25 20:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 04:47 - 2018-03-22 21:43 - 000001346 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\maxvh\Pictures\Saved Pictures\alta.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ASUS Flip Service => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FBAgent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: ThunderboltService => 3
MSCONFIG\Services: Tran_Process_Proc => 2
MSCONFIG\Services: wpscloudsvr => 3
MSCONFIG\Services: WRSVC => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "exemptionsgaultier"
HKLM\...\StartupApproved\Run: => "exemptionsexemptions"
HKLM\...\StartupApproved\Run: => "exemptions"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "WRSVC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "unsubtleluxembourg"
HKLM\...\StartupApproved\Run32: => "unsubtleunsubtle"
HKLM\...\StartupApproved\Run32: => "unsubtle"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "sidingsiding.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "bdijdvev.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "siding.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "capitalistic"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "ofxduo"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "gaultierexemptions"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "luxembourgunsubtle"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "fadlallah"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "gaultiergaultier"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "gaultier"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "luxembourgluxembourg"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "luxembourg"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "WarThunderLauncher"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{19B32F53-7F11-4B07-A774-134B689A591B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{5A1A885D-36A2-420B-B73A-33298149AA46}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{F168AD7B-F6A9-4F92-80A4-50535DFFEEC0}D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{64CD8C57-C9BC-4FD9-B053-F2493FCC5737}D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{33187968-251F-4F55-9243-2193113BD2E0}D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{6B2419F4-AC76-42D4-A8D4-FB47C44B3D2D}D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{C20FA645-F7D1-4A4E-9258-881C108FC7F7}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{5DBF7D52-EBB2-4B5D-A660-EB8B65D47A24}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BFC9791C-20E8-4DD2-AB27-BFDC4BA9263F}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{8C520742-08D7-4DFA-B168-618A54A2D7AB}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{D590B953-E912-4E13-9F03-A9FECDF804E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CC251AD4-7ACA-499B-90CC-C6CDB0F66290}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{9529500B-A99F-474A-836E-87D5DB9A2705}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ZenSync_1.0.7.0_x86__qmba6cd70vzyy\AppService\AppService_NotificationHost.exe
FirewallRules: [{0ED96753-4122-44F2-AB65-86F470BA2A68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7C612320-8B35-4065-8F34-E6E108DC9509}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7DEB0DD8-3BEE-45B0-8B94-25791BC5CD77}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{4FA82B66-6852-4338-BAB9-DE6885E5EDC1}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{879F86AE-A198-4B8D-8604-01E96B10E58C}] => (Block) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{4BC44DB3-AD5B-4BE8-8D1E-42DD6D52D736}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{746F8881-40F3-47B8-8ED4-8219A4778AA8}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{44669996-4F2D-450A-B4D9-7AC70AC413B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4CC1490B-C39E-4133-B404-6322FA85029B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FBC8BB13-A7AF-4B98-B0AA-7ADE015A51FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{00EFD0AB-05E0-4F51-A4EC-5C326CAA8374}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B86F10DC-3FED-443F-9870-0003BFDAED8E}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{E73D6B25-9471-4694-B919-B671FF00873A}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{7E596F59-56E2-481E-ACD3-1E19F3F899B1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FEFFFDA2-F729-4266-A284-7B79D46069DF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9E2C3D3E-AEE3-47DE-BF2E-205CC0222CA4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B31A4C3C-B706-4C02-B7DC-4494353D432D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{14662188-6AD8-4E86-BA2C-08A4A22C6EFD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D05D4FA1-7E7F-423A-9682-D8DDDB145EB5}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [UDP Query User{EA43CD4E-4F01-4D6F-92BF-CDBE6BC4433F}D:\yeahs\call of duty black ops 2\sp.exe] => (Allow) D:\yeahs\call of duty black ops 2\sp.exe
FirewallRules: [TCP Query User{BC835383-AB91-41E7-BF72-6235884A45E5}D:\yeahs\call of duty black ops 2\sp.exe] => (Allow) D:\yeahs\call of duty black ops 2\sp.exe
FirewallRules: [UDP Query User{E657433B-74DC-45AF-9E00-A287E51D2D34}D:\yeahs\counter-strike global offensive\csgo.exe] => (Allow) D:\yeahs\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{ADCF6A47-A89C-4E64-A637-ABD16EEF6A8E}D:\yeahs\counter-strike global offensive\csgo.exe] => (Allow) D:\yeahs\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{EB21D5D5-918A-4872-A101-D084F24AC63B}D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe] => (Allow) D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{9CB505D4-4154-4E86-9541-FF8929AC2996}D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe] => (Allow) D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe
FirewallRules: [{E05D75DD-A60F-4D2E-9876-5461E6BFEBCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ADC62FA6-04A8-45ED-B12F-DE19AEA05C17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E51F7CEF-1D55-4685-8E90-3D7C2F8F207B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6FC9A8DD-2709-4B46-A3B9-6B2468B4D878}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7F23BFEA-0A8A-4868-AC0F-E702CF6C51E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{861BB97A-68BA-426E-BF3D-5FC3F7FDAF6B}] => (Allow) D:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{63D3A337-1D24-4075-83D6-077AC8DF0A6F}] => (Allow) D:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [UDP Query User{ECC3CB5C-167A-42A1-BBB3-C7B2516DD865}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{129C163B-CA78-442C-BA62-FB4A002DE2DC}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{72AF2EDF-0D0C-49BE-B39E-E653614B3D34}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{2F2E9EC6-C4D8-4302-B59B-26A03C523689}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{F5833281-F606-4C2D-854D-F77FF29BA174}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{C846BF86-890D-4512-A623-4E011CE3EDED}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{E248A5BE-2877-41A7-BCE9-0CFBF381BD9D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{5E4E863D-C65F-46B5-9A78-E6942B925836}C:\users\maxvh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maxvh\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{276E53CE-1F71-42EB-A0D3-DC4A15708C46}C:\users\maxvh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maxvh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792E400-448D-45AE-BECE-12786BE40B28}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C95C4A85-4489-4521-AF7D-7F4A64067812}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
FirewallRules: [{FE359EBB-A6F9-45F7-BA33-7668E16214F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{22EBF4BD-41D0-4DF5-B113-9264CA453FE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A17552C-1591-4AFF-BD06-4120A2A11D5F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{35F3D57B-B8BB-41B1-A12D-11C3290C1834}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3CE32ED9-CC3D-429F-BE43-94BF9D499A23}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{AB34A21C-7ADE-4F98-AF26-436D49622E42}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{095EBD4A-562F-40C3-A430-7C3444DC8632}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A6A8CDE3-E289-4C36-9392-21B9F5A96ACE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A78F053E-CE24-44D2-A3B5-93A768EFCB1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BC94315-E2AF-4AF2-BA75-F8E1B83B0FF6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B425832F-B8FE-45AD-9CAE-63B983EBCA81}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{58378151-8960-4F39-9DBD-31E7AE482DE5}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{670167B0-4FC7-45B3-B55A-38F0C8BD7C02}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{4EDB6E15-BAAB-4EBB-9CB5-CF63E3BA708E}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{6FA151A9-1D14-4BC9-B7F0-3743E102E993}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{78CBD1F8-3FD7-441E-8574-9910D731E5E8}D:\games\fifa18\fifa18.exe] => (Allow) D:\games\fifa18\fifa18.exe
FirewallRules: [UDP Query User{995B69ED-84BF-4D15-9263-2D24324DCBC2}D:\games\fifa18\fifa18.exe] => (Allow) D:\games\fifa18\fifa18.exe
FirewallRules: [TCP Query User{30F7D391-90D7-4F81-99CE-C2C452BD3742}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{EC922136-CA6C-4D54-830A-B6332ECA4968}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{6B06D009-1712-4959-BA6C-E4A6B299529C}C:\users\maxvh\appdata\local\fivem\fivem.exe] => (Allow) C:\users\maxvh\appdata\local\fivem\fivem.exe
FirewallRules: [UDP Query User{8F696C6C-0A27-4A3C-B3FB-220FDF35BCEE}C:\users\maxvh\appdata\local\fivem\fivem.exe] => (Allow) C:\users\maxvh\appdata\local\fivem\fivem.exe
FirewallRules: [{0F8A01BC-675D-42F2-B799-A707556F6039}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe
FirewallRules: [{97C28D5D-0696-43B0-844E-EAD839AC2B52}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{EBD09094-E967-4049-81A1-93BA14E29DEB}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{8E2E5C94-FA75-4799-B256-22358B9B5FE3}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{2443FF81-1095-4951-9EDC-F05AA44F07AF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{43F7C23D-8A79-4483-8278-8EF691716674}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{AA61B448-BA1E-4AAC-BAB5-763574231CE8}] => (Allow) C:\Program Files (x86)\Antonovich\wolfgang.exe
FirewallRules: [{DA9AAF09-07B2-4EF7-A601-7D5CBE0BB7FC}] => (Allow) C:\Program Files (x86)\entails\permitted.exe
FirewallRules: [{53E9C3B7-0CBD-4F71-9B55-FCDC377BB2CD}] => (Allow) C:\Program Files (x86)\Fina\permitted.exe
FirewallRules: [{EAAF6C8A-E5CE-4F45-9FC9-6D47ECF600A3}] => (Allow) C:\Program Files\Opera\52.0.2871.40\opera.exe
FirewallRules: [TCP Query User{D38A0DEB-CA87-4D77-9AF2-487D1A7C21D1}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [UDP Query User{195B2F02-AF9C-40AC-8601-3C70D2DDD70C}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [TCP Query User{9C2B1795-E28E-4B98-A26F-D6CC7F27C2D1}C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{61E731AB-EB04-42BF-82CC-0124E35F8589}C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{76E0423C-5A47-4B23-8CB1-4F5C54519EEE}D:\games\crossout\launcher.exe] => (Allow) D:\games\crossout\launcher.exe
FirewallRules: [UDP Query User{3E932808-DA20-4E12-A343-62341DC1CF75}D:\games\crossout\launcher.exe] => (Allow) D:\games\crossout\launcher.exe
FirewallRules: [{C37EBD2A-85F0-4F02-A180-0A87997B6CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raceland\Raceland\Raceland.exe
FirewallRules: [{77F5322B-7CA9-4ABF-A6ED-C724AB2D2F69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raceland\Raceland\Raceland.exe
FirewallRules: [{1ED8D698-F64E-4197-9CD9-47D07F43BFA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlegun\Battlegun.exe
FirewallRules: [{26F625E8-92D4-43F2-80B0-35323098192F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlegun\Battlegun.exe
FirewallRules: [TCP Query User{C8A928BC-E5B4-43EF-871F-E066AB63EE7C}D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{7C44316C-97E9-489B-93B3-C32B50F20F22}D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{D8545015-42CA-4662-A85E-945AA2A88CF5}] => (Allow) C:\Program Files\Opera\52.0.2871.64\opera.exe
FirewallRules: [{21B649DA-2FF9-4790-A6AA-FE7A42D8A652}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{18D256CE-E171-42D4-BDE2-FA75A012E4A9}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{3B15BCED-4820-447B-A844-32D927682EB6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{6B073BB5-94D5-4A8B-BDE0-0666ECFD701D}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{F44E2C1F-85DF-4359-AFF6-6ADBDADB8E99}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8480243A-9D9E-4971-916A-C0D81A2199CF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{C65B709B-EF9E-4C80-9BDB-1C7DB3669724}C:\users\maxvh\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{10B70551-2253-4D59-B862-85BFF754DE61}C:\users\maxvh\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{BB84F1DE-2F27-4852-8FCA-88E75E6A6DFA}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{A4B32477-8AF1-4862-86D4-ABD44DA0AB99}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{BE35C671-4178-445C-80B3-B1142AEBBC5A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{D142F922-313B-437D-9CB0-CF8C27CA77B4}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{0ACB511E-9249-436C-B83A-D5CFECFBB894}C:\users\maxvh\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{F9AC3FDA-AA2B-48AC-A2C7-599106E63A9D}C:\users\maxvh\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{8F9B4957-3EF5-44A4-BCC0-37EB3998589C}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [UDP Query User{F872EBD4-C6F9-4EDD-B3E4-FC572E25DD71}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [{6DA99CA0-24E1-489F-995B-3677B07C4DD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
01-05-2018 21:54:58 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/01/2018 10:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ICEsoundAPO64.dll, version: 1.0.0.20, time stamp: 0x56e94d73
Exception code: 0xc0000409
Fault offset: 0x000000000002571c
Faulting process id: 0x2f10
Faulting application start time: 0x01d3e1cdd76fb9a8
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\ICEsoundAPO64.dll
Report Id: 39ea16f6-0642-485b-8324-d7bf84724bda
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 10:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x2f10
Faulting application start time: 0x01d3e1cdd76fb9a8
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5ac7a1d7-76cb-4444-968c-329f31cc8ff6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 10:10:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x2f10
Faulting application start time: 0x01d3e1cdd76fb9a8
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f045c93c-442e-40cd-a90e-de1767ad73f0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 08:55:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ICEsoundAPO64.dll, version: 1.0.0.20, time stamp: 0x56e94d73
Exception code: 0xc0000409
Fault offset: 0x000000000002571c
Faulting process id: 0x1dc4
Faulting application start time: 0x01d3e19c8d89fa7d
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\ICEsoundAPO64.dll
Report Id: 791f8b33-b844-4f5d-b1c2-c11b7632a219
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 08:55:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x1dc4
Faulting application start time: 0x01d3e19c8d89fa7d
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3ddfbb24-61bf-4fcc-b1f1-96cbcaffe923
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 04:21:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1031
 
