Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU usage after virus removal


  • This topic is locked This topic is locked
16 replies to this topic

#1 Lugi

Lugi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 04 August 2018 - 05:54 AM

Hello,

 

about two weeks ago my computer got infected pretty hard, I used HitmanPro and Avast to get rid of the viruses and I thought I did.

Since then it has slowed down substantially, so much that you can even see how the mouse on the desktop is moving choppy, with like 10 FPS.

I tried additional boot time scan, it found a few more viruses, but it didn't fix the performance problem.

 

I tried running FRST in safe mode, and I got some logs, but I don't have a spare PC, so couldn't do it properly.

 

Please help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Lugi (administrator) on LUGI-PC (04-08-2018 12:15:03)
Running from E:\
Loaded Profiles: Lugi (Available Profiles: Lugi & MSSQLSERVER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\cmd.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [V0420Mon.exe] => C:\Windows\V0420Mon.exe [32768 2007-04-30] (Creative Technology Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-04-13] (Sony)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [754176 2016-07-29] (Oracle Corporation)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {0197d8f2-f083-11e7-82c1-02444b173606} - E:\AutoRun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {364f2b63-21ca-11e7-82be-6c626db42707} - E:\autorun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {364f2b65-21ca-11e7-82be-6c626db42707} - E:\Autorun.exe
AppInit_DLLs: C:\ProgramData\Quoteex\Zummaron.dll => C:\ProgramData\Quoteex\Zummaron.dll [342528 2018-07-15] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{04BFD8FF-CDC3-4094-B588-98ABD9FA3431}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0EE1496B-262C-4FC2-A311-09A8E35BA886}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{1374243A-5E5A-4D01-9EED-7E7419E73344}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1950F0AD-0CD8-4FEB-906A-57A34A8B82E2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{19EACBD0-661E-41F0-A7D9-1FEDEFCE8BCC}: [DhcpNameServer] 62.179.1.62 62.179.1.63
Tcpip\..\Interfaces\{4B97EA35-03B4-4B63-96D9-C91A27B7995D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{92F7CCFC-6273-4DC4-81B6-427AE1327DA4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D15FC7E7-8917-402A-9A58-BBC8F046BE56}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-07-15] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-07-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-03] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-15] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-29] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,
CHR Profile: C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default [2018-08-04]
CHR Extension: (Prezentacje) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Dysk Google) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
CHR Extension: (YouTube) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
CHR Extension: (uBlock Origin) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-22]
CHR Extension: (Arkusze) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (I don't care about cookies) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2018-08-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-14]
CHR Extension: (AdBlock) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-26]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Tind3r.com - client.) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\olicollicgbjgnialpnmnolopimdccon [2017-05-25]
CHR Extension: (Gmail) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-07-15] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-15] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-20] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-07-23] (SurfRight B.V.)
S2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] ()
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39334400 2017-03-18] () [File not signed]
S3 MySQLRouter; C:\Program Files\MySQL\MySQL Router 2.1\bin\mysqlrouter.exe [326144 2017-04-06] () [File not signed]
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-09-24] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2017-09-24] ()
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2202112 2017-04-13] (Sony) [File not signed]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-07-15] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-15] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-07-15] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-07-15] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-07-15] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-07-15] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-07-15] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-07-15] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-07-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-07-15] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-07-15] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467064 2018-07-24] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-07-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-07-15] (AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-01-26] (www.winchiphead.com)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-04-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-04-15] (Disc Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2017-05-14] (Sony Mobile Communications)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-16] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-12-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-12-16] (NVIDIA Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4620040 2016-01-04] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation)
S3 ALSysIO; \??\C:\Users\Lugi\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 12:14 - 2018-08-04 12:15 - 000000000 ____D C:\FRST
2018-07-29 13:01 - 2018-07-29 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-24 02:02 - 2018-07-24 02:02 - 000005234 _____ C:\Windows\system32\.crusader
2018-07-24 01:31 - 2018-07-15 16:16 - 000378072 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-07-23 00:59 - 2018-07-24 02:01 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-23 00:59 - 2018-07-23 00:59 - 000001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-07-23 00:59 - 2018-07-23 00:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-07-23 00:59 - 2018-07-23 00:59 - 000000000 ____D C:\Program Files\HitmanPro
2018-07-23 00:57 - 2018-07-23 00:57 - 011576808 _____ (SurfRight B.V.) C:\Users\Lugi\Downloads\HitmanPro_x64.exe
2018-07-23 00:52 - 2018-07-23 00:52 - 000193673 _____ C:\Users\Lugi\Downloads\CH340.zip
2018-07-23 00:52 - 2018-07-23 00:52 - 000000000 ____D C:\WCH.CN
2018-07-23 00:52 - 2018-07-23 00:52 - 000000000 ____D C:\Users\Lugi\Downloads\CH340
2018-07-23 00:52 - 2015-01-26 00:00 - 000059904 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S64.SYS
2018-07-23 00:52 - 2015-01-26 00:00 - 000041472 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341SER.SYS
2018-07-23 00:52 - 2008-12-18 00:00 - 000020089 _____ C:\Windows\system32\CH341SER.VXD
2018-07-23 00:52 - 2007-06-12 00:00 - 000019680 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S98.SYS
2018-07-23 00:52 - 2005-07-30 00:00 - 000006712 _____ (www.winchiphead.com) C:\Windows\system32\CH341PT.DLL
2018-07-21 02:47 - 2018-07-21 02:48 - 000000000 ____D C:\Users\Lugi\Desktop\xd
2018-07-15 21:43 - 2018-07-15 21:54 - 523355054 _____ C:\Users\Lugi\Downloads\Vengeance Future House Vol.4.rar
2018-07-15 21:30 - 2018-07-15 21:31 - 000000000 ____D C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.2
2018-07-15 21:14 - 2018-07-15 21:21 - 454348487 _____ C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.2.rar
2018-07-15 20:59 - 2018-07-15 21:03 - 000000000 ____D C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.1
2018-07-15 20:34 - 2018-07-15 20:40 - 415404692 _____ C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.1.rar
2018-07-15 20:17 - 2018-07-15 20:17 - 000000000 ____D C:\Users\Lugi\Downloads\yugi_boi_drumkit_revised
2018-07-15 20:15 - 2018-07-15 20:15 - 020121625 _____ C:\Users\Lugi\Downloads\yugi_boi_drumkit_revised.zip
2018-07-15 20:15 - 2018-07-15 20:15 - 000000000 ____D C:\Users\Lugi\Downloads\OWEN J'S MAIN STASH 2.0
2018-07-15 19:36 - 2018-07-15 19:36 - 000000000 ____D C:\Program Files\VSTPlugins
2018-07-15 19:36 - 2018-07-15 19:36 - 000000000 ____D C:\Program Files\Nicky Romero
2018-07-15 19:35 - 2018-07-15 19:35 - 000000000 ____D C:\Users\Lugi\Downloads\Nicky.Romero.Kickstart.v1.0.9.Incl_.Keygen-R2R
2018-07-15 19:34 - 2018-08-02 19:52 - 005170201 _____ C:\Users\Lugi\Downloads\Nicky.Romero.Kickstart.v1.0.9.Incl_.Keygen-R2R.zip
2018-07-15 19:29 - 2018-07-15 19:29 - 000122826 _____ C:\Users\Lugi\Downloads\London On Da Track  Nexus Expansion.zip
2018-07-15 19:29 - 2018-07-15 19:29 - 000000000 ____D C:\Users\Lugi\Downloads\London On Da Track  Nexus Expansion
2018-07-15 19:10 - 2018-07-15 19:10 - 000003032 _____ C:\Windows\System32\Tasks\{2201F696-EAD4-49CC-84E6-719352E68D27}
2018-07-15 14:20 - 2018-07-15 14:20 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\Google
2018-07-15 14:12 - 2018-07-15 14:12 - 000000000 ___HD C:\$AV_ASW
2018-07-15 14:10 - 2018-08-03 22:13 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
2018-07-15 14:10 - 2018-07-15 14:13 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-07-15 14:10 - 2018-07-15 14:10 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2018-07-15 14:10 - 2018-07-15 14:10 - 000001933 _____ C:\Users\Lugi\Desktop\PandaViewer.lnk
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\Mozilla
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Users\Lugi\AppData\Local\AdvinstAnalytics
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Program Files (x86)\Uninstall Nexus
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Program Files (x86)\PandaViewer
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Program Files (x86)\Manual
2018-07-15 14:10 - 2009-10-24 21:15 - 001332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2018-07-15 14:10 - 2009-10-23 23:00 - 005811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
2018-07-15 14:09 - 2018-07-24 02:02 - 000000000 ____D C:\ProgramData\Quoteex
2018-07-15 14:09 - 2018-07-15 19:35 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-07-15 14:09 - 2018-07-15 14:10 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
2018-07-15 14:09 - 2018-07-15 14:10 - 000000000 ____D C:\ProgramData\Quoteexs
2018-07-15 14:09 - 2018-07-15 14:09 - 007631872 _____ C:\Users\Lugi\AppData\Local\agent.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 001988310 _____ C:\Users\Lugi\AppData\Local\U--Phase.tst
2018-07-15 14:09 - 2018-07-15 14:09 - 000126464 _____ C:\Users\Lugi\AppData\Local\noah.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000070896 _____ C:\Users\Lugi\AppData\Local\Config.xml
2018-07-15 14:09 - 2018-07-15 14:09 - 000018432 _____ C:\Users\Lugi\AppData\Local\Main.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000005568 _____ C:\Users\Lugi\AppData\Local\md.xml
2018-07-15 14:08 - 2018-07-15 14:10 - 000929792 _____ C:\Users\Lugi\AppData\Local\sham.db
2018-07-15 14:08 - 2018-07-15 14:08 - 000140800 _____ C:\Users\Lugi\AppData\Local\installer.dat
2018-07-15 14:08 - 2018-07-15 14:08 - 000016416 _____ C:\Users\Lugi\AppData\Local\InstallationConfiguration.xml
2018-07-15 14:07 - 2018-07-15 14:23 - 000000000 ____D C:\Users\Lugi\AppData\Local\XService
2018-07-15 13:43 - 2018-07-15 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1
2018-07-15 13:43 - 2018-07-15 13:43 - 000000000 ____D C:\Program Files (x86)\Steinberg
2018-07-15 13:29 - 2018-07-15 13:29 - 000000000 ____D C:\Program Files\Steinberg
2018-07-15 13:12 - 2018-07-15 13:51 - 592745962 _____ C:\Users\Lugi\Downloads\OWEN J'S MAIN STASH 2.0.zip
2018-07-15 12:30 - 2018-07-15 12:30 - 000000000 ____D C:\Users\Lugi\Downloads\Crobbins Sample Pack
2018-07-15 12:19 - 2018-07-15 12:28 - 386148703 _____ C:\Users\Lugi\Downloads\Crobbins Sample Pack.rar
2018-07-14 23:30 - 2018-07-15 02:17 - 000000015 _____ C:\Users\Lugi\Desktop\i.txt
2018-07-11 23:26 - 2018-07-30 22:41 - 000000000 ____D C:\Users\Lugi\AppData\LocalLow\uTorrent