Error: (05/01/2018 04:21:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1031
 
Error: (05/01/2018 04:21:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/02/2018 06:20:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2018-04 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4093112).
 
Error: (05/02/2018 06:20:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (05/02/2018 06:19:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (05/02/2018 06:19:10 AM) (Source: DCOM) (EventID: 10010) (User: BEST)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
 
Error: (05/02/2018 06:19:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (05/02/2018 06:18:57 AM) (Source: DCOM) (EventID: 10016) (User: BEST)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user BEST\maxvh SID (S-1-5-21-4229614920-2763462209-2835931092-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/02/2018 06:18:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/02/2018 06:18:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-03-22 21:28:34.055
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Optiminz.A
ID: 2147725072
Severity: Severe
Category: Trojan
Path: file:_C:\Users\maxvh\AppData\Local\Temp\setup (1).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\maxvh\AppData\Local\Temp\instalelerxvid.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:28:10.476
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Misleading:Win32/Clepissup
ID: 240732
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files (x86)\pccleanplus\pccleanplus.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\maxvh\AppData\Local\Temp\is-LK9A3.tmp\jfk0021.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:27:31.379
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanSpy:Win32/Tougle!rfn
ID: 2147721815
Severity: Severe
Category: Trojan Monitoring Software
Path: file:_C:\Users\maxvh\AppData\Local\Temp\vofas.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\maxvh\AppData\Local\Temp\instalelerxvid.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:27:14.215
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Skeeyah.G
ID: 2147724449
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files\Realtek\0V8JWJA0XTKZA10V7OPJ646\P9dl0i-tg-.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:27:08.950
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Cloxer.D!cl
ID: 2147726003
Severity: Severe
Category: Trojan
Path: file:_C:\Users\maxvh\AppData\Local\Temp\is-LK9A3.tmp\jfk0021.exe;process:_pid:8488,ProcessStart:131662528172997396
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\maxvh\AppData\Local\Temp\is-LK9A3.tmp\jfk0021.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-13 07:42:29.700
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.509.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x800b0109
Error description: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 
 
CodeIntegrity:
===================================
 
Date: 2018-05-02 06:19:56.967
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:19:56.966
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:19:04.151
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:19:04.150
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.701
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.657
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.598
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.582
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 26%
Total physical RAM: 16264.18 MB
Available physical RAM: 11910.68 MB
Total Virtual: 19193.18 MB
Available Virtual: 15384.15 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:475.78 GB) (Free:283.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:1863.02 GB) (Free:1210.28 GB) NTFS
 
\\?\Volume{5e28db9b-42d6-4eca-97cb-ec0c5bf58f6b}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{c90095bb-ee6c-4017-994a-337f7aae80f5}\ () (Fixed) (Total:0.89 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 6A7A13E3)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 27200D5B)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 biggiecheese

biggiecheese
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 02 May 2018 - 08:22 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018
Ran by maxvh (administrator) on BEST (02-05-2018 06:19:41)
Running from C:\Users\maxvh\Downloads
Loaded Profiles: maxvh (Available Profiles: maxvh & Administrator)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\vsswdgzsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Farbar) C:\Users\maxvh\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [exemptions] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKLM\...\Run: [exemptionsgaultier] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [unsubtle] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKLM-x32\...\Run: [unsubtleluxembourg] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Google Update] => C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139872 2018-01-05] (Wargaming.net)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Discord] => C:\Users\maxvh\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Spotify] => C:\Users\maxvh\AppData\Roaming\Spotify\Spotify.exe [22454160 2018-04-03] (Spotify Ltd)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [luxembourg] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [luxembourgunsubtle] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [luxembourgluxembourg] => "C:\Program Files (x86)\Fina\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [gaultier] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [gaultierexemptions] => "C:\Program Files (x86)\entails\permitted.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [gaultiergaultier] => "C:\Program Files (x86)\Fina\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [capitalistic] => "C:\Program Files (x86)\coolant\capitalistic.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [fadlallah] => "C:\Program Files (x86)\Antonovich\wolfgang.exe" U4
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Gaijin.Net Agent] => C:\Users\maxvh\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2116168 2018-01-22] (Gaijin Entertainment)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Run: [Spotify Web Helper] => C:\Users\maxvh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-03] (Spotify Ltd)
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\MountPoints2: {3d731859-4690-11e8-989a-f48c50c05642} - "E:\LaunchU3.exe" 
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\MountPoints2: {3d73187e-4690-11e8-989a-f48c50c05642} - "E:\LaunchU3.exe" 
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\internet explorer\iexplore.exe -restart /WERRESTART <==== ATTENTION
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdijdvev.lnk [2018-03-22]
ShortcutTarget: bdijdvev.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\siding.lnk [2018-03-22]
ShortcutTarget: siding.lnk -> C:\Program Files (x86)\Antonovich\wolfgang.exe (No File)
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidingsiding.lnk [2018-03-22]
ShortcutTarget: sidingsiding.lnk -> C:\Program Files (x86)\entails\permitted.exe (No File)
Startup: C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-02-15]
ShortcutTarget: Twitch.lnk -> C:\Users\maxvh\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2a62609e-fb7c-4c7d-b0a3-55f978db5ba1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{83333052-3835-4821-9324-52b953259e75}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ea35a717-84de-4cdb-afde-5fd53bd4a3de}: [DhcpNameServer] 172.17.128.24
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-31] (Oracle Corporation)
BHO-x32: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-31] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-27] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001 -> hxxp://bing.com/
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2018-04-25]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\maxvh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @talk.google.com/O1DPlugin -> C:\Users\maxvh\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @tools.google.com/Google Update;version=3 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4229614920-2763462209-2835931092-1001: @tools.google.com/Google Update;version=9 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\maxvh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\maxvh\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default [2018-05-02]
CHR Extension: (Slides) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-13]
CHR Extension: (YouTube) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-13]
CHR Extension: (Adblock Plus) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-27]
CHR Extension: (Sheets) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Adblocker for Youtube™) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcpkohnhcheajaneelkpaiebgkbdafmi [2018-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-15]
CHR Extension: (Save to Google Drive) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-01-11]
CHR Extension: (diep.io) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpllkpbhkocdjeakcpknppngdnodnmgn [2017-08-31]
CHR Extension: (idiots.win) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmlbggbmchnffeifgapbcodkijoplohn [2017-08-31]
CHR Extension: (DrawThis.io!) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmmkmpcdolknhdjmdckbbaclgciikgk [2017-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR Profile: C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-03-22]
CHR Extension: (__MSG_appName__) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\gcpkohnhcheajaneelkpaiebgkbdafmi [2018-03-22]
CHR Extension: (No Name) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR Profile: C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-22]
CHR Extension: (__MSG_appName__) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gcpkohnhcheajaneelkpaiebgkbdafmi [2018-03-22]
CHR Extension: (No Name) - C:\Users\maxvh\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
CHR HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Adblocker for Youtube™) - C:\Users\maxvh\AppData\Roaming\Opera Software\Opera Stable\Extensions\kedpicenkkndemblkfpnngmcihdfhndn [2018-03-22]
OPR Extension: (Quick Searcher) - C:\Users\maxvh\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\hnilrbpe <==== ATTENTION (Rootkit!)
 