2018-07-11 17:48 - 2018-06-21 02:58 - 000398376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 17:48 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-07-11 17:48 - 2018-06-16 19:07 - 025743872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 17:48 - 2018-06-16 18:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 17:48 - 2018-06-16 18:46 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 17:48 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-07-11 17:48 - 2018-06-16 18:33 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 17:48 - 2018-06-16 18:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 17:48 - 2018-06-16 18:31 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 17:48 - 2018-06-16 18:31 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 17:48 - 2018-06-16 18:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 17:48 - 2018-06-16 18:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 17:48 - 2018-06-16 18:27 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 17:48 - 2018-06-16 18:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 17:48 - 2018-06-16 18:23 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 17:48 - 2018-06-16 18:20 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 17:48 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-07-11 17:48 - 2018-06-16 18:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 17:48 - 2018-06-16 18:19 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 17:48 - 2018-06-16 18:19 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 17:48 - 2018-06-16 18:19 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 17:48 - 2018-06-16 18:12 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 17:48 - 2018-06-16 18:08 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 17:48 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-07-11 17:48 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-07-11 17:48 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-07-11 17:48 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-07-11 17:48 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-07-11 17:48 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-07-11 17:48 - 2018-06-16 18:02 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 17:48 - 2018-06-16 18:02 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 17:48 - 2018-06-16 18:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 17:48 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-07-11 17:48 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-07-11 17:48 - 2018-06-16 17:58 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 17:48 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-07-11 17:48 - 2018-06-16 17:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 17:48 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-07-11 17:48 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-07-11 17:48 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-07-11 17:48 - 2018-06-16 17:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 17:48 - 2018-06-16 17:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 17:48 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-07-11 17:48 - 2018-06-16 17:46 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 17:48 - 2018-06-16 17:44 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 17:48 - 2018-06-16 17:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 17:48 - 2018-06-16 17:42 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 17:48 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-07-11 17:48 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-07-11 17:48 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-07-11 17:48 - 2018-06-16 17:40 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 17:48 - 2018-06-16 17:39 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 17:48 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-07-11 17:48 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-07-11 17:48 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-07-11 17:48 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-07-11 17:48 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-07-11 17:48 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-07-11 17:48 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-07-11 17:48 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-07-11 17:48 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-07-11 17:48 - 2018-06-16 17:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 17:48 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-07-11 17:48 - 2018-06-16 17:16 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 17:48 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-07-11 17:48 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-07-11 17:48 - 2018-06-16 17:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 17:48 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-07-11 17:48 - 2018-06-13 18:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 17:48 - 2018-06-13 18:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 17:48 - 2018-06-13 18:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 17:48 - 2018-06-13 18:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 17:48 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-07-11 17:48 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-07-11 17:48 - 2018-06-13 17:40 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 17:48 - 2018-06-08 18:27 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 17:48 - 2018-06-08 18:27 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-11 17:48 - 2018-06-08 18:27 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 17:48 - 2018-06-08 18:27 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 17:48 - 2018-06-08 18:27 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 17:48 - 2018-06-08 18:23 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-07-11 17:48 - 2018-06-08 18:22 - 001665344 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-07-11 17:48 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-07-11 17:48 - 2018-06-08 17:57 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:44 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 17:48 - 2018-06-08 17:44 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 17:48 - 2018-06-08 17:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 17:48 - 2018-06-08 17:44 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 17:48 - 2018-06-08 17:43 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 17:48 - 2018-06-08 17:39 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 17:48 - 2018-06-08 17:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 17:48 - 2018-06-08 17:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 17:48 - 2018-06-08 17:34 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 17:48 - 2018-06-08 17:34 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 17:48 - 2018-06-08 17:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 17:48 - 2018-06-08 17:33 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 17:48 - 2018-06-08 17:33 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 17:48 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-07-11 17:48 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2018-07-11 17:48 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-07-11 17:48 - 2018-06-08 17:21 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-07-11 17:48 - 2018-06-08 17:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-07-11 17:48 - 2018-06-08 17:21 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-07-11 17:48 - 2018-06-08 17:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-07-11 17:48 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 17:48 - 2018-06-08 15:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-11 17:48 - 2018-06-07 18:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 17:48 - 2018-06-07 18:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 17:48 - 2018-06-07 18:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 17:48 - 2018-06-07 18:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 17:48 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-07-11 17:48 - 2018-06-07 17:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 17:48 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-07-11 17:48 - 2018-05-31 18:28 - 001893568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 17:48 - 2018-05-31 18:28 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 17:48 - 2018-05-31 18:28 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 17:48 - 2018-05-02 17:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 17:48 - 2018-04-26 15:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-11 17:48 - 2018-04-25 18:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 17:48 - 2018-04-25 17:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-10 22:58 - 2018-07-29 17:53 - 000000000 ____D C:\Users\Lugi\Prismatik
2018-07-10 22:58 - 2018-07-14 13:11 - 000003870 _____ C:\Windows\System32\Tasks\PsiegUpdateElevate_Prismatik
2018-07-10 22:58 - 2018-07-10 22:58 - 000000824 _____ C:\Users\Public\Desktop\Prismatik (unofficial) 64bit.lnk
2018-07-10 22:58 - 2018-07-10 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prismatik
2018-07-10 22:58 - 2018-07-10 22:58 - 000000000 ____D C:\Program Files\Prismatik
2018-07-10 22:56 - 2018-07-10 22:56 - 009081464 _____ (Patrick Siegler ) C:\Users\Lugi\Downloads\Prismatik.unofficial.64bit.Setup.5.11.2.17.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 12:13 - 2017-07-15 16:17 - 000370276 _____ C:\Windows\ntbtlog.txt
2018-08-04 12:06 - 2009-07-14 07:13 - 000906446 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-04 12:06 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-04 11:53 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-04 11:53 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-04 11:36 - 2017-04-14 14:19 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-04 11:36 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-31 02:46 - 2017-04-14 14:26 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\uTorrent
2018-07-29 13:04 - 2017-05-07 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-29 13:01 - 2017-05-07 14:47 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-29 13:01 - 2017-05-07 14:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-24 20:12 - 2018-03-26 13:03 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-24 20:12 - 2018-03-26 13:03 - 000002386 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-24 02:02 - 2017-05-18 11:02 - 000000000 ____D C:\Windows\AutoKMS
2018-07-24 02:02 - 2017-05-07 15:33 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-07-24 01:33 - 2017-05-09 14:29 - 000467064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-07-24 01:33 - 2017-05-09 14:29 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-07-24 01:32 - 2017-05-09 14:29 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-07-24 01:27 - 2017-06-08 22:29 - 000000000 ____D C:\Users\MSSQLSERVER
2018-07-24 01:27 - 2017-04-14 13:47 - 000000000 ____D C:\Users\Lugi
2018-07-24 01:25 - 2017-12-20 13:15 - 000000000 ____D C:\Program Files\Core Temp
2018-07-24 01:25 - 2017-05-09 14:29 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-07-24 01:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2018-07-24 01:16 - 2017-06-11 12:17 - 000000000 ____D C:\Users\Lugi\AppData\Local\CrashDumps
2018-07-16 19:33 - 2018-03-26 13:02 - 000000000 ____D C:\Users\Lugi\AppData\Local\AVAST Software
2018-07-15 19:36 - 2017-09-24 23:17 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-07-15 16:16 - 2018-01-08 20:06 - 000239680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-07-15 16:16 - 2017-11-16 18:47 - 000197160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 001027728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000381584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000229392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000211160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000201328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000159640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000111872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000059592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-07-15 15:21 - 2017-07-23 19:26 - 000000000 ____D C:\Users\Lugi\Documents\ProjectReality
2018-07-15 14:10 - 2017-04-14 14:01 - 000002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-15 14:10 - 2017-04-14 14:01 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-15 14:10 - 2017-04-14 13:47 - 000001401 _____ C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-15 13:14 - 2017-04-14 13:47 - 000000000 ____D C:\Users\Lugi\AppData\Local\VirtualStore
2018-07-14 18:01 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-07-14 13:11 - 2017-08-27 18:35 - 000003584 _____ C:\Windows\System32\Tasks\Update Manager
2018-07-14 13:11 - 2017-06-08 21:59 - 000003146 _____ C:\Windows\System32\Tasks\{59D44A39-0068-474D-BD1A-523BAD2D71C3}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-12-29 16:09 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-06-29 02:33 - 000003654 _____ C:\Windows\System32\Tasks\MySQLNotifierTask
2018-07-14 13:10 - 2017-04-14 14:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-04-14 14:20 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-04-14 14:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-04-14 13:58 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-14 13:10 - 2017-04-14 13:58 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-13 18:14 - 2017-08-26 20:30 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\audacity
2018-07-12 22:13 - 2017-07-23 19:27 - 000000000 ___SH C:\ProgramData\.rdata
2018-07-12 20:32 - 2009-07-14 06:45 - 000424424 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-12 20:28 - 2017-04-18 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-12 01:39 - 2017-04-15 14:37 - 000898568 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2018-07-15 14:10 - 2009-10-23 23:00 - 005811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
2018-06-14 00:47 - 2018-06-14 00:47 - 001776169 _____ () C:\Users\Lugi\AppData\Roaming\Setup.exe
2018-07-15 14:09 - 2018-07-15 14:09 - 007631872 _____ () C:\Users\Lugi\AppData\Local\agent.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000070896 _____ () C:\Users\Lugi\AppData\Local\Config.xml
2018-07-15 14:08 - 2018-07-15 14:08 - 000016416 _____ () C:\Users\Lugi\AppData\Local\InstallationConfiguration.xml
2018-07-15 14:08 - 2018-07-15 14:08 - 000140800 _____ () C:\Users\Lugi\AppData\Local\installer.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000018432 _____ () C:\Users\Lugi\AppData\Local\Main.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000005568 _____ () C:\Users\Lugi\AppData\Local\md.xml
2018-07-15 14:09 - 2018-07-15 14:09 - 000126464 _____ () C:\Users\Lugi\AppData\Local\noah.dat
2018-06-10 21:25 - 2018-06-10 21:25 - 000000851 _____ () C:\Users\Lugi\AppData\Local\recently-used.xbel
2017-08-29 21:07 - 2017-11-27 18:36 - 000007603 _____ () C:\Users\Lugi\AppData\Local\Resmon.ResmonCfg
2018-07-15 14:08 - 2018-07-15 14:10 - 000929792 _____ () C:\Users\Lugi\AppData\Local\sham.db
2018-07-15 14:09 - 2018-07-15 14:09 - 001988310 _____ () C:\Users\Lugi\AppData\Local\U--Phase.tst
2018-07-15 14:10 - 2018-07-15 14:10 - 000032038 _____ () C:\Users\Lugi\AppData\Local\uninstall_temp.ico
 