S2 72bc99a690813ca8ff9d5e778ea01e06; C:\WINDOWS\72bc99a690813ca8ff9d5e778ea01e06.dll [2150400 2018-03-22] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S4 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [15288 2016-12-16] (ASUS)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-24] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566440 2018-04-23] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2215168 2016-10-31] (Intel Corporation)
S4 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-12] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [181520 2016-09-08] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
S4 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel Corporation)
S4 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-13] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-13] (Microsoft Corporation)
S4 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
S2 0280061521839785mcinstcleanup; C:\Users\maxvh\AppData\Local\Temp\028006~1.EXE -cleanup -nolog [X] <==== ATTENTION
S2 cfa69096c170645ce9128bafeb108737; "C:\Program Files\cfa69096c170645ce9128bafeb108737\5437b4505aa430c9c5e94111cbe717f8.exe" [X]
S3 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\WINDOWS\system32\DRIVERS\ASMMAP64.sys [36696 2016-04-27] (ASUSTek Computer Inc.)
R3 AsusHFilter; C:\WINDOWS\System32\drivers\AsusHFilter.sys [30200 2016-12-22] ()
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [107008 2016-09-01] (ASUS Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66616 2016-10-31] (Intel Corporation)
U4 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [807112 2018-05-01] (EasyAntiCheat Oy)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-31] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUS)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [723728 2016-09-08] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-08-18] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-03-23] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S4 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation)
S4 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-14] (The OpenVPN Project)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3146760 2016-09-13] (Realtek Semiconductor Corp.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [211704 2018-01-15] (Oracle Corporation)
U5 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138432 2017-09-13] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-13] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-13] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-04-09] (Zemana Ltd.)
S1 05fe4151663018e99e0a6adc039ec2b3; \??\C:\WINDOWS\system32\drivers\05fe4151663018e99e0a6adc039ec2b3.sys [X]
S4 bcngr; System32\drivers\tichwblo.sys [X]
S3 DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
S3 twzcgj; system32\drivers\zcfjmp.sys [X]
R3 vybfil; system32\drivers\beilos.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-02 06:19 - 2018-05-02 06:19 - 002405888 _____ (Farbar) C:\Users\maxvh\Downloads\FRST64 (1).exe
2018-05-02 06:19 - 2018-05-02 06:19 - 000032247 _____ C:\Users\maxvh\Downloads\FRST.txt
2018-05-01 21:44 - 2018-05-01 21:44 - 000000267 _____ C:\Users\maxvh\Desktop\Clustertruck.url
2018-05-01 21:44 - 2018-05-01 21:44 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games
2018-05-01 21:40 - 2018-05-01 21:40 - 000000000 ____D C:\Program Files (x86)\Twitch
2018-05-01 21:34 - 2018-05-01 21:34 - 005800224 _____ (Enigma Software Group USA, LLC.) C:\Users\maxvh\Downloads\SpyHunter-Installer.exe
2018-05-01 21:27 - 2018-05-02 06:19 - 000000000 ____D C:\FRST
2018-05-01 21:27 - 2018-05-01 21:27 - 002405888 _____ (Farbar) C:\Users\maxvh\Downloads\FRST64.exe
2018-05-01 07:06 - 2018-05-01 07:06 - 000000000 ____D C:\Users\maxvh\AppData\Local\lsckutd
2018-05-01 07:03 - 2018-05-01 07:03 - 000142672 ____N C:\WINDOWS\system32\Drivers\wiehkoru.sys
2018-05-01 06:46 - 2018-05-01 06:46 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\EasyAntiCheat
2018-04-30 20:01 - 2018-04-30 20:01 - 000000000 ____D C:\Users\maxvh\AppData\Local\nvowmih
2018-04-28 22:40 - 2018-04-28 22:40 - 000000000 ____D C:\Users\maxvh\AppData\Local\zamgbdo
2018-04-28 17:47 - 2018-04-28 17:47 - 000000000 ____D C:\ProgramData\Emsisoft
2018-04-28 17:46 - 2018-04-28 22:32 - 000000000 ____D C:\EEK
2018-04-28 17:40 - 2018-04-28 17:46 - 328383888 _____ C:\Users\maxvh\Downloads\EmsisoftEmergencyKit.exe
2018-04-28 17:11 - 2018-04-28 17:11 - 005636696 _____ (Gaijin Entertainment ) C:\Users\maxvh\Downloads\wt_launcher_1.0.3.100 (1).exe
2018-04-28 14:40 - 2018-04-28 14:40 - 000000000 ____D C:\Users\maxvh\AppData\Local\Skyrim Special Edition
2018-04-28 14:38 - 2018-04-28 14:38 - 000000000 ____D C:\Users\maxvh\AppData\Local\zadxcuw
2018-04-28 14:22 - 2018-04-28 14:22 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\EMCO
2018-04-28 14:21 - 2018-04-28 14:22 - 054054384 _____ (EMCO Software) C:\Users\maxvh\Downloads\MoveOnBootSetup.exe
2018-04-28 14:15 - 2018-04-28 14:15 - 000000000 ____D C:\Users\maxvh\AppData\Local\dwdhazx
2018-04-28 14:01 - 2018-04-28 14:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\416746D2.sys
2018-04-28 14:00 - 2018-04-28 14:11 - 000000000 ____D C:\Users\maxvh\Desktop\mbar
2018-04-28 14:00 - 2018-04-28 14:00 - 014161479 _____ C:\Users\maxvh\Downloads\mbar-1.10.3.1001-nr (1).exe
2018-04-27 21:18 - 2018-04-27 21:18 - 000000919 _____ C:\Users\maxvh\Desktop\The Elder Scrolls V Skyrim Special Edition.lnk
2018-04-27 21:18 - 2018-04-27 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Special Edition
2018-04-27 19:29 - 2018-04-27 19:29 - 000000000 ____D C:\Users\maxvh\AppData\Local\nvdrtme
2018-04-27 19:28 - 2018-04-27 19:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-04-27 18:39 - 2018-04-27 18:40 - 002011760 _____ (WiperSoft) C:\Users\maxvh\Downloads\WiperSoft-installer.exe
2018-04-26 15:31 - 2018-04-26 15:31 - 000000000 ____D C:\Users\maxvh\AppData\Local\lsieprm
2018-04-26 07:43 - 2018-04-28 14:13 - 000000000 ____D C:\Program Files\Reimage
2018-04-26 07:43 - 2018-04-28 11:27 - 000000140 _____ C:\WINDOWS\Reimage.ini
2018-04-26 07:43 - 2018-04-26 07:43 - 000605424 _____ (Reimage) C:\Users\maxvh\Downloads\ReimageRepair.exe
2018-04-25 21:28 - 2018-04-25 21:46 - 000000000 ___HD C:\$SysReset
2018-04-25 21:28 - 2018-04-25 21:28 - 000000000 ____D C:\$Windows.~BT
2018-04-25 20:59 - 2018-04-25 20:59 - 000000000 ____D C:\Users\maxvh\AppData\Local\seodvzw
2018-04-25 13:03 - 2018-04-25 13:03 - 000000000 ____D C:\Users\maxvh\AppData\Local\psivuer
2018-04-25 06:44 - 2018-04-25 06:44 - 000000000 ____D C:\Users\maxvh\AppData\Local\psmhotu
2018-04-24 21:37 - 2018-04-24 21:37 - 000034476 _____ C:\TDSSKiller.3.1.0.17_24.04.2018_21.37.16_log.txt
2018-04-24 21:36 - 2018-04-24 21:37 - 004949824 _____ (AO Kaspersky Lab) C:\Users\maxvh\Downloads\tdsskiller.exe
2018-04-24 20:48 - 2018-04-24 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-04-24 20:48 - 2018-04-24 20:48 - 000000000 ____D C:\Program Files\qBittorrent
2018-04-24 20:46 - 2018-04-24 20:47 - 022476558 _____ (The qBittorrent project) C:\Users\maxvh\Downloads\qbittorrent_4.0.4_x64_setup.exe
2018-04-24 06:30 - 2018-04-24 06:30 - 000000000 ____D C:\Users\maxvh\AppData\Local\pcbnwze
2018-04-23 06:27 - 2018-04-23 06:27 - 000000000 ____D C:\Users\maxvh\AppData\Local\exabizk
2018-04-22 17:51 - 2018-04-22 17:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\svmgcxi
2018-04-22 17:37 - 2018-04-22 17:37 - 000000000 ____D C:\Users\maxvh\AppData\Local\reezoug
2018-04-22 09:59 - 2018-04-22 09:59 - 000000000 ____D C:\Users\maxvh\AppData\Local\svkzxet
2018-04-22 09:49 - 2018-04-22 09:49 - 000000000 ____D C:\Users\maxvh\AppData\Local\rargskz
2018-04-22 09:46 - 2018-04-22 09:46 - 000000000 ____D C:\Users\maxvh\AppData\Local\rtkexvh
2018-04-21 22:31 - 2018-04-21 22:31 - 000000000 ____D C:\Users\maxvh\AppData\Local\scadumg
2018-04-21 22:24 - 2018-04-21 22:24 - 000000000 ____D C:\Users\maxvh\AppData\Local\nvkpbst
2018-04-21 22:23 - 2018-05-01 09:16 - 000088793 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-21 22:19 - 2018-04-21 22:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\wmcagent
2018-04-21 22:16 - 2018-04-21 22:16 - 000003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-04-21 22:16 - 2018-04-21 22:16 - 000002389 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-21 22:15 - 2018-04-28 14:11 - 000000000 ____D C:\Users\Administrator\AppData\Local\seetzwh
2018-04-21 22:15 - 2018-04-21 22:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\kingsoft
2018-04-21 22:15 - 2018-04-21 22:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\rahpwgi
2018-04-21 22:15 - 2018-04-21 22:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2018-04-21 22:14 - 2018-04-25 21:47 - 000000000 ____D C:\Users\Administrator
2018-04-21 22:14 - 2018-04-21 22:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-04-21 22:14 - 2018-04-21 22:14 - 000000258 __RSH C:\Users\Administrator\ntuser.pol
2018-04-21 22:14 - 2018-04-21 22:14 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-04-21 22:14 - 2018-04-21 22:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-04-21 22:13 - 2018-04-21 22:13 - 000000000 ____D C:\Users\maxvh\AppData\Local\sihzpcu
2018-04-21 21:54 - 2018-04-21 21:54 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-21 21:54 - 2018-04-21 21:54 - 000002848 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-21 21:54 - 2018-04-21 21:54 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-21 21:54 - 2018-04-21 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-21 21:54 - 2018-04-21 21:54 - 000000000 ____D C:\Program Files\CCleaner
2018-04-21 21:52 - 2018-04-21 21:54 - 015333512 _____ (Piriform Ltd) C:\Users\maxvh\Downloads\ccsetup541.exe
2018-04-21 21:10 - 2018-04-28 13:52 - 000000000 ____D C:\Users\maxvh\AppData\Local\WarThunder
2018-04-21 21:10 - 2018-04-21 21:10 - 000002031 _____ C:\Users\maxvh\Desktop\WarThunder.lnk
2018-04-21 21:10 - 2018-04-21 21:10 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2018-04-21 21:10 - 2018-04-21 21:10 - 000000000 ____D C:\Users\maxvh\AppData\Local\Gaijin
2018-04-21 21:09 - 2018-04-21 21:10 - 005636696 _____ (Gaijin Entertainment ) C:\Users\maxvh\Downloads\wt_launcher_1.0.3.100.exe
2018-04-20 18:26 - 2018-04-20 18:26 - 000000000 ____D C:\Users\maxvh\AppData\Local\ussedrk
2018-04-15 11:10 - 2018-04-15 11:10 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-15 11:10 - 2017-12-08 15:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-04-15 11:10 - 2017-12-08 15:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-04-15 11:10 - 2017-12-08 15:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-04-15 11:10 - 2017-12-08 15:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-04-15 10:59 - 2018-04-15 11:00 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-04-15 10:59 - 2018-04-15 10:59 - 002314240 _____ C:\Users\maxvh\Downloads\MinecraftInstaller.msi
2018-04-15 10:59 - 2018-04-15 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2018-04-14 17:29 - 2018-04-14 17:29 - 000001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-04-14 17:28 - 2018-04-14 17:28 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-04-14 17:28 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-14 17:28 - 2018-03-23 18:19 - 002480064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 002137024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 001310144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 000189784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-04-14 17:28 - 2018-03-23 18:19 - 000152408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-04-14 17:28 - 2018-03-23 16:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-04-14 17:27 - 2018-04-14 17:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-04-14 17:26 - 2018-03-25 09:15 - 000998424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-14 17:26 - 2018-03-25 09:15 - 000950016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-14 17:26 - 2018-03-25 09:15 - 000625504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-14 17:26 - 2018-03-25 09:15 - 000516024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 004318112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 003719096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001985112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439135.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001683712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439135.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001138720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-14 17:26 - 2018-03-25 09:14 - 001065888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-14 17:26 - 2018-03-25 09:13 - 040278608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-14 17:26 - 2018-03-25 09:13 - 035188992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-14 17:26 - 2018-03-25 09:10 - 013571520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-14 17:26 - 2018-03-25 09:10 - 011132384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 019855144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 016496776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 001346128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 001153744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-14 17:26 - 2018-03-25 09:09 - 000650232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-14 17:26 - 2018-03-25 09:08 - 012967056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-14 17:26 - 2018-03-25 09:08 - 011001504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-14 17:26 - 2018-03-25 09:08 - 003939624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-14 17:26 - 2018-03-23 18:19 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-04-14 17:26 - 2018-03-23 18:19 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-04-14 17:15 - 2018-04-14 17:21 - 467026848 _____ (NVIDIA Corporation) C:\Users\maxvh\Downloads\391.35-notebook-win10-64bit-international-whql.exe