Some files in TEMP:
====================
2010-11-18 18:27 - 2010-11-18 18:27 - 000587776 _____ (Igor Pavlov) C:\Users\Lugi\AppData\Local\Temp\7za.exe
2017-11-19 21:18 - 2001-12-18 02:00 - 000049152 _____ (Creative Technology Ltd) C:\Users\Lugi\AppData\Local\Temp\CheckLang.dll
2017-11-19 21:18 - 2006-08-07 02:00 - 000049152 _____ (Creative Technology Ltd) C:\Users\Lugi\AppData\Local\Temp\CtRunApp.dll
2017-04-14 14:19 - 2017-04-01 03:36 - 000868152 _____ (NVIDIA Corporation) C:\Users\Lugi\AppData\Local\Temp\nvSCPAPI64.dll
2017-04-29 13:26 - 2017-04-01 03:36 - 000369208 _____ (NVIDIA Corporation) C:\Users\Lugi\AppData\Local\Temp\nvStInst.exe
2017-05-18 11:04 - 2017-05-18 11:04 - 001066336 _____ (Microsoft Corporation) C:\Users\Lugi\AppData\Local\Temp\PidGenX.dll
2014-09-12 01:44 - 2014-09-12 01:44 - 004216840 _____ (Microsoft Corporation) C:\Users\Lugi\AppData\Local\Temp\vcredist9_x86.exe
2017-05-14 18:24 - 2017-05-14 18:24 - 049508048 _____ (Sony) C:\Users\Lugi\AppData\Local\Temp\xcs76B6.tmp.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-28 01:44
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 04 August 2018 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

AppInit_DLLs: C:\ProgramData\Quoteex\Zummaron.dll => C:\ProgramData\Quoteex\Zummaron.dll [342528 2018-07-15] ()
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,

S3 ALSysIO; \??\C:\Users\Lugi\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\Quoteex

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Addition.txt log that was created by the Farbar program.
Let me know what problem persists with this computer.

#3 Lugi

Lugi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 04 August 2018 - 09:37 AM

I did all this, and the problem is still here :/

 

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lugi (04-08-2018 16:29:55) Run:1
Running from E:\
Loaded Profiles: Lugi & MSSQLSERVER (Available Profiles: Lugi & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

AppInit_DLLs: C:\ProgramData\Quoteex\Zummaron.dll => C:\ProgramData\Quoteex\Zummaron.dll [342528 2018-07-15] ()
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,

S3 ALSysIO; \??\C:\Users\Lugi\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\Quoteex

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\Quoteex\Zummaron.dll" => Value data removed successfully
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\ielnksrch => not found
"HKU\S-1-5-21-1459657716-2493573527-527088305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-1459657716-2493573527-527088305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => removed successfully
HKLM\Software\Classes\CLSID\{ielnksrch} => not found
"Chrome HomePage" => removed successfully
"HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully
ALSysIO => service removed successfully
"HKLM\System\CurrentControlSet\Services\cpuz145" => removed successfully
cpuz145 => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
C:\ProgramData\Quoteex => moved successfully


The system needed a reboot.

==== End of Fixlog 16:31:22 ====

Addition.txt from before:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lugi (04-08-2018 12:16:32)
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) (2017-04-14 11:47:29)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1459657716-2493573527-527088305-500 - Administrator - Disabled)
Guest (S-1-5-21-1459657716-2493573527-527088305-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1459657716-2493573527-527088305-1002 - Limited - Enabled)
Lugi (S-1-5-21-1459657716-2493573527-527088305-1000 - Administrator - Enabled) => C:\Users\Lugi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

${{arpDisplayName}} (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
µTorrent (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Age of Empires II HD Edition ver. 5.3.1 (HKLM-x32\...\{A435EA2A-DB9C-4A79-8257-7EA7C609EEC4}_is1) (Version: 5.3.1 - *Let'sРlay*)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{D25C9EDD-984F-444C-9229-5A58130C6B10}) (Version: 4.3.60226.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.2 - Arduino LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 67.1.664.100 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bioshock Infinite version 1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: 1.1.25.5165 - Mr DJ)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CMake (HKLM\...\{7EFC6372-ACA9-459B-A7C8-BB2CA6C2CE19}) (Version: 3.8.1 - Kitware)
CodeBlocks (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Command Line Tools (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_command_line_tools_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Compiler (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_compiler_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) (HKLM\...\Creative VF0420) (Version:  - )
CUBLAS Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUBLAS Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Documentation (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_documentation_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Toolkit (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Version (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVersion_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDART Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cudart_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUFFT Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CURAND Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CURAND Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSOLVER Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSOLVER Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSPARSE Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSPARSE Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Demo Suite (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_demo_suite_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Docker Toolbox version 18.03.0-ce (HKLM\...\{FC4417F0-D7F3-48DB-BCE1-F5ED5BAFFD91}_is1) (Version: 18.03.0-ce - Docker)
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{80B15934-444B-4B4F-B2A9-439FCCBA4C81}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fortran Examples (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_fortran_examples_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Git version 2.12.2.2 (HKLM\...\Git_is1) (Version: 2.12.2.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ)
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HDF5 (HKLM\...\{1F3BE804-92AD-412F-9FF9-89F9994CDEDA}) (Version: 1.10.0 - HDF_Group)
HDFView 2.13 (HKLM\...\{BEAE5309-CD2F-4763-92B8-167541402E7E}) (Version: 2.13 - The HDF Group)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JetBrains PyCharm Community Edition 2017.1.2 (HKLM-x32\...\PyCharm Community Edition 2017.1.2) (Version: 171.4249.47 - JetBrains s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.27.20180328 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Medieval 2 Total War Gold version 1.05 (HKLM-x32\...\{8241AE65-BF38-4C3F-B0AF-6E9983A4516C}_is1) (Version: 1.05 - vol1)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Updates (HKLM-x32\...\{f90e9ec5-977b-4752-8518-abe39dac065d}) (Version: 14.0.24720.41 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.29.01.264 - Huawei Technologies Co.,Ltd)
Mount.Blade.Warband.v1.168.ACOK2.2-ALI213 version 1.168 (HKLM-x32\...\{247B81A0-D9F6-421A-83B6-AC6325708382}}_is1) (Version: 1.168 - Ali213.net)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector C++ 1.1.8 (HKLM\...\{4BFAEC5F-9E57-467F-A19F-2FF716DDC9E6}) (Version: 1.1.8 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9F9DCBD0-6C06-445C-B407-B2FF16C98B63}) (Version: 5.1.42 - Oracle Corporation)
MySQL Connector Net 6.9.9 (HKLM-x32\...\{E09F82E9-3EB3-4725-BDC8-3C77F83E262C}) (Version: 6.9.9 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{788AEC1D-78E4-4E65-A388-AC87D0490911}) (Version: 6.1.10 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{EB0CFCBD-B0C8-4F0F-ACF4-8B674A19B459}) (Version: 5.3.8 - Oracle Corporation)
MySQL Documents 5.7 (HKLM-x32\...\{B3E47FBC-B036-4AC9-975E-55AA7252A7A0}) (Version: 5.7.18 - Oracle Corporation)
MySQL Examples and Samples 5.7 (HKLM-x32\...\{A991DCE5-AB3B-4E9F-A58E-EF5E02742665}) (Version: 5.7.18 - Oracle Corporation)
MySQL for Visual Studio 1.2.7 (HKLM-x32\...\{63F92630-4546-4297-A0F5-761886A689EE}) (Version: 1.2.7 - Oracle)
MySQL Installer - Community (HKLM-x32\...\{DE64E7EF-38D5-4A3A-8B18-A691FB177438}) (Version: 1.4.19.0 - Oracle Corporation)
MySQL Notifier 1.1.7 (HKLM-x32\...\{724CDD73-430E-47DA-8F4E-7DF2000BA268}) (Version: 1.1.7 - Oracle)
MySQL Router 2.1 (HKLM\...\{929202C7-D089-4B21-934F-753E12A7500F}) (Version: 2.1.3 - Oracle Corporation)
MySQL Server 5.7 (HKLM\...\{2DA17C9C-993C-4A53-8C65-C05A470A2849}) (Version: 5.7.18 - Oracle Corporation)
MySQL Shell 1.0.9 (HKLM\...\{69E5F01E-8F6B-44F8-92D9-54EC39F846DA}) (Version: 1.0.9 - Oracle and/or its affiliates)
MySQL Utilities (HKLM\...\{BEDAC2EF-DBA2-4B25-857A-7DF385FA645E}) (Version: 1.6.5 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{CD8C5EC0-56A3-4F6E-BB22-E230059DF1F2}) (Version: 6.3.9 - Oracle Corporation)
Nicky Romero Kickstart 1.0.9 (HKLM\...\Kickstart_is1) (Version: 1.0.9 - Nicky Romero)
NPP Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NPP Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVGRAPH Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVGRAPH Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA CUDA Development 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADevelopment_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Documentation 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocument_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Runtime 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDARuntimes_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Samples 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_samples_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_visual_studio_integration_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 5.2.0.16321 (HKLM\...\{39F2CF8F-DE76-49F1-85D5-FC215853B709}) (Version: 5.2.0.16321 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{B56D2F88-8865-40FD-B7AC-F074EE4D201D}) (Version: 1.00.00.00 - NVIDIA Corporation)
NVML Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvml_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVRTC Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVRTC Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Occupancy Calculator (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_occupancy_calculator_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
PandaViewer (HKLM-x32\...\PandaViewer) (Version:  - )
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prismatik (unofficial) 64bit (remove only) (HKLM-x32\...\{ABD88CE7-1FFA-416C-96CA-CCC6F2B34236}_is1) (Version: 5.11.2.17 - Patrick Siegler)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.4 - Project Reality)
Project Reality: WW2 (HKLM\...\Project Reality: WW2 (pr_ww2)_is1) (Version: v0.2 - Project Reality)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (64-bit) (HKLM\...\{E151A5E4-D373-4388-82FB-0C9F5F6CFB76}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (HKLM\...\{5397E020-59CB-43BF-A0FE-32B26DE98187}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (HKLM\...\{911FCD3E-A42F-472C-983A-0518799BFE7D}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (HKLM\...\{24C31CC2-A8F2-417E-A61B-5E682D39893B}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (HKLM\...\{A74E3253-CB6C-4214-8964-FFCEB37DB5D8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (HKLM\...\{976C50E6-00DF-40A6-9E59-70A4F3EF4E32}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (HKLM\...\{A4B31C78-C884-4B36-BDE4-FBAD3A2A1C7E}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (HKLM\...\{7BA8A393-A7EB-4529-8A63-D7A4502C0D24}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (HKLM\...\{E5642976-7F8E-41C1-A249-419B809CA2A8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Roslyn Language Services - x86 (HKLM-x32\...\{3107684C-8011-3031-BD28-10CA30F58267}) (Version: 14.0.24730 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SafeFinder (HKLM-x32\...\{B0F6BAC7-9BAF-4C8A-96C8-BD393B6CE5BC}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.6.201704121541 - Sony Mobile Communications Inc.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
TP-LINK TL-WN823N Driver (HKLM-x32\...\{CE194A8D-C8DF-47EB-AB04-5A54CDC1C5BD}) (Version: 1.3.1 - TP-LINK)
TypeScript Power Tool (HKLM-x32\...\{CF436B98-B0FE-447F-8E46-68E0B14FDDE0}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{F66F9C2A-E14B-4D30-82C5-A4E32B569286}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{33952D66-D503-10CA-DD8E-E365C15EB4E0}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{27b15812-304d-4fc2-80b7-55a920f30a28}) (Version: 1.6.5.0 - Sony)
Xperia Companion (HKLM-x32\...\{9D56F227-FC8D-419D-ADEB-41E5734025BD}) (Version: 1.6.5.0 - Sony) Hidden
Xperia Companion Service (HKLM\...\{941E0B86-5EC0-43BC-9DA9-9BC596150B4B}) (Version: 1.6.5.0 - Sony) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C802091-C7FA-425C-9929-4941F7A9F67F} - System32\Tasks\{59D44A39-0068-474D-BD1A-523BAD2D71C3} => C:\Windows\system32\pcalua.exe -a C:\Users\Lugi\Downloads\SQLServer2016-SSEI-Expr.exe -d C:\Users\Lugi\Downloads
Task: {198B3C60-DE17-44CD-9B2C-53434C839A2A} - System32\Tasks\PsiegUpdateElevate_Prismatik => C:\Program Files\Prismatik\UpdateElevate.exe [2018-04-26] ()
Task: {1A17110F-6E5F-4350-82E3-BF19EADE4E8F} - \AutoKMS -> No File <==== ATTENTION
Task: {23EE076D-09B0-4BDB-82F7-4891DB28E463} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
Task: {3982C222-FDC5-4D8D-A460-3E3BF6F0D3D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-29] (Microsoft Corporation)
Task: {46DC569D-490B-4FFC-BDEF-2355C6D05500} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {478BBDD7-1686-4290-863F-C6B9ED90A761} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {492C011E-4734-4DD2-A4A5-9805DDD2AD87} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {4FA3091A-DFF7-4B0B-ABBB-5AB3DB02E596} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {6E9D57AF-101E-47A6-B2C7-1C592E082595} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2017-04-10] (Oracle Corporation)
Task: {6ED941D8-0D8B-487D-8CFC-C8D514C390CB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {7473CBD5-C27B-43A6-9E43-FFAF94912B8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {82F88F6A-DDDD-493E-9801-2432A89A1E24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
Task: {8608600C-761E-45DE-8144-781C219F4F74} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0} - \KMSAutoNet -> No File <==== ATTENTION
Task: {9314B47C-5DFA-4361-AFAD-213BBC8F3700} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-29] (Microsoft Corporation)
Task: {9BDE2224-6B31-44F2-A34E-F77C05874016} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-29] (Microsoft Corporation)
Task: {A02EB10E-C3D5-48E3-ACFB-0E0011DE22ED} - System32\Tasks\{2201F696-EAD4-49CC-84E6-719352E68D27} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {ABED4595-8397-4671-A531-1438E96AB9DA} - System32\Tasks\Update Manager => C:\Users\Lugi\AppData\Roaming\Mount.Blade.Warband.v1.168.ACOK2.2-ALI213\Upgrade.exe
Task: {B79BEA93-5AB2-4DD6-95B4-9526E1A1391B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {BEB693A4-3872-4D69-AEE0-5842155AD015} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2016-07-29] (Oracle Corporation)
Task: {C08263A0-BCBC-4CA0-86DC-B1EEDC1B83B5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {C9C51744-5B61-4FC9-A769-9C5FD975D158} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {CF56C87F-FB2A-401C-89C4-F809D8FDDAE5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-05] (AVAST Software)
Task: {D07B5D8F-8AE4-4700-8E0B-16AC7CD1F2A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {D29B3572-FC9C-4FFD-8B36-5A1D0B75950A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {DBF1D0B4-1074-47BB-98C6-B7C818C7FFBD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-07-15] (AVAST Software)
Task: {E4871CB9-142E-4A30-8337-BFEDAFF122B7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-29] (Microsoft Corporation)
Task: {F3DBF3C1-5CB1-4FA3-B6C8-F0917EF3DECC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-29] (Microsoft Corporation)
Task: {F4C68B86-A4D9-4490-80C4-39EF81D9963F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {F625D623-A39E-415D-B3BC-F26A4BD1AAEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Lugi\Desktop\HDFView-2.13.0.lnk -> C:\Users\Lugi\AppData\Local\Apps\HDF_Group\HDFView\2.13.0\hdfview.bat ()
Shortcut: C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDFView-2.13.0\HDFView-2.13.0.lnk -> C:\Users\Lugi\AppData\Local\Apps\HDF_Group\HDFView\2.13.0\hdfview.bat ()

ShortcutWithArgument: C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Lugi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\.rdata:X [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-26 17:44 - 000000888 _____ C:\Windows\system32\Drivers\etc\hosts

185.31.160.192 karachan.org
185.31.160.192 www.karachan.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D50CB569-F4D0-43F3-B1EC-A4ADE0DD0FFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{626DAB18-64D4-49C9-9B88-91DD1516D70A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{945DFB0C-964D-4C37-B85E-2662C57C6F3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{34B5DA6B-34A3-4606-8CD2-31F11CB29FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD0B463B-0E54-46B4-B024-F027E7BBE970}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9BBBD42-2235-4DAF-B505-E5CFC9D6F436}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{21C712BD-2E90-4E16-BA6F-7E17A77E28F2}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{10589F0F-BF2C-413D-8F07-449FAC2A6C98}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{15F85AC6-8A98-4139-A63E-1844B3D8CA5A}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{121C4D03-2BB8-4507-B7E1-3E0A5916CA3D}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E2DA77D-77D7-49E7-A222-251CB1BD26B7}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF759090-8BB6-41A7-A11B-680C20FF0988}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{6633FBA4-8749-4C5D-828F-2B40318BCF74}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{4EAA8BA1-49D1-47E2-85C3-3F26389C3036}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{33861894-F437-4927-94F7-DDB23A056437}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{52E4F96B-65C8-4644-BCBA-1C525F50FDE8}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F588E0B2-81CA-4EA9-B868-70A5B848D3E1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{21ABCCF1-B0F1-42DE-8673-A4927BB2E8DD}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{B71444E8-8897-465E-8A31-E09878029753}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{8B615E40-527C-448A-B65F-7897F45BAB1D}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{90CA630E-9D4C-42E3-888B-A1F8B447CCBA}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{33C39993-EE12-4E92-A107-C466249EDD5E}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F4970D1C-04B5-4814-BCC3-45A1AA4C5680}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{822BE8AD-99B7-46FE-8FDD-D953A16635DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2BCA81CB-F328-4FF3-97A0-1626265A8980}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5C7E3CB2-BF42-4419-96A4-E05496FF684E}] => (Allow) C:\Users\Lugi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{044A7620-8449-4F41-9E91-2459919A7733}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{E8F53B66-0187-43AC-B412-02368FE928B4}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{0AF610DA-F923-453B-AFA6-8266D653F8A9}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F080EA30-09A9-46C8-A09B-B6EE45ED7B90}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{1D94C764-1F12-422A-9C83-2E492F61C974}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{D8035140-1373-4509-8750-DEADC3DD470E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{8DAEA91D-5C85-466D-9E78-C3DA7F709527}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{12EF279B-DC17-49D2-A690-CC0777E19889}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{07EED434-4676-4C3A-9CA0-2F9E44165EEF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{18BAEC0D-0818-41DA-8C56-5E6D85EB3001}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F43491C0-6A63-4F69-836D-3EBF7F229AE2}] => (Allow) LPort=3306
FirewallRules: [{E66C5FDA-73CB-44A4-8843-EB158DE4C478}] => (Allow) LPort=3306
FirewallRules: [{F28E37F0-67DB-41A0-8ABE-72B395C7F7F8}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{36898223-FFC2-486F-9B82-2838CA83A2FB}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{FF5C6043-5AC8-4B18-9A77-3428F0479F4C}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{8418B55C-7534-4A91-AC89-A7742CAB5DFD}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [TCP Query User{070E9A79-87FA-40B6-9760-33F8FD58CD35}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [UDP Query User{AF1BDFE6-1C4F-487F-B8FB-4D038464109E}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [{EB3C9E65-8794-4EEE-AD6C-B466F6DE40AB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{731B4C0C-07B6-4239-A599-B65696289E10}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{9A84F5AD-C349-4E5B-B447-8707A5435490}C:\users\lugi\appdata\local\programs\python\python35\python.exe] => (Allow) C:\users\lugi\appdata\local\programs\python\python35\python.exe
FirewallRules: [UDP Query User{E59FF6A0-F5CC-4D7B-82DA-6E9903F3DFE6}C:\users\lugi\appdata\local\programs\python\python35\python.exe] => (Allow) C:\users\lugi\appdata\local\programs\python\python35\python.exe
FirewallRules: [{F5C1FCE3-4DC5-46DD-ACD7-CB11896C0B98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B71FDAA7-2DFC-42B9-A4E4-856E10A774FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2F79F137-3720-49F7-B54C-4A913A612599}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{77E7AC9B-BEDB-4202-9D46-305F46A4CFFA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{E2672BB1-5133-46DC-A002-1609ECEAC545}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{CCFCFCE1-6C76-4FD3-A905-98D392509832}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{CDD637C9-7F97-4E4F-BDCD-CF402E2D7640}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{109C1BBA-7236-4C4C-AF0B-EC6C3EE3E6DE}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{87BAAAA3-2ADE-49EA-93F0-75CD88E45B0D}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{163866C9-D94F-44BF-B9F4-299A59DBD285}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{60FEB3F7-6904-416F-BDD5-1CD968BD44F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{65C4F0CC-60A3-4B96-BE54-135E6DDC6996}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E0F5F3AE-2DDB-41E5-AF5C-1105F357D4C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D1D467D7-2E7E-44B0-AB68-35C141C7AC56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7CB8D67-880F-47A0-AE6B-E0AFA9A057AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BDC43DD8-0CFB-4B63-8B7C-03801265C945}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D50C90C6-EBDC-41C5-83C8-6222DD488DD8}] => (Allow) D:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{0418D487-0629-48F3-80AA-960128E46638}] => (Allow) D:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{3047E7F3-1ADC-4D0B-9B16-3D14449213D0}] => (Allow) D:\Program Files (x86)\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{07A16DA5-5AA5-4CA9-80D5-D4BDB81EC5B4}] => (Allow) D:\Program Files (x86)\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{40CF7B0D-95F5-4842-A4F8-537053A7E25A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3A5F8403-D0FD-4CAA-A07F-B2EB6B776286}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8B4D793C-C84B-4CF7-A7E8-9EF9D0C318B9}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{29B537EC-AECB-4242-A8D6-9DD45504B37F}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8B5EBC5E-C64E-41F6-90F5-E4C79D55AC3F}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [UDP Query User{6E183EF2-47B1-45BF-9A6C-45907D29C190}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [{86FD3174-6F67-45F9-8D3B-98DFF4D2EED6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{50F8B758-7B65-43EC-9B36-6A0FF87ADB0C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{D9002E3F-0194-4E8E-8F7A-23040C8B9078}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{05108757-34A3-4082-A399-3FE8F57325B7}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{7077E7AE-78FF-42C6-A820-794532D57359}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DF17E643-345A-4EED-ABDD-74DDAA110610}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2018 12:14:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 11:37:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/04/2018 11:36:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/03/2018 06:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/03/2018 06:15:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/02/2018 09:48:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/02/2018 09:48:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/02/2018 06:29:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm
cdrom
CSC
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
VBoxDrv
VBoxNetLwf
VBoxUSBMon
vwififlt
Wanarpv6
WfpLwf