2018-04-14 16:44 - 2018-04-14 16:44 - 000000000 ____D C:\Users\maxvh\AppData\Local\TslGame
2018-04-14 15:55 - 2018-04-14 15:55 - 005112480 _____ (Husdawg, LLC) C:\Users\maxvh\Downloads\Detection.exe
2018-04-13 21:22 - 2018-04-13 21:22 - 000000000 ____D C:\Users\maxvh\AppData\Local\lmbeuid
2018-04-13 06:51 - 2018-04-13 06:51 - 000000219 _____ C:\Users\maxvh\Desktop\Counter-Strike Global Offensive.url
2018-04-11 20:51 - 2018-04-11 20:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\Targem
2018-04-11 19:55 - 2018-04-11 19:55 - 000000000 ____D C:\ProgramData\Gaijin
2018-04-11 19:54 - 2018-04-11 19:54 - 004965880 _____ ( ) C:\Users\maxvh\Downloads\crossout_launcher_1.0.3.38.exe
2018-04-11 19:54 - 2018-04-11 19:54 - 004965880 _____ ( ) C:\Users\maxvh\Downloads\crossout_launcher_1.0.3.38 (1).exe
2018-04-11 19:54 - 2018-04-11 19:54 - 000000683 _____ C:\Users\maxvh\Desktop\Crossout Launcher.lnk
2018-04-11 19:54 - 2018-04-11 19:54 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout
2018-04-11 19:25 - 2018-04-11 19:25 - 000000512 _____ C:\Users\maxvh\Downloads\yeahs
2018-04-11 19:21 - 2018-04-11 19:21 - 000080384 _____ C:\Users\maxvh\Downloads\MBRCheck.exe
2018-04-11 19:20 - 2018-04-11 19:20 - 005659794 _____ (Swearware) C:\Users\maxvh\Downloads\ComboFix.exe
2018-04-11 19:20 - 2018-04-11 19:20 - 005659794 _____ (Swearware) C:\Users\maxvh\Downloads\ComboFix (1).exe
2018-04-11 19:05 - 2018-04-11 19:05 - 001931969 _____ C:\Users\maxvh\Downloads\ProcessExplorer.zip
2018-04-10 19:58 - 2018-04-10 19:58 - 002527376 _____ (Trend Micro Inc.) C:\Users\maxvh\Downloads\HousecallLauncher64.exe
2018-04-09 20:55 - 2018-04-09 20:55 - 000000000 ____D C:\WINDOWS\pss
2018-04-09 19:47 - 2018-04-09 19:47 - 000881904 _____ (Plumbytes Software) C:\Users\maxvh\Downloads\antimalwaresetup.exe
2018-04-09 18:51 - 2018-04-12 17:58 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-04-09 18:51 - 2018-04-11 18:59 - 000342913 _____ C:\WINDOWS\ZAM.krnl.trace
2018-04-09 18:51 - 2018-04-09 18:51 - 005766464 _____ (Zemana Ltd. ) C:\Users\maxvh\Downloads\eXplorer (2).exe
2018-04-09 18:51 - 2018-04-09 18:51 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-04-09 18:51 - 2018-04-09 18:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\Zemana
2018-04-09 07:05 - 2018-04-09 07:05 - 005766464 _____ (Zemana Ltd. ) C:\Users\maxvh\Downloads\eXplorer (1).exe
2018-04-09 07:04 - 2018-04-09 07:04 - 005766464 _____ (Zemana Ltd. ) C:\Users\maxvh\Downloads\eXplorer.exe
2018-04-09 07:03 - 2018-04-09 07:03 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\maxvh\Downloads\breh.exe
2018-04-09 07:01 - 2018-04-09 07:01 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\maxvh\Downloads\rkill-unsigned.exe
2018-04-09 06:53 - 2018-04-09 06:53 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\11321470.sys
2018-04-09 06:52 - 2018-04-28 14:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-09 06:52 - 2018-04-28 14:00 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-04-09 06:52 - 2018-04-09 06:52 - 014161479 _____ C:\Users\maxvh\Downloads\mbar-1.10.3.1001-nr.exe
2018-04-08 19:49 - 2018-04-30 07:51 - 000003896 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForceNow_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-08 19:49 - 2018-04-30 07:51 - 000001488 _____ C:\Users\Public\Desktop\NVIDIA GeForce NOW.lnk
2018-04-08 19:49 - 2018-04-14 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-08 19:20 - 2018-04-08 19:23 - 057942864 _____ (NVIDIA Corporation) C:\Users\maxvh\Downloads\GeForceNOW-release.exe
2018-04-08 11:22 - 2018-05-01 06:43 - 000000000 ____D C:\Program Files\Fortnite
2018-04-06 12:51 - 2018-04-06 12:51 - 000000000 ____D C:\Users\maxvh\AppData\Local\pcirtgl
2018-04-06 12:39 - 2018-04-06 12:40 - 072480328 _____ (Malwarebytes ) C:\Users\maxvh\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4626.exe
2018-04-05 09:08 - 2018-04-05 09:08 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-02 06:18 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-02 06:18 - 2017-08-13 14:34 - 000000000 __SHD C:\Users\maxvh\IntelGraphicsProfiles
2018-05-01 22:10 - 2018-02-15 23:11 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Twitch
2018-05-01 22:10 - 2017-08-16 12:21 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-01 22:10 - 2017-08-13 15:29 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-01 22:08 - 2018-03-22 21:30 - 000000000 ____D C:\Users\maxvh\AppData\Local\reeibgh
2018-05-01 21:31 - 2017-10-18 20:21 - 000007613 _____ C:\Users\maxvh\AppData\Local\Resmon.ResmonCfg
2018-05-01 21:12 - 2017-12-28 18:31 - 000000000 ____D C:\Users\maxvh\AppData\Local\Spotify
2018-05-01 20:55 - 2017-12-28 18:30 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\Spotify
2018-05-01 19:51 - 2017-08-13 19:46 - 000000200 _____ C:\Users\maxvh\AppData\Roaming\sp_data.sys
2018-05-01 19:19 - 2017-12-14 17:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-01 15:49 - 2017-12-14 17:38 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8FDB9909-6BCD-4D4E-A2F7-380995E575B4}
2018-05-01 15:31 - 2018-03-23 18:16 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-01 15:31 - 2018-03-23 18:16 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-01 08:55 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-01 07:10 - 2017-12-14 17:40 - 002474438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-01 07:09 - 2017-12-14 17:38 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4229614920-2763462209-2835931092-1001
2018-05-01 07:09 - 2017-08-13 14:36 - 000002369 _____ C:\Users\maxvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-01 07:09 - 2017-08-13 14:36 - 000000000 ___RD C:\Users\maxvh\OneDrive
2018-05-01 07:04 - 2018-03-22 21:29 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\vsswdgzsvc.exe
2018-05-01 07:04 - 2017-12-14 17:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-01 07:03 - 2017-09-29 01:45 - 025690112 _____ C:\WINDOWS\system32\config\HARDWARE
2018-05-01 07:03 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-05-01 06:55 - 2017-02-25 16:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-01 06:46 - 2018-03-08 07:28 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-01 06:30 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-01 06:30 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-30 12:46 - 2017-08-14 12:09 - 000000000 ____D C:\Users\maxvh\AppData\Local\CrashDumps
2018-04-30 07:50 - 2017-08-16 12:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-28 14:40 - 2017-08-22 08:29 - 000000000 ____D C:\Users\maxvh\Documents\My Games
2018-04-28 14:11 - 2017-12-09 18:44 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\qBittorrent
2018-04-27 19:28 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-27 19:28 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-27 19:28 - 2017-02-25 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-27 19:28 - 2017-02-25 17:04 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-27 15:21 - 2017-08-14 09:14 - 000000000 ____D C:\Users\maxvh\ansel
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-04-25 21:47 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 __RSD C:\WINDOWS\media
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\setup
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\ras
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\ias
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\com
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\IME
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Cursors
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\addins
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\Services
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-04-25 21:47 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-04-25 21:47 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-04-25 21:47 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\servicing
2018-04-25 21:46 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-04-25 21:43 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\registration
2018-04-25 20:58 - 2017-12-14 17:34 - 000000000 ____D C:\Users\maxvh
2018-04-25 20:26 - 2017-02-25 16:45 - 001367461 _____ C:\DUMP1750.tmp
2018-04-25 13:05 - 2018-02-08 19:52 - 000000000 ____D C:\Users\maxvh\AppData\Local\NVIDIA Corporation
2018-04-24 21:01 - 2018-02-24 22:41 - 000000000 ____D C:\Users\maxvh\AppData\Local\Last.fm
2018-04-23 08:44 - 2017-12-14 17:34 - 000000000 ____D C:\Users\maxvh\AppData\Local\Packages
2018-04-22 17:42 - 2017-08-16 12:01 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-04-21 22:14 - 2017-02-25 16:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-15 12:09 - 2017-08-15 19:13 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\.minecraft
2018-04-15 11:14 - 2017-08-24 16:39 - 000000000 ____D C:\Users\maxvh\AppData\Local\NVIDIA
2018-04-15 08:14 - 2018-02-12 07:37 - 000000000 ____D C:\ProgramData\Logishrd
2018-04-14 17:28 - 2017-08-16 12:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-14 17:28 - 2017-08-16 12:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-13 21:49 - 2017-12-14 17:38 - 000003936 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1504649893
2018-04-13 21:49 - 2017-09-05 15:18 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-04-13 21:49 - 2017-09-01 14:45 - 000000000 ____D C:\Program Files\Opera
2018-04-09 20:59 - 2017-08-14 14:45 - 000000000 ____D C:\Users\maxvh\AppData\Local\ElevatedDiagnostics
2018-04-09 06:53 - 2017-09-04 18:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-05 17:02 - 2018-01-12 19:38 - 000000000 ____D C:\Users\maxvh\AppData\Roaming\discord
2018-04-03 12:37 - 2017-09-29 06:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-03 12:37 - 2017-09-29 06:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-08-13 19:46 - 2018-05-01 19:51 - 000000200 _____ () C:\Users\maxvh\AppData\Roaming\sp_data.sys
2017-10-16 19:34 - 2017-10-17 17:18 - 000005120 _____ () C:\Users\maxvh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-18 20:21 - 2018-05-01 21:31 - 000007613 _____ () C:\Users\maxvh\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-04-14 16:45 - 2018-04-20 18:50 - 000000000 _____ () C:\Users\maxvh\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-04-14 16:45 - 2018-04-20 18:50 - 000000017 _____ () C:\Users\maxvh\AppData\Local\Temp\a076beaf9db173977b97658ca7f5c11a.dll
2018-04-26 07:43 - 2018-04-26 07:43 - 014768072 _____ (Reimage) C:\Users\maxvh\AppData\Local\Temp\ReimagePackage.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wiehkoru.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-04-14 08:22
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by maxvh (02-05-2018 06:20:15)
Running from C:\Users\maxvh\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-15 00:39:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4229614920-2763462209-2835931092-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4229614920-2763462209-2835931092-503 - Limited - Disabled)
Guest (S-1-5-21-4229614920-2763462209-2835931092-501 - Limited - Disabled)
maxvh (S-1-5-21-4229614920-2763462209-2835931092-1001 - Administrator - Enabled) => C:\Users\maxvh
WDAGUtilityAccount (S-1-5-21-4229614920-2763462209-2835931092-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}) (Version: 20.24.401.14520 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}) (Version: 20.24.401.14520 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.21 - ASUS)
ASUS Input Configuration (HKLM-x32\...\{7DDF7571-64BD-4232-9729-20FF10CE6C62}) (Version: 1.0.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.13 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0045 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{63A1E236-1A28-4457-B9BC-A380A89E2D67}) (Version: 3.12.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Clustertruck (HKLM-x32\...\{BB09E395-9405-44CA-A17C-98DF998CF216}) (Version:  - TinyBuild LLC)