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: 
A device attached to the system is not functioning.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: 
A device attached to the system is not functioning.


Windows Defender:
===================================
Date: 2017-04-29 03:03:42.497
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{7CD7A6D1-48A4-4E60-B5A7-8DD321FBFBB1}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 8174.49 MB
Available physical RAM: 6678.71 MB
Total Virtual: 16347.15 MB
Available Virtual: 14960.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200 GB) (Free:4.63 GB) NTFS
Drive d: () (Fixed) (Total:731.41 GB) (Free:288.3 GB) NTFS
Drive e: (USB DISK) (Removable) (Total:7.46 GB) (Free:7.39 GB) NTFS

\\?\Volume{d96159fc-2152-11e7-8ce7-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FA03DE70)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=731.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 04 August 2018 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Still some work to be done.

CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION program not signed could be compromised
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
SafeFinder (HKLM-x32\...\{B0F6BAC7-9BAF-4C8A-96C8-BD393B6CE5BC}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION

===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Task: {1A17110F-6E5F-4350-82E3-BF19EADE4E8F} - \AutoKMS -> No File <==== ATTENTION
Task: {478BBDD7-1686-4290-863F-C6B9ED90A761} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0} - \KMSAutoNet -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
C:\Program Files (x86)\Microleaves

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Any remaing issues?

#5 Lugi

Lugi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 04 August 2018 - 12:03 PM

Still not solved

 

log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lugi (04-08-2018 18:55:09) Run:3
Running from E:\
Loaded Profiles: Lugi & MSSQLSERVER (Available Profiles: Lugi & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

Task: {1A17110F-6E5F-4350-82E3-BF19EADE4E8F} - \AutoKMS -> No File <==== ATTENTION
Task: {478BBDD7-1686-4290-863F-C6B9ED90A761} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0} - \KMSAutoNet -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
C:\Program Files (x86)\Microleaves

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1A17110F-6E5F-4350-82E3-BF19EADE4E8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A17110F-6E5F-4350-82E3-BF19EADE4E8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{478BBDD7-1686-4290-863F-C6B9ED90A761}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{478BBDD7-1686-4290-863F-C6B9ED90A761}" => removed successfully
"C:\Windows\System32\Tasks\Updater_Online_Application" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet" => removed successfully
"C:\Windows\Tasks\Updater_Online_Application.job" => not found
"C:\Program Files (x86)\Microleaves" => not found


The system needed a reboot.

==== End of Fixlog 18:56:33 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 04 August 2018 - 01:22 PM

Hi,

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#7 Lugi

Lugi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 04 August 2018 - 03:26 PM

Problem still persists, but RogueKiller deleted around 15 threats

RogueKiller V12.12.29.0 (x64) [Jul 30 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lugi [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/04/2018 21:53:32 (Duration : 00:25:29)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\mtQuoteex -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\mtQuoteex -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\mtQuoteex -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Start Page : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Start Page : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Update Manager -- C:\Users\Lugi\AppData\Roaming\Mount.Blade.Warband.v1.168.ACOK2.2-ALI213\Upgrade.exe (/upgradeid=f561932c-0bef-41b9-9289-b7d5c099b86b) -> Found

¤¤¤ Files : 26 ¤¤¤
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS -> Found
[PUP.LogicHandler][Folder] C:\ProgramData\Logic Cramble -> Found
[PUP.Gen1][Folder] C:\ProgramData\Quoteexs -> Found
[PUP.YahooChrome][Folder] C:\ProgramData\yahoochrome_D -> Found
[Hj.Shortcut][File] C:\Users\Public\Desktop\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe %SNP% -> Found
[Hj.Shortcut][File] C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe %SNP% -> Found
[Hj.Shortcut][File] C:\Users\Lugi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe %SNP% -> Found
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found
[PUP.Linkury][File] C:\Windows\SysWOW64\findit.xml -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Found
[PUP.OnlineIO][Folder] C:\Users\Lugi\AppData\Local\AdvinstAnalytics -> Found
[Tr.XService][Folder] C:\Users\Lugi\AppData\Local\XService -> Found
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS -> Found
[PUP.LogicHandler][Folder] C:\ProgramData\Logic Cramble -> Found
[Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe %SNP% -> Found
[PUP.Gen1][Folder] C:\ProgramData\Quoteexs -> Found
[PUP.YahooChrome][Folder] C:\ProgramData\yahoochrome_D -> Found
[Hj.Shortcut][File] C:\Users\Public\Desktop\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe %SNP% -> Found
[Hj.Shortcut][File] C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe %SNP% -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM010-2EP102 ATA Device +++++
--- User ---
[MBR] e9fc54f900a01a2f97a4531058ab04bb
[BSP] d18795272575c24b3c470a8554e177fc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419637248 | Size: 748967 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK




#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 05 August 2018 - 06:39 AM

Hi,

If not already done please run the RogueKiller program and delete all the entries.
If required the default setting will be used.
===

If possible please start the computer in Normal Mode and run the Farbar program again.
Post a fresh FRST.txt and Addition.txt logs for my review.
p.s.
To create a new Addition.txt log make sure that before scanning with the Farbar program that the box to created an Addition.txt file is checked.
====

Is the problem still the same or is the computer running better now?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 11 August 2018 - 06:55 AM

Are you still with me?

#10 Lugi

Lugi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 08 October 2018 - 03:04 PM