Crossout Launcher 1.0.3.38 (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\CrossOutLauncher_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Discord (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{dd334b4b-1f2c-4218-b16c-ad011caa7fe1}) (Version: 3.0.30.1111 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{25779f5d-6b0a-4e11-89e8-441b93c6ce2b}) (Version: 19.10.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{E9D9CF4A-A8B8-4566-86D5-CD3F13624E65}) (Version: 3.0.30.1111 - Intel Corporation) Hidden
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9226.2114 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9226.2114 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Middle-Earth: Shadow of War (HKLM-x32\...\Middle-Earth: Shadow of War_is1) (Version:  - )
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA GeForce NOW 1.7.2.38 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 1.7.2.38 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
Oracle VM VirtualBox 5.2.6 (HKLM\...\{EA9602E3-0184-45B9-9E15-028776CD7A6E}) (Version: 5.2.6 - Oracle Corporation)
qBittorrent 4.0.4 (HKLM-x32\...\qBittorrent) (Version: 4.0.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11219 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
Spotify (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
Thunderbolt™ Software (HKLM-x32\...\{F55C97BF-D9B2-4BB6-B16A-25A621BC50E9}) (Version: 16.2.52.250 - Intel Corporation)
Tom Clancy's Ghost Recon Wildlands (HKLM\...\Tom Clancys Ghost Recon Wildlands_is1) (Version: 1.0 - )
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Twitch (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
VEGAS Pro 15.0 (HKLM\...\{E0F91FB0-7FC4-11E7-B8E9-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
Vernier Graphical Analysis 4.3.0-759 (HKLM-x32\...\4eb51088-1521-559c-b5d0-932221840d75) (Version: 4.3.0-759 - Vernier Software & Technology)
Vernier Interface Drivers (HKLM-x32\...\{F458AF82-CB09-4F8C-AB1F-CD8E36487435}) (Version: 2.01.000 - Vernier Software & Technology)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHFilter) HIDClass  (12/19/2016 1.0.0.2) (HKLM\...\EEDD19DDF3F0CA7CFA2F4C500D442DD1FEB434F6) (Version: 12/19/2016 1.0.0.2 - ASUS)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (08/15/2016 11.0.0.13) (HKLM\...\A2DEE012DC7578575962E3ACBE995AE145C87914) (Version: 08/15/2016 11.0.0.13 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4229614920-2763462209-2835931092-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maxvh\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Users\maxvh\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\maxvh\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {020BE0F2-F813-42BF-8C79-E6FFA51E9BA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229614920-2763462209-2835931092-1001UA => C:\Users\maxvh\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {0978780A-A519-4879-93EB-043D4C0E7212} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {0BEAE191-0DC3-4E49-9A3A-86D9BD1A59EE} - System32\Tasks\WpsExternal_20161125010520 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1DDF3EA2-5C42-4A75-8633-66C3AB64ACB0} - System32\Tasks\bagatelle_bifocal => C:\Users\maxvh\AppData\Local\permitted.exe
Task: {26D696FF-FB4A-4198-9D80-7FD1336E75B5} - System32\Tasks\TechUtilities => C:\Program Files (x86)\TechUtilities\TechUtilities.exe
Task: {3818A496-0BA5-441E-9B6D-108B70DE9656} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
Task: {3981CEA6-5EC7-42D0-92E9-219392395FF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {3CA091AB-F0D9-49B2-8DC5-26CBF0A86C39} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {3E5BFC8B-9117-4D6E-A5E5-871E76F63730} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-07-07] (ASUSTek COMPUTER INC.)
Task: {4828BCD0-BFF8-4590-8DD6-492E30E49700} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-23] (NVIDIA Corporation)
Task: {49F4BE5E-2F3E-4C9C-8E3F-576FCDBB565B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {56B0AA63-F211-4C86-9111-1009ACDE9D7C} - System32\Tasks\gabagatelle_bifocalbagatelle_bifocal => C:\Users\maxvh\AppData\Local\permitted.exe
Task: {58C722C2-44C0-4BFA-BC33-26BB205931DC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {5D99CE4C-3722-49EA-9968-EC29AEF0487C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-23] (NVIDIA Corporation)
Task: {5FC321C5-707A-4A35-9006-68992273E607} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {615AE83B-26A3-405E-AC4A-63AA9E264F4A} - System32\Tasks\lauter-peachy => C:\Program Files (x86)\entails\permitted.exe
Task: {67F31AD4-93FD-49B7-BEE9-377CE947B4C9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-23] (NVIDIA Corporation)
Task: {68CA851D-C51A-4E02-9CBF-9EE3D65CC6E2} - System32\Tasks\NVIDIA GeForceNow_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Users\maxvh\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe [2018-04-24] (NVIDIA Corporation)
Task: {6A447754-B938-4AEF-88D1-A9ABB7614DA6} - System32\Tasks\gaharriman phenomenalharriman phenomenal => C:\Program Files (x86)\Fina\permitted.exe
Task: {6BD199DF-B508-464F-8702-C8E968433432} - \garuffian_scarcelyruffian_scarcely -> No File <==== ATTENTION
Task: {6E6178EB-DC17-4881-AA12-CE1F3B65F803} - System32\Tasks\ruthenium => C:\Program Files (x86)\Antonovich\wolfgang.exe
Task: {780D2EA3-9E11-49E8-BEAE-30E864659F12} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2016-03-07] (ASUSTek Computer INC.)
Task: {80BC9CC0-041E-4F65-9C8F-C9B710006834} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {870531DA-819B-4804-A007-7FAF45ACB11D} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {8B6D6BD7-A0D0-4AB1-9C62-CE3EC41709AF} - System32\Tasks\garutheniumruthenium => C:\Program Files (x86)\Antonovich\wolfgang.exe
Task: {8D5B437E-896C-4D1E-AF4C-AFF7C9D2C2C6} - System32\Tasks\S-1-5-21-4229614920-2763462209-2835931092-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {8D7C30E3-14C0-45F2-8B6E-EC5D121F58A7} - System32\Tasks\gabuzzer maru violetsbuzzer maru violets => C:\Users\maxvh\AppData\Local\wolfgang.exe
Task: {9019FE7B-E324-4AF3-AF79-F9EB0DD3A8F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {96B93A77-641B-482D-AA08-C4B2CDBF73CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4229614920-2763462209-2835931092-1001Core => C:\Users\maxvh\AppData\Local\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {96DD15B6-4EF9-42E3-955E-AB2773A21A62} - System32\Tasks\buzzer maru violets => C:\Users\maxvh\AppData\Local\wolfgang.exe
Task: {AFE44623-F018-4260-A4B7-37B34DF2137D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-23] (NVIDIA Corporation)
Task: {B16CE261-C8CF-404B-B0E7-5553D2D454C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {B2407991-1F07-4E13-9567-28CB32080F70} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {BA4A357F-5C06-4062-ABA3-5C85CC6D0AB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-13] (Google Inc.)
Task: {BAD6751E-BFBC-4637-96CC-4167A030722C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-23] (Microsoft Corporation)
Task: {BD3EF1C3-558C-4B0E-A9A9-EAF86C2FC044} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-27] (Microsoft Corporation)
Task: {C3E354FB-0969-4502-A2DD-4E08CC35EF86} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-04-27] (Microsoft Corporation)
Task: {C4F90505-6DE4-407E-9252-26BCA35E68C3} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {D16C5273-89D3-40B7-B067-B8F7C71D76C8} - \ruffian_scarcely -> No File <==== ATTENTION
Task: {D2FF7690-E516-4AF5-BB28-7E1E4F7E8C0D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {DC73DCC3-30E4-4826-8761-C3100A429A76} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {E0467F20-ADF5-4DBF-A556-080D3654B911} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {E9B327AF-2C0E-4B77-A6BE-7F9662902E7D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-10-03] (Realtek Semiconductor)
Task: {EC822F0D-54C9-40AF-9EA6-347170C659FA} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {EEFBE1E5-687C-454C-9C3A-B2423437E74D} - System32\Tasks\galauter-peachylauter-peachy => C:\Program Files (x86)\entails\permitted.exe
Task: {F04D63A8-B370-41C2-B485-F8C76F377FDF} - System32\Tasks\CheckFlipService => C:\Program Files\ASUS\ASUS FlipLock\CheckFlipService.exe [2016-12-16] ()
Task: {F126FABB-B471-4015-AC9C-FF37696F35A1} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-10-03] (Realtek Semiconductor)
Task: {F3E81A18-56F9-42DD-BB5E-632F2FE8788D} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F7BCBDA2-51B5-4BF2-A9C4-7FB8F23631E1} - System32\Tasks\Opera scheduled Autoupdate 1504649893 => C:\Program Files\Opera\launcher.exe [2018-04-10] (Opera Software)
Task: {F8235DAB-1B86-4D95-ADD2-77588DEAE0BE} - System32\Tasks\harriman phenomenal => C:\Program Files (x86)\Fina\permitted.exe
Task: {F8CE7BCC-B553-4B46-B6D1-0BC18931A7D1} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {FC22EA7E-A9CE-4FF7-8B3B-B6A8B271ECA0} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-10-12] (ASUS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files (x86)\TechUtilities\TechUtilities.exe-t C:\Program Files (x86)\TechUtilities\TechUtilities.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161125010520.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-14 17:28 - 2018-03-23 18:19 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-16 12:21 - 2018-03-23 16:02 - 000135136 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-12-14 14:21 - 2017-12-14 14:21 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-03-13 20:50 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 20:50 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-25 06:46 - 2018-04-25 06:47 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-25 06:46 - 2018-04-25 06:47 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-29 06:41 - 2017-09-29 06:41 - 001949184 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2018-04-25 06:47 - 2018-04-25 06:47 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.9.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-04-25 06:47 - 2018-04-25 06:47 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.9.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-01 15:31 - 2018-04-25 20:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-05-01 15:31 - 2018-04-25 20:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 04:47 - 2018-03-22 21:43 - 000001346 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\maxvh\Pictures\Saved Pictures\alta.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ASUS Flip Service => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FBAgent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: ThunderboltService => 3
MSCONFIG\Services: Tran_Process_Proc => 2
MSCONFIG\Services: wpscloudsvr => 3
MSCONFIG\Services: WRSVC => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "exemptionsgaultier"
HKLM\...\StartupApproved\Run: => "exemptionsexemptions"
HKLM\...\StartupApproved\Run: => "exemptions"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "WRSVC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "unsubtleluxembourg"
HKLM\...\StartupApproved\Run32: => "unsubtleunsubtle"
HKLM\...\StartupApproved\Run32: => "unsubtle"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "sidingsiding.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "bdijdvev.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\StartupFolder: => "siding.lnk"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "capitalistic"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "ofxduo"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "gaultierexemptions"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "luxembourgunsubtle"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "fadlallah"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "gaultiergaultier"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "gaultier"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "luxembourgluxembourg"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "luxembourg"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-4229614920-2763462209-2835931092-1001\...\StartupApproved\Run: => "WarThunderLauncher"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{19B32F53-7F11-4B07-A774-134B689A591B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{5A1A885D-36A2-420B-B73A-33298149AA46}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{F168AD7B-F6A9-4F92-80A4-50535DFFEEC0}D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{64CD8C57-C9BC-4FD9-B053-F2493FCC5737}D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\yeahs\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{33187968-251F-4F55-9243-2193113BD2E0}D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{6B2419F4-AC76-42D4-A8D4-FB47C44B3D2D}D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{C20FA645-F7D1-4A4E-9258-881C108FC7F7}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{5DBF7D52-EBB2-4B5D-A660-EB8B65D47A24}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BFC9791C-20E8-4DD2-AB27-BFDC4BA9263F}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{8C520742-08D7-4DFA-B168-618A54A2D7AB}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{D590B953-E912-4E13-9F03-A9FECDF804E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CC251AD4-7ACA-499B-90CC-C6CDB0F66290}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{9529500B-A99F-474A-836E-87D5DB9A2705}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ZenSync_1.0.7.0_x86__qmba6cd70vzyy\AppService\AppService_NotificationHost.exe