The problem still persists.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.10.2018
Ran by Lugi (administrator) on LUGI-PC (08-10-2018 21:56:13)
Running from C:\Users\Lugi\Downloads
Loaded Profiles: Lugi & MSSQLSERVER (Available Profiles: Lugi & MSSQLSERVER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
() C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Creative Technology Ltd.) C:\Windows\V0420Mon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adlice Software) C:\Program Files\RogueKiller\RogueKiller64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [V0420Mon.exe] => C:\Windows\V0420Mon.exe [32768 2007-04-30] (Creative Technology Ltd.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-08-11] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-08-11] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-04-13] (Sony)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [754176 2016-07-29] (Oracle Corporation)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {0197d8f2-f083-11e7-82c1-02444b173606} - E:\AutoRun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {364f2b63-21ca-11e7-82be-6c626db42707} - E:\autorun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {364f2b65-21ca-11e7-82be-6c626db42707} - E:\Autorun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {ca22dd95-bdd8-11e8-9b8c-6c626db42707} - E:\HiSuiteDownLoader.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{04BFD8FF-CDC3-4094-B588-98ABD9FA3431}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0EE1496B-262C-4FC2-A311-09A8E35BA886}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{1374243A-5E5A-4D01-9EED-7E7419E73344}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1950F0AD-0CD8-4FEB-906A-57A34A8B82E2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{19EACBD0-661E-41F0-A7D9-1FEDEFCE8BCC}: [DhcpNameServer] 62.179.1.62 62.179.1.63
Tcpip\..\Interfaces\{4B97EA35-03B4-4B63-96D9-C91A27B7995D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{92F7CCFC-6273-4DC4-81B6-427AE1327DA4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D15FC7E7-8917-402A-9A58-BBC8F046BE56}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-15] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-10-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-10-04] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default [2018-10-08]
CHR Extension: (Slides) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
CHR Extension: (YouTube) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
CHR Extension: (uBlock Origin) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-29]
CHR Extension: (Sheets) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (I don't care about cookies) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2018-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (AdBlock) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Tind3r.com - client.) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\olicollicgbjgnialpnmnolopimdccon [2017-05-25]
CHR Extension: (Gmail) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-30] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-30] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-20] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-07-23] (SurfRight B.V.)
R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] ()
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39334400 2017-03-18] () [File not signed]
S3 MySQLRouter; C:\Program Files\MySQL\MySQL Router 2.1\bin\mysqlrouter.exe [326144 2017-04-06] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-09-24] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2017-09-24] ()
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2202112 2017-04-13] (Sony) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [199712 2018-08-30] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229384 2018-08-30] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201320 2018-08-30] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-08-30] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59568 2018-08-30] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [249016 2018-08-30] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163392 2018-09-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111864 2018-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87904 2018-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467320 2018-09-04] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215920 2018-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381560 2018-08-30] (AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-01-26] (www.winchiphead.com)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-04-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-04-15] (Disc Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2017-05-14] (Sony Mobile Communications)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-12-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-12-16] (NVIDIA Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4620040 2016-01-04] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-10-08] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-08 21:56 - 2018-10-08 21:57 - 000021001 _____ C:\Users\Lugi\Downloads\FRST.txt
2018-10-08 21:28 - 2018-10-08 21:28 - 002414592 _____ (Farbar) C:\Users\Lugi\Downloads\FRST64.exe
2018-10-08 21:27 - 2018-10-08 21:28 - 037023816 _____ (Adlice Software ) C:\Users\Lugi\Downloads\RogueKiller_setup (2).exe
2018-10-08 21:26 - 2018-10-08 21:27 - 037023816 _____ (Adlice Software ) C:\Users\Lugi\Downloads\RogueKiller_setup (1).exe
2018-10-08 21:24 - 2018-10-08 21:24 - 037023816 _____ (Adlice Software ) C:\Users\Lugi\Downloads\RogueKiller_setup.exe
2018-10-04 21:02 - 2018-10-04 21:02 - 000000874 _____ C:\Users\Lugi\AppData\Local\recently-used.xbel
2018-10-04 19:00 - 2018-10-04 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-03 22:27 - 2018-10-03 22:27 - 000000000 ____D C:\Users\Lugi\AppData\LocalLow\uTorrent
2018-10-02 18:58 - 2018-10-04 20:59 - 000000000 ____D C:\Users\Lugi\Desktop\New folder
2018-09-25 22:18 - 2018-09-25 22:18 - 000018053 _____ C:\Users\Lugi\Downloads\hot-fuzz-1080p-3529.torrent
2018-09-25 22:18 - 2018-09-25 22:18 - 000018053 _____ C:\Users\Lugi\Downloads\hot-fuzz-1080p-3529 (1).torrent
2018-09-22 22:31 - 2018-09-22 22:31 - 000218969 _____ C:\Users\Lugi\Downloads\devil-torrents.pl-pitbull.-ostatni-pies-2018-720p-webrip-xvid-ac3-krt-film-polski.torrent
2018-09-12 18:34 - 2018-08-31 17:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-09-12 18:34 - 2018-08-31 17:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-09-12 18:34 - 2018-08-30 03:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-12 18:34 - 2018-08-30 03:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-12 18:34 - 2018-08-28 07:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-12 18:34 - 2018-08-24 21:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-12 18:34 - 2018-08-24 20:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-12 18:34 - 2018-08-24 01:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-12 18:34 - 2018-08-24 00:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-12 18:34 - 2018-08-24 00:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-12 18:34 - 2018-08-24 00:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-12 18:34 - 2018-08-24 00:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-12 18:34 - 2018-08-24 00:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-12 18:34 - 2018-08-24 00:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-12 18:34 - 2018-08-24 00:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-12 18:34 - 2018-08-24 00:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-12 18:34 - 2018-08-24 00:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-12 18:34 - 2018-08-24 00:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-12 18:34 - 2018-08-24 00:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-12 18:34 - 2018-08-24 00:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-12 18:34 - 2018-08-24 00:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-12 18:34 - 2018-08-24 00:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-12 18:34 - 2018-08-24 00:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-12 18:34 - 2018-08-24 00:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-12 18:34 - 2018-08-24 00:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-12 18:34 - 2018-08-24 00:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-12 18:34 - 2018-08-24 00:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-12 18:34 - 2018-08-24 00:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-12 18:34 - 2018-08-24 00:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-12 18:34 - 2018-08-24 00:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-12 18:34 - 2018-08-24 00:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-12 18:34 - 2018-08-24 00:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-12 18:34 - 2018-08-24 00:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-12 18:34 - 2018-08-24 00:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-12 18:34 - 2018-08-24 00:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-12 18:34 - 2018-08-24 00:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-12 18:34 - 2018-08-24 00:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-12 18:34 - 2018-08-23 23:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-12 18:34 - 2018-08-23 23:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-12 18:34 - 2018-08-23 23:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-12 18:34 - 2018-08-23 23:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-12 18:34 - 2018-08-23 23:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-12 18:34 - 2018-08-23 23:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-12 18:34 - 2018-08-23 23:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-09-12 18:34 - 2018-08-23 23:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-09-12 18:34 - 2018-08-23 23:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-09-12 18:34 - 2018-08-23 23:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-09-12 18:34 - 2018-08-23 23:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-09-12 18:34 - 2018-08-23 23:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-09-12 18:34 - 2018-08-23 23:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-12 18:34 - 2018-08-23 23:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-09-12 18:34 - 2018-08-23 23:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-09-12 18:34 - 2018-08-23 23:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-09-12 18:34 - 2018-08-23 23:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-09-12 18:34 - 2018-08-23 23:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-12 18:34 - 2018-08-23 23:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-09-12 18:34 - 2018-08-23 23:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-09-12 18:34 - 2018-08-23 22:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-09-12 18:34 - 2018-08-23 22:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-09-12 18:34 - 2018-08-23 22:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-09-12 18:34 - 2018-08-23 22:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-09-12 18:34 - 2018-08-23 22:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-09-12 18:34 - 2018-08-23 22:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-09-12 18:34 - 2018-08-23 22:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-12 18:34 - 2018-08-23 22:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-09-12 18:34 - 2018-08-23 22:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-12 18:34 - 2018-08-23 22:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-09-12 18:34 - 2018-08-23 22:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-12 18:34 - 2018-08-23 22:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-09-12 18:34 - 2018-08-23 22:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-12 18:34 - 2018-08-23 22:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-12 18:34 - 2018-08-23 22:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-12 18:34 - 2018-08-23 22:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-12 18:34 - 2018-08-13 17:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-12 18:34 - 2018-08-13 17:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-12 18:34 - 2018-08-13 17:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-12 18:34 - 2018-08-13 17:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-12 18:34 - 2018-08-13 17:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-12 18:34 - 2018-08-13 17:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-12 18:34 - 2018-08-13 17:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-12 18:34 - 2018-08-13 17:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-12 18:34 - 2018-08-13 17:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-12 18:34 - 2018-08-13 17:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-09-12 18:34 - 2018-08-13 17:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2018-09-12 18:34 - 2018-08-12 22:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-12 18:34 - 2018-08-12 22:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-12 18:34 - 2018-08-12 22:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-12 18:34 - 2018-08-12 22:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-12 18:34 - 2018-08-12 22:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-09-12 18:34 - 2018-08-10 17:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-12 18:34 - 2018-08-10 17:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-12 18:34 - 2018-08-10 17:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-12 18:34 - 2018-08-10 17:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-12 18:34 - 2018-08-10 17:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-12 18:34 - 2018-08-10 17:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-09-12 18:34 - 2018-08-10 17:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-09-12 18:34 - 2018-08-10 17:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-12 18:34 - 2018-08-10 17:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-12 18:34 - 2018-08-10 17:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-09-12 18:34 - 2018-08-10 17:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-09-12 18:34 - 2018-08-10 17:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-09-12 18:34 - 2018-08-10 17:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-09-12 18:34 - 2018-08-10 17:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-09-12 18:34 - 2018-08-10 17:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-09-12 18:34 - 2018-08-10 17:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-12 18:34 - 2018-08-10 17:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-12 18:34 - 2018-08-10 17:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-12 18:34 - 2018-08-10 17:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-12 18:34 - 2018-08-10 17:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-12 18:34 - 2018-08-10 17:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-09-12 18:34 - 2018-08-10 17:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-09-12 18:34 - 2018-08-10 17:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-12 18:34 - 2018-08-10 17:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-12 18:34 - 2018-08-10 17:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-09-12 18:34 - 2018-08-10 17:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-12 18:34 - 2018-08-10 17:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-12 18:34 - 2018-08-10 17:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-12 18:34 - 2018-08-10 17:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-09-12 18:34 - 2018-08-10 17:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-12 18:34 - 2018-08-10 17:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-12 18:34 - 2018-08-10 17:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-12 18:34 - 2018-08-10 17:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-12 18:34 - 2018-08-10 17:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-12 18:34 - 2018-08-10 17:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-12 18:34 - 2018-08-10 17:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-09-12 18:34 - 2018-08-10 17:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-09-12 18:34 - 2018-08-10 17:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-09-12 18:34 - 2018-08-10 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-09-12 18:34 - 2018-08-10 17:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-09-12 18:34 - 2018-08-10 17:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 18:34 - 2018-08-10 17:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-09-12 18:34 - 2018-07-29 17:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-12 18:34 - 2018-07-18 17:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-12 18:34 - 2018-06-27 15:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2018-09-12 18:34 - 2018-06-27 15:19 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-10 21:08 - 2018-10-04 19:00 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-08 21:56 - 2018-08-04 12:14 - 000000000 ____D C:\FRST
2018-10-08 21:28 - 2018-08-04 21:53 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-10-08 21:13 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-08 21:13 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-08 20:50 - 2017-04-14 14:19 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-08 20:30 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-04 23:04 - 2018-07-15 19:10 - 000003032 _____ C:\Windows\System32\Tasks\{2201F696-EAD4-49CC-84E6-719352E68D27}
2018-10-04 23:04 - 2018-07-10 22:58 - 000003870 _____ C:\Windows\System32\Tasks\PsiegUpdateElevate_Prismatik
2018-10-04 23:04 - 2017-05-09 14:29 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-10-04 23:04 - 2017-04-14 14:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-12-29 16:09 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-06-29 02:33 - 000003654 _____ C:\Windows\System32\Tasks\MySQLNotifierTask
2018-10-04 23:03 - 2017-04-14 14:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-04-14 14:20 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-04-14 14:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-04-14 14:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-04-14 14:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-04-14 14:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 23:03 - 2017-04-14 13:58 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-04 23:03 - 2017-04-14 13:58 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-04 21:02 - 2017-06-15 13:24 - 000000000 ____D C:\Users\Lugi\.gimp-2.8
2018-10-04 19:03 - 2017-05-07 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-04 19:00 - 2017-05-07 14:47 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-10-04 19:00 - 2017-05-07 14:47 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-04 19:00 - 2017-05-07 14:47 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-04 19:00 - 2017-05-07 14:47 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-04 19:00 - 2017-05-07 14:47 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-04 19:00 - 2017-05-07 14:47 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-04 19:00 - 2017-05-07 14:47 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-04 18:59 - 2017-05-07 14:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-04 00:33 - 2017-04-14 14:26 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\uTorrent
2018-10-03 23:39 - 2018-08-24 18:37 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\vlc
2018-09-26 09:06 - 2017-06-08 22:29 - 000000000 ____D C:\Users\MSSQLSERVER
2018-09-21 22:42 - 2018-03-26 13:03 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-09-21 22:42 - 2018-03-26 13:03 - 000002386 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-09-21 22:40 - 2017-04-14 14:01 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-21 22:40 - 2017-04-14 14:01 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-19 01:30 - 2017-05-09 14:29 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-09-18 23:45 - 2017-06-08 21:59 - 000003148 _____ C:\Windows\System32\Tasks\{59D44A39-0068-474D-BD1A-523BAD2D71C3}
2018-09-15 00:20 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-09-13 19:16 - 2009-07-14 07:13 - 000906446 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-13 19:16 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-13 19:08 - 2009-07-14 06:45 - 000424424 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-12 23:56 - 2017-04-15 14:37 - 000898568 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-09-12 18:28 - 2017-05-09 14:29 - 000215920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-09-11 18:25 - 2017-05-09 14:29 - 000163392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2018-07-15 14:10 - 2009-10-23 23:00 - 005811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
2018-06-14 00:47 - 2018-06-14 00:47 - 001776169 _____ () C:\Users\Lugi\AppData\Roaming\Setup.exe
2018-07-15 14:09 - 2018-07-15 14:09 - 007631872 _____ () C:\Users\Lugi\AppData\Local\agent.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000070896 _____ () C:\Users\Lugi\AppData\Local\Config.xml
2018-07-15 14:08 - 2018-07-15 14:08 - 000016416 _____ () C:\Users\Lugi\AppData\Local\InstallationConfiguration.xml
2018-07-15 14:08 - 2018-07-15 14:08 - 000140800 _____ () C:\Users\Lugi\AppData\Local\installer.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000018432 _____ () C:\Users\Lugi\AppData\Local\Main.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000005568 _____ () C:\Users\Lugi\AppData\Local\md.xml
2018-07-15 14:09 - 2018-07-15 14:09 - 000126464 _____ () C:\Users\Lugi\AppData\Local\noah.dat
2018-10-04 21:02 - 2018-10-04 21:02 - 000000874 _____ () C:\Users\Lugi\AppData\Local\recently-used.xbel
2017-08-29 21:07 - 2017-11-27 18:36 - 000007603 _____ () C:\Users\Lugi\AppData\Local\Resmon.ResmonCfg
2018-07-15 14:08 - 2018-07-15 14:10 - 000929792 _____ () C:\Users\Lugi\AppData\Local\sham.db
2018-07-15 14:09 - 2018-07-15 14:09 - 001988310 _____ () C:\Users\Lugi\AppData\Local\U--Phase.tst
2018-07-15 14:10 - 2018-07-15 14:10 - 000032038 _____ () C:\Users\Lugi\AppData\Local\uninstall_temp.ico