FirewallRules: [{0ED96753-4122-44F2-AB65-86F470BA2A68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7C612320-8B35-4065-8F34-E6E108DC9509}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7DEB0DD8-3BEE-45B0-8B94-25791BC5CD77}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{4FA82B66-6852-4338-BAB9-DE6885E5EDC1}] => (Allow) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{879F86AE-A198-4B8D-8604-01E96B10E58C}] => (Block) D:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{4BC44DB3-AD5B-4BE8-8D1E-42DD6D52D736}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{746F8881-40F3-47B8-8ED4-8219A4778AA8}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe
FirewallRules: [{44669996-4F2D-450A-B4D9-7AC70AC413B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4CC1490B-C39E-4133-B404-6322FA85029B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FBC8BB13-A7AF-4B98-B0AA-7ADE015A51FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{00EFD0AB-05E0-4F51-A4EC-5C326CAA8374}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B86F10DC-3FED-443F-9870-0003BFDAED8E}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{E73D6B25-9471-4694-B919-B671FF00873A}] => (Allow) D:\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{7E596F59-56E2-481E-ACD3-1E19F3F899B1}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FEFFFDA2-F729-4266-A284-7B79D46069DF}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9E2C3D3E-AEE3-47DE-BF2E-205CC0222CA4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B31A4C3C-B706-4C02-B7DC-4494353D432D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{14662188-6AD8-4E86-BA2C-08A4A22C6EFD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D05D4FA1-7E7F-423A-9682-D8DDDB145EB5}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [UDP Query User{EA43CD4E-4F01-4D6F-92BF-CDBE6BC4433F}D:\yeahs\call of duty black ops 2\sp.exe] => (Allow) D:\yeahs\call of duty black ops 2\sp.exe
FirewallRules: [TCP Query User{BC835383-AB91-41E7-BF72-6235884A45E5}D:\yeahs\call of duty black ops 2\sp.exe] => (Allow) D:\yeahs\call of duty black ops 2\sp.exe
FirewallRules: [UDP Query User{E657433B-74DC-45AF-9E00-A287E51D2D34}D:\yeahs\counter-strike global offensive\csgo.exe] => (Allow) D:\yeahs\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{ADCF6A47-A89C-4E64-A637-ABD16EEF6A8E}D:\yeahs\counter-strike global offensive\csgo.exe] => (Allow) D:\yeahs\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{EB21D5D5-918A-4872-A101-D084F24AC63B}D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe] => (Allow) D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{9CB505D4-4154-4E86-9541-FF8929AC2996}D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe] => (Allow) D:\steamlibrary\steamapps\common\far cry primal\bin\fcprimal.exe
FirewallRules: [{E05D75DD-A60F-4D2E-9876-5461E6BFEBCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ADC62FA6-04A8-45ED-B12F-DE19AEA05C17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E51F7CEF-1D55-4685-8E90-3D7C2F8F207B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6FC9A8DD-2709-4B46-A3B9-6B2468B4D878}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7F23BFEA-0A8A-4868-AC0F-E702CF6C51E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{861BB97A-68BA-426E-BF3D-5FC3F7FDAF6B}] => (Allow) D:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{63D3A337-1D24-4075-83D6-077AC8DF0A6F}] => (Allow) D:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [UDP Query User{ECC3CB5C-167A-42A1-BBB3-C7B2516DD865}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{129C163B-CA78-442C-BA62-FB4A002DE2DC}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{72AF2EDF-0D0C-49BE-B39E-E653614B3D34}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{2F2E9EC6-C4D8-4302-B59B-26A03C523689}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{F5833281-F606-4C2D-854D-F77FF29BA174}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{C846BF86-890D-4512-A623-4E011CE3EDED}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{E248A5BE-2877-41A7-BCE9-0CFBF381BD9D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{5E4E863D-C65F-46B5-9A78-E6942B925836}C:\users\maxvh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maxvh\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{276E53CE-1F71-42EB-A0D3-DC4A15708C46}C:\users\maxvh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maxvh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792E400-448D-45AE-BECE-12786BE40B28}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C95C4A85-4489-4521-AF7D-7F4A64067812}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
FirewallRules: [{FE359EBB-A6F9-45F7-BA33-7668E16214F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{22EBF4BD-41D0-4DF5-B113-9264CA453FE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A17552C-1591-4AFF-BD06-4120A2A11D5F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{35F3D57B-B8BB-41B1-A12D-11C3290C1834}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3CE32ED9-CC3D-429F-BE43-94BF9D499A23}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{AB34A21C-7ADE-4F98-AF26-436D49622E42}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{095EBD4A-562F-40C3-A430-7C3444DC8632}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A6A8CDE3-E289-4C36-9392-21B9F5A96ACE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A78F053E-CE24-44D2-A3B5-93A768EFCB1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BC94315-E2AF-4AF2-BA75-F8E1B83B0FF6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B425832F-B8FE-45AD-9CAE-63B983EBCA81}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{58378151-8960-4F39-9DBD-31E7AE482DE5}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{670167B0-4FC7-45B3-B55A-38F0C8BD7C02}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{4EDB6E15-BAAB-4EBB-9CB5-CF63E3BA708E}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{6FA151A9-1D14-4BC9-B7F0-3743E102E993}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{78CBD1F8-3FD7-441E-8574-9910D731E5E8}D:\games\fifa18\fifa18.exe] => (Allow) D:\games\fifa18\fifa18.exe
FirewallRules: [UDP Query User{995B69ED-84BF-4D15-9263-2D24324DCBC2}D:\games\fifa18\fifa18.exe] => (Allow) D:\games\fifa18\fifa18.exe
FirewallRules: [TCP Query User{30F7D391-90D7-4F81-99CE-C2C452BD3742}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{EC922136-CA6C-4D54-830A-B6332ECA4968}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{6B06D009-1712-4959-BA6C-E4A6B299529C}C:\users\maxvh\appdata\local\fivem\fivem.exe] => (Allow) C:\users\maxvh\appdata\local\fivem\fivem.exe
FirewallRules: [UDP Query User{8F696C6C-0A27-4A3C-B3FB-220FDF35BCEE}C:\users\maxvh\appdata\local\fivem\fivem.exe] => (Allow) C:\users\maxvh\appdata\local\fivem\fivem.exe
FirewallRules: [{0F8A01BC-675D-42F2-B799-A707556F6039}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\65.0.3325.40\remoting_host.exe
FirewallRules: [{97C28D5D-0696-43B0-844E-EAD839AC2B52}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{EBD09094-E967-4049-81A1-93BA14E29DEB}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{8E2E5C94-FA75-4799-B256-22358B9B5FE3}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{2443FF81-1095-4951-9EDC-F05AA44F07AF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{43F7C23D-8A79-4483-8278-8EF691716674}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{AA61B448-BA1E-4AAC-BAB5-763574231CE8}] => (Allow) C:\Program Files (x86)\Antonovich\wolfgang.exe
FirewallRules: [{DA9AAF09-07B2-4EF7-A601-7D5CBE0BB7FC}] => (Allow) C:\Program Files (x86)\entails\permitted.exe
FirewallRules: [{53E9C3B7-0CBD-4F71-9B55-FCDC377BB2CD}] => (Allow) C:\Program Files (x86)\Fina\permitted.exe
FirewallRules: [{EAAF6C8A-E5CE-4F45-9FC9-6D47ECF600A3}] => (Allow) C:\Program Files\Opera\52.0.2871.40\opera.exe
FirewallRules: [TCP Query User{D38A0DEB-CA87-4D77-9AF2-487D1A7C21D1}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [UDP Query User{195B2F02-AF9C-40AC-8601-3C70D2DDD70C}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [TCP Query User{9C2B1795-E28E-4B98-A26F-D6CC7F27C2D1}C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{61E731AB-EB04-42BF-82CC-0124E35F8589}C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{76E0423C-5A47-4B23-8CB1-4F5C54519EEE}D:\games\crossout\launcher.exe] => (Allow) D:\games\crossout\launcher.exe
FirewallRules: [UDP Query User{3E932808-DA20-4E12-A343-62341DC1CF75}D:\games\crossout\launcher.exe] => (Allow) D:\games\crossout\launcher.exe
FirewallRules: [{C37EBD2A-85F0-4F02-A180-0A87997B6CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raceland\Raceland\Raceland.exe
FirewallRules: [{77F5322B-7CA9-4ABF-A6ED-C724AB2D2F69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raceland\Raceland\Raceland.exe
FirewallRules: [{1ED8D698-F64E-4197-9CD9-47D07F43BFA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlegun\Battlegun.exe
FirewallRules: [{26F625E8-92D4-43F2-80B0-35323098192F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlegun\Battlegun.exe
FirewallRules: [TCP Query User{C8A928BC-E5B4-43EF-871F-E066AB63EE7C}D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{7C44316C-97E9-489B-93B3-C32B50F20F22}D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{D8545015-42CA-4662-A85E-945AA2A88CF5}] => (Allow) C:\Program Files\Opera\52.0.2871.64\opera.exe
FirewallRules: [{21B649DA-2FF9-4790-A6AA-FE7A42D8A652}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{18D256CE-E171-42D4-BDE2-FA75A012E4A9}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{3B15BCED-4820-447B-A844-32D927682EB6}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{6B073BB5-94D5-4A8B-BDE0-0666ECFD701D}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{F44E2C1F-85DF-4359-AFF6-6ADBDADB8E99}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8480243A-9D9E-4971-916A-C0D81A2199CF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{C65B709B-EF9E-4C80-9BDB-1C7DB3669724}C:\users\maxvh\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{10B70551-2253-4D59-B862-85BFF754DE61}C:\users\maxvh\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{BB84F1DE-2F27-4852-8FCA-88E75E6A6DFA}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{A4B32477-8AF1-4862-86D4-ABD44DA0AB99}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{BE35C671-4178-445C-80B3-B1142AEBBC5A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{D142F922-313B-437D-9CB0-CF8C27CA77B4}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{0ACB511E-9249-436C-B83A-D5CFECFBB894}C:\users\maxvh\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{F9AC3FDA-AA2B-48AC-A2C7-599106E63A9D}C:\users\maxvh\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\maxvh\appdata\local\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{8F9B4957-3EF5-44A4-BCC0-37EB3998589C}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [UDP Query User{F872EBD4-C6F9-4EDD-B3E4-FC572E25DD71}D:\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\games\tom clancy's ghost recon wildlands\grw.exe
FirewallRules: [{6DA99CA0-24E1-489F-995B-3677B07C4DD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
01-05-2018 21:54:58 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/01/2018 10:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ICEsoundAPO64.dll, version: 1.0.0.20, time stamp: 0x56e94d73
Exception code: 0xc0000409
Fault offset: 0x000000000002571c
Faulting process id: 0x2f10
Faulting application start time: 0x01d3e1cdd76fb9a8
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\ICEsoundAPO64.dll
Report Id: 39ea16f6-0642-485b-8324-d7bf84724bda
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 10:10:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x2f10
Faulting application start time: 0x01d3e1cdd76fb9a8
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5ac7a1d7-76cb-4444-968c-329f31cc8ff6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 10:10:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x2f10
Faulting application start time: 0x01d3e1cdd76fb9a8
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f045c93c-442e-40cd-a90e-de1767ad73f0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 08:55:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ICEsoundAPO64.dll, version: 1.0.0.20, time stamp: 0x56e94d73
Exception code: 0xc0000409
Fault offset: 0x000000000002571c
Faulting process id: 0x1dc4
Faulting application start time: 0x01d3e19c8d89fa7d
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\ICEsoundAPO64.dll
Report Id: 791f8b33-b844-4f5d-b1c2-c11b7632a219
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 08:55:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ed
Faulting process id: 0x1dc4
Faulting application start time: 0x01d3e19c8d89fa7d
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3ddfbb24-61bf-4fcc-b1f1-96cbcaffe923
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/01/2018 04:21:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1031
 