Some files in TEMP:
====================
2010-11-18 18:27 - 2010-11-18 18:27 - 000587776 _____ (Igor Pavlov) C:\Users\Lugi\AppData\Local\Temp\7za.exe
2017-11-19 21:18 - 2001-12-18 02:00 - 000049152 _____ (Creative Technology Ltd) C:\Users\Lugi\AppData\Local\Temp\CheckLang.dll
2017-11-19 21:18 - 2006-08-07 02:00 - 000049152 _____ (Creative Technology Ltd) C:\Users\Lugi\AppData\Local\Temp\CtRunApp.dll
2018-08-04 21:52 - 2018-08-10 17:56 - 001664296 _____ (Microsoft Corporation) C:\Users\Lugi\AppData\Local\Temp\dllnt_dump.dll
2017-04-14 14:19 - 2017-04-01 03:36 - 000868152 _____ (NVIDIA Corporation) C:\Users\Lugi\AppData\Local\Temp\nvSCPAPI64.dll
2017-04-29 13:26 - 2017-04-01 03:36 - 000369208 _____ (NVIDIA Corporation) C:\Users\Lugi\AppData\Local\Temp\nvStInst.exe
2017-05-18 11:04 - 2017-05-18 11:04 - 001066336 _____ (Microsoft Corporation) C:\Users\Lugi\AppData\Local\Temp\PidGenX.dll
2014-09-12 01:44 - 2014-09-12 01:44 - 004216840 _____ (Microsoft Corporation) C:\Users\Lugi\AppData\Local\Temp\vcredist9_x86.exe
2017-05-14 18:24 - 2017-05-14 18:24 - 049508048 _____ (Sony) C:\Users\Lugi\AppData\Local\Temp\xcs76B6.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-05 20:18

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by Lugi (08-10-2018 21:57:54)
Running from C:\Users\Lugi\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-04-14 11:47:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1459657716-2493573527-527088305-500 - Administrator - Disabled)
Guest (S-1-5-21-1459657716-2493573527-527088305-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1459657716-2493573527-527088305-1002 - Limited - Enabled)
Lugi (S-1-5-21-1459657716-2493573527-527088305-1000 - Administrator - Enabled) => C:\Users\Lugi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

${{arpDisplayName}} (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
µTorrent (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
Age of Empires II HD Edition ver. 5.3.1 (HKLM-x32\...\{A435EA2A-DB9C-4A79-8257-7EA7C609EEC4}_is1) (Version: 5.3.1 - *Let'sРlay*)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{D25C9EDD-984F-444C-9229-5A58130C6B10}) (Version: 4.3.60226.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.2 - Arduino LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.6.2349 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.0.792.81 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bioshock Infinite version 1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: 1.1.25.5165 - Mr DJ)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CMake (HKLM\...\{7EFC6372-ACA9-459B-A7C8-BB2CA6C2CE19}) (Version: 3.8.1 - Kitware)
CodeBlocks (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Command Line Tools (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_command_line_tools_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Compiler (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_compiler_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) (HKLM\...\Creative VF0420) (Version:  - )
CUBLAS Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUBLAS Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Documentation (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_documentation_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Toolkit (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Version (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVersion_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDART Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cudart_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUFFT Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CURAND Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CURAND Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSOLVER Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSOLVER Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSPARSE Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSPARSE Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Demo Suite (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_demo_suite_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Docker Toolbox version 18.03.0-ce (HKLM\...\{FC4417F0-D7F3-48DB-BCE1-F5ED5BAFFD91}_is1) (Version: 18.03.0-ce - Docker)
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{80B15934-444B-4B4F-B2A9-439FCCBA4C81}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fortran Examples (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_fortran_examples_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Git version 2.12.2.2 (HKLM\...\Git_is1) (Version: 2.12.2.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ)
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HDF5 (HKLM\...\{1F3BE804-92AD-412F-9FF9-89F9994CDEDA}) (Version: 1.10.0 - HDF_Group)
HDFView 2.13 (HKLM\...\{BEAE5309-CD2F-4763-92B8-167541402E7E}) (Version: 2.13 - The HDF Group)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JetBrains PyCharm Community Edition 2017.1.2 (HKLM-x32\...\PyCharm Community Edition 2017.1.2) (Version: 171.4249.47 - JetBrains s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.27.20180328 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Medieval 2 Total War Gold version 1.05 (HKLM-x32\...\{8241AE65-BF38-4C3F-B0AF-6E9983A4516C}_is1) (Version: 1.05 - vol1)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Updates (HKLM-x32\...\{f90e9ec5-977b-4752-8518-abe39dac065d}) (Version: 14.0.24720.41 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.29.01.264 - Huawei Technologies Co.,Ltd)
Mount.Blade.Warband.v1.168.ACOK2.2-ALI213 version 1.168 (HKLM-x32\...\{247B81A0-D9F6-421A-83B6-AC6325708382}}_is1) (Version: 1.168 - Ali213.net)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector C++ 1.1.8 (HKLM\...\{4BFAEC5F-9E57-467F-A19F-2FF716DDC9E6}) (Version: 1.1.8 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9F9DCBD0-6C06-445C-B407-B2FF16C98B63}) (Version: 5.1.42 - Oracle Corporation)
MySQL Connector Net 6.9.9 (HKLM-x32\...\{E09F82E9-3EB3-4725-BDC8-3C77F83E262C}) (Version: 6.9.9 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{788AEC1D-78E4-4E65-A388-AC87D0490911}) (Version: 6.1.10 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{EB0CFCBD-B0C8-4F0F-ACF4-8B674A19B459}) (Version: 5.3.8 - Oracle Corporation)
MySQL Documents 5.7 (HKLM-x32\...\{B3E47FBC-B036-4AC9-975E-55AA7252A7A0}) (Version: 5.7.18 - Oracle Corporation)
MySQL Examples and Samples 5.7 (HKLM-x32\...\{A991DCE5-AB3B-4E9F-A58E-EF5E02742665}) (Version: 5.7.18 - Oracle Corporation)
MySQL for Visual Studio 1.2.7 (HKLM-x32\...\{63F92630-4546-4297-A0F5-761886A689EE}) (Version: 1.2.7 - Oracle)
MySQL Installer - Community (HKLM-x32\...\{DE64E7EF-38D5-4A3A-8B18-A691FB177438}) (Version: 1.4.19.0 - Oracle Corporation)
MySQL Notifier 1.1.7 (HKLM-x32\...\{724CDD73-430E-47DA-8F4E-7DF2000BA268}) (Version: 1.1.7 - Oracle)
MySQL Router 2.1 (HKLM\...\{929202C7-D089-4B21-934F-753E12A7500F}) (Version: 2.1.3 - Oracle Corporation)
MySQL Server 5.7 (HKLM\...\{2DA17C9C-993C-4A53-8C65-C05A470A2849}) (Version: 5.7.18 - Oracle Corporation)
MySQL Shell 1.0.9 (HKLM\...\{69E5F01E-8F6B-44F8-92D9-54EC39F846DA}) (Version: 1.0.9 - Oracle and/or its affiliates)
MySQL Utilities (HKLM\...\{BEDAC2EF-DBA2-4B25-857A-7DF385FA645E}) (Version: 1.6.5 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{CD8C5EC0-56A3-4F6E-BB22-E230059DF1F2}) (Version: 6.3.9 - Oracle Corporation)
Nicky Romero Kickstart 1.0.9 (HKLM\...\Kickstart_is1) (Version: 1.0.9 - Nicky Romero)
NPP Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NPP Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVGRAPH Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVGRAPH Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA CUDA Development 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADevelopment_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Documentation 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocument_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Runtime 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDARuntimes_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Samples 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_samples_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_visual_studio_integration_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 5.2.0.16321 (HKLM\...\{39F2CF8F-DE76-49F1-85D5-FC215853B709}) (Version: 5.2.0.16321 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{B56D2F88-8865-40FD-B7AC-F074EE4D201D}) (Version: 1.00.00.00 - NVIDIA Corporation)
NVML Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvml_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVRTC Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVRTC Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Occupancy Calculator (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_occupancy_calculator_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
PandaViewer (HKLM-x32\...\PandaViewer) (Version:  - )
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prismatik (unofficial) 64bit (remove only) (HKLM-x32\...\{ABD88CE7-1FFA-416C-96CA-CCC6F2B34236}_is1) (Version: 5.11.2.17 - Patrick Siegler)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.4 - Project Reality)
Project Reality: WW2 (HKLM\...\Project Reality: WW2 (pr_ww2)_is1) (Version: v0.2 - Project Reality)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (64-bit) (HKLM\...\{E151A5E4-D373-4388-82FB-0C9F5F6CFB76}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (HKLM\...\{5397E020-59CB-43BF-A0FE-32B26DE98187}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (HKLM\...\{911FCD3E-A42F-472C-983A-0518799BFE7D}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (HKLM\...\{24C31CC2-A8F2-417E-A61B-5E682D39893B}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (HKLM\...\{A74E3253-CB6C-4214-8964-FFCEB37DB5D8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (HKLM\...\{976C50E6-00DF-40A6-9E59-70A4F3EF4E32}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (HKLM\...\{A4B31C78-C884-4B36-BDE4-FBAD3A2A1C7E}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (HKLM\...\{7BA8A393-A7EB-4529-8A63-D7A4502C0D24}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (HKLM\...\{E5642976-7F8E-41C1-A249-419B809CA2A8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
RogueKiller version 12.12.29.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.29.0 - Adlice Software)
Roslyn Language Services - x86 (HKLM-x32\...\{3107684C-8011-3031-BD28-10CA30F58267}) (Version: 14.0.24730 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SafeFinder (HKLM-x32\...\{B0F6BAC7-9BAF-4C8A-96C8-BD393B6CE5BC}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.6.201704121541 - Sony Mobile Communications Inc.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
TP-LINK TL-WN823N Driver (HKLM-x32\...\{CE194A8D-C8DF-47EB-AB04-5A54CDC1C5BD}) (Version: 1.3.1 - TP-LINK)
TypeScript Power Tool (HKLM-x32\...\{CF436B98-B0FE-447F-8E46-68E0B14FDDE0}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{F66F9C2A-E14B-4D30-82C5-A4E32B569286}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{33952D66-D503-10CA-DD8E-E365C15EB4E0}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{27b15812-304d-4fc2-80b7-55a920f30a28}) (Version: 1.6.5.0 - Sony)
Xperia Companion (HKLM-x32\...\{9D56F227-FC8D-419D-ADEB-41E5734025BD}) (Version: 1.6.5.0 - Sony) Hidden
Xperia Companion Service (HKLM\...\{941E0B86-5EC0-43BC-9DA9-9BC596150B4B}) (Version: 1.6.5.0 - Sony) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-30] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C802091-C7FA-425C-9929-4941F7A9F67F} - System32\Tasks\{59D44A39-0068-474D-BD1A-523BAD2D71C3} => C:\Windows\system32\pcalua.exe -a C:\Users\Lugi\Downloads\SQLServer2016-SSEI-Expr.exe -d C:\Users\Lugi\Downloads
Task: {198B3C60-DE17-44CD-9B2C-53434C839A2A} - System32\Tasks\PsiegUpdateElevate_Prismatik => C:\Program Files\Prismatik\UpdateElevate.exe [2018-04-26] ()
Task: {1DE29877-B3F2-44D9-922A-270C59D7DA67} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {23EE076D-09B0-4BDB-82F7-4891DB28E463} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
Task: {46DC569D-490B-4FFC-BDEF-2355C6D05500} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {492C011E-4734-4DD2-A4A5-9805DDD2AD87} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {4FA3091A-DFF7-4B0B-ABBB-5AB3DB02E596} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {5DE74AB2-E77E-4CA9-895E-BE2E1F3F40B3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-04] (Microsoft Corporation)
Task: {6E9D57AF-101E-47A6-B2C7-1C592E082595} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2017-04-10] (Oracle Corporation)
Task: {6ED941D8-0D8B-487D-8CFC-C8D514C390CB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {7473CBD5-C27B-43A6-9E43-FFAF94912B8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {82F88F6A-DDDD-493E-9801-2432A89A1E24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
Task: {8608600C-761E-45DE-8144-781C219F4F74} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {90A4B1FC-0100-4897-890B-26F89BC30DDF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-04] (Microsoft Corporation)
Task: {9385D08B-959E-467E-ADD2-2D4ABFDA12FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {A02EB10E-C3D5-48E3-ACFB-0E0011DE22ED} - System32\Tasks\{2201F696-EAD4-49CC-84E6-719352E68D27} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {BEB693A4-3872-4D69-AEE0-5842155AD015} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2016-07-29] (Oracle Corporation)
Task: {C08263A0-BCBC-4CA0-86DC-B1EEDC1B83B5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {C9C51744-5B61-4FC9-A769-9C5FD975D158} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {CF56C87F-FB2A-401C-89C4-F809D8FDDAE5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-21] (AVAST Software)
Task: {D07B5D8F-8AE4-4700-8E0B-16AC7CD1F2A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {D29B3572-FC9C-4FFD-8B36-5A1D0B75950A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {E26C9F85-59B2-47D2-BF59-E97DAB545BFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-04] (Microsoft Corporation)
Task: {E6C40FB8-4982-4BBA-BEEF-4AF57933E282} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-04] (Microsoft Corporation)
Task: {EDFADA87-4B29-490B-9315-282EDF48F7D7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-30] (AVAST Software)
Task: {F4C68B86-A4D9-4490-80C4-39EF81D9963F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {F7350ACC-697B-49F9-97CD-1752A0BD286F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Lugi\Desktop\HDFView-2.13.0.lnk -> C:\Users\Lugi\AppData\Local\Apps\HDF_Group\HDFView\2.13.0\hdfview.bat ()
Shortcut: C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDFView-2.13.0\HDFView-2.13.0.lnk -> C:\Users\Lugi\AppData\Local\Apps\HDF_Group\HDFView\2.13.0\hdfview.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-01-03 19:00 - 2016-03-24 04:54 - 000242264 _____ () C:\Program Files (x86)\MobileBrServ\mbbservice.exe
2017-03-18 09:18 - 2017-03-18 09:18 - 039334400 _____ () C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
2017-04-14 14:20 - 2017-12-16 02:21 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-23 19:25 - 2017-09-24 22:08 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-07-23 19:25 - 2017-09-24 22:08 - 000189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2018-09-21 22:40 - 2018-09-15 10:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-21 22:40 - 2018-09-15 10:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-08-30 18:28 - 2018-08-30 18:28 - 000575704 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-08-30 18:29 - 2018-08-30 18:29 - 000896216 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-08-30 18:28 - 2018-08-30 18:28 - 000541400 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-08-30 18:28 - 2018-08-30 18:28 - 000151768 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-08-30 18:28 - 2018-08-30 18:28 - 000986840 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-10-08 20:33 - 2018-10-08 20:33 - 005708432 _____ () C:\Program Files\AVAST Software\Avast\defs\18100806\algo.dll
2017-04-14 14:20 - 2017-12-16 02:21 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-13 00:20 - 2018-03-13 00:20 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\.rdata:X [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-26 17:44 - 000000888 _____ C:\Windows\system32\Drivers\etc\hosts