Error: (05/01/2018 04:21:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1031
 
Error: (05/01/2018 04:21:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/02/2018 06:20:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: 2018-04 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4093112).
 
Error: (05/02/2018 06:20:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (05/02/2018 06:19:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (05/02/2018 06:19:10 AM) (Source: DCOM) (EventID: 10010) (User: BEST)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
 
Error: (05/02/2018 06:19:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (05/02/2018 06:18:57 AM) (Source: DCOM) (EventID: 10016) (User: BEST)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user BEST\maxvh SID (S-1-5-21-4229614920-2763462209-2835931092-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/02/2018 06:18:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/02/2018 06:18:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-03-22 21:28:34.055
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Optiminz.A
ID: 2147725072
Severity: Severe
Category: Trojan
Path: file:_C:\Users\maxvh\AppData\Local\Temp\setup (1).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\maxvh\AppData\Local\Temp\instalelerxvid.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:28:10.476
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Misleading:Win32/Clepissup
ID: 240732
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files (x86)\pccleanplus\pccleanplus.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\maxvh\AppData\Local\Temp\is-LK9A3.tmp\jfk0021.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:27:31.379
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanSpy:Win32/Tougle!rfn
ID: 2147721815
Severity: Severe
Category: Trojan Monitoring Software
Path: file:_C:\Users\maxvh\AppData\Local\Temp\vofas.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\maxvh\AppData\Local\Temp\instalelerxvid.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:27:14.215
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Skeeyah.G
ID: 2147724449
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files\Realtek\0V8JWJA0XTKZA10V7OPJ646\P9dl0i-tg-.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-22 21:27:08.950
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Cloxer.D!cl
ID: 2147726003
Severity: Severe
Category: Trojan
Path: file:_C:\Users\maxvh\AppData\Local\Temp\is-LK9A3.tmp\jfk0021.exe;process:_pid:8488,ProcessStart:131662528172997396
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\maxvh\AppData\Local\Temp\is-LK9A3.tmp\jfk0021.exe
Signature Version: AV: 1.263.984.0, AS: 1.263.984.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-13 07:42:29.700
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.509.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x800b0109
Error description: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 
 
CodeIntegrity:
===================================
 
Date: 2018-05-02 06:19:56.967
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:19:56.966
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:19:04.151
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:19:04.150
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.701
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.657
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.598
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-02 06:18:54.582
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 26%
Total physical RAM: 16264.18 MB
Available physical RAM: 11910.68 MB
Total Virtual: 19193.18 MB
Available Virtual: 15384.15 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:475.78 GB) (Free:283.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:1863.02 GB) (Free:1210.28 GB) NTFS
 
\\?\Volume{5e28db9b-42d6-4eca-97cb-ec0c5bf58f6b}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{c90095bb-ee6c-4017-994a-337f7aae80f5}\ () (Fixed) (Total:0.89 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 6A7A13E3)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 27200D5B)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



#5 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 AM

Posted 02 May 2018 - 10:26 AM

The following log lines confirm my suspicion that you have a version of an infection that we know as Smart Service, and we need to take care of that before we can attend to anything else that may be on your machine.
 

HKLM\SYSTEM\CurrentControlSet\Services\hnilrbpe <==== ATTENTION (Rootkit!)
C:\WINDOWS\system32\drivers\wiehkoru.sys -> Access Denied <======= ATTENTION


At this point I usually give the person I'm helping the option to either ...
  • Reset their computer to factory condition
  • Attempt to clean it of infection
.... but your opening post makes it clear that you'd prefer not to reset unless you have to, so lets proceed with attempting to clean your machine of infection.

To do this, you need two things ...
  • Access to another uninfected machine, which can be used to download any tools we need.
    • Any tools downloaded on the infected machine will be "modified" by your infection to make them ineffective.
  • A USB drive to transfer things to the infected machine.
Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
 

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, let's get down to things ....

We're going to run a scan with FRST from Recovery Environment. When FRST is run ths way it should automatically detect and remove the rootkit driver.
  • Using your clean computer download a new copy of FRST64 to a USB flash drive.
  • Power down the infected computer.
  • Once it is powered down, Plug the USB drive into the infected machine. (Don't plug the drive in until the machine is completely shut down, or your infection will corrupt FRST, and we'll have to start over again.
Boot your computer into Recovery Environment
  • Please follow the instructions ... HERE ... that explain how to open a Command window in Recovery Environment.
  • Once the Command window is open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Post me the FRST.txt log please.


#6 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 AM

Posted 04 May 2018 - 12:00 AM

It's been over 48 hours since I posted my instructions to you, do you still need help ?

 

If you do, please post me the FRST log I asked for in my last post, if not please let me know so I can close this topic.

 

If I don't here from you within 24 hours I will assume you no longer need my assistance with your problem and will close this topic.



#7 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 AM

Posted 04 May 2018 - 11:33 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users