185.31.160.192 karachan.org
185.31.160.192 www.karachan.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D50CB569-F4D0-43F3-B1EC-A4ADE0DD0FFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{626DAB18-64D4-49C9-9B88-91DD1516D70A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{945DFB0C-964D-4C37-B85E-2662C57C6F3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{34B5DA6B-34A3-4606-8CD2-31F11CB29FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD0B463B-0E54-46B4-B024-F027E7BBE970}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9BBBD42-2235-4DAF-B505-E5CFC9D6F436}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{21C712BD-2E90-4E16-BA6F-7E17A77E28F2}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{10589F0F-BF2C-413D-8F07-449FAC2A6C98}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{15F85AC6-8A98-4139-A63E-1844B3D8CA5A}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{121C4D03-2BB8-4507-B7E1-3E0A5916CA3D}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E2DA77D-77D7-49E7-A222-251CB1BD26B7}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF759090-8BB6-41A7-A11B-680C20FF0988}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{6633FBA4-8749-4C5D-828F-2B40318BCF74}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{4EAA8BA1-49D1-47E2-85C3-3F26389C3036}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{33861894-F437-4927-94F7-DDB23A056437}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{52E4F96B-65C8-4644-BCBA-1C525F50FDE8}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F588E0B2-81CA-4EA9-B868-70A5B848D3E1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{21ABCCF1-B0F1-42DE-8673-A4927BB2E8DD}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{B71444E8-8897-465E-8A31-E09878029753}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{8B615E40-527C-448A-B65F-7897F45BAB1D}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{90CA630E-9D4C-42E3-888B-A1F8B447CCBA}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{33C39993-EE12-4E92-A107-C466249EDD5E}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F4970D1C-04B5-4814-BCC3-45A1AA4C5680}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{822BE8AD-99B7-46FE-8FDD-D953A16635DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2BCA81CB-F328-4FF3-97A0-1626265A8980}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5C7E3CB2-BF42-4419-96A4-E05496FF684E}] => (Allow) C:\Users\Lugi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{044A7620-8449-4F41-9E91-2459919A7733}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{E8F53B66-0187-43AC-B412-02368FE928B4}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{0AF610DA-F923-453B-AFA6-8266D653F8A9}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F080EA30-09A9-46C8-A09B-B6EE45ED7B90}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{1D94C764-1F12-422A-9C83-2E492F61C974}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{D8035140-1373-4509-8750-DEADC3DD470E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{8DAEA91D-5C85-466D-9E78-C3DA7F709527}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{12EF279B-DC17-49D2-A690-CC0777E19889}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{07EED434-4676-4C3A-9CA0-2F9E44165EEF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{18BAEC0D-0818-41DA-8C56-5E6D85EB3001}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F43491C0-6A63-4F69-836D-3EBF7F229AE2}] => (Allow) LPort=3306
FirewallRules: [{E66C5FDA-73CB-44A4-8843-EB158DE4C478}] => (Allow) LPort=3306
FirewallRules: [{F28E37F0-67DB-41A0-8ABE-72B395C7F7F8}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{36898223-FFC2-486F-9B82-2838CA83A2FB}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{FF5C6043-5AC8-4B18-9A77-3428F0479F4C}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{8418B55C-7534-4A91-AC89-A7742CAB5DFD}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [TCP Query User{070E9A79-87FA-40B6-9760-33F8FD58CD35}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [UDP Query User{AF1BDFE6-1C4F-487F-B8FB-4D038464109E}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [{EB3C9E65-8794-4EEE-AD6C-B466F6DE40AB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{731B4C0C-07B6-4239-A599-B65696289E10}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{9A84F5AD-C349-4E5B-B447-8707A5435490}C:\users\lugi\appdata\local\programs\python\python35\python.exe] => (Allow) C:\users\lugi\appdata\local\programs\python\python35\python.exe
FirewallRules: [UDP Query User{E59FF6A0-F5CC-4D7B-82DA-6E9903F3DFE6}C:\users\lugi\appdata\local\programs\python\python35\python.exe] => (Allow) C:\users\lugi\appdata\local\programs\python\python35\python.exe
FirewallRules: [{F5C1FCE3-4DC5-46DD-ACD7-CB11896C0B98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B71FDAA7-2DFC-42B9-A4E4-856E10A774FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2F79F137-3720-49F7-B54C-4A913A612599}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{77E7AC9B-BEDB-4202-9D46-305F46A4CFFA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{E2672BB1-5133-46DC-A002-1609ECEAC545}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{CCFCFCE1-6C76-4FD3-A905-98D392509832}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{CDD637C9-7F97-4E4F-BDCD-CF402E2D7640}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{109C1BBA-7236-4C4C-AF0B-EC6C3EE3E6DE}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{87BAAAA3-2ADE-49EA-93F0-75CD88E45B0D}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{163866C9-D94F-44BF-B9F4-299A59DBD285}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{60FEB3F7-6904-416F-BDD5-1CD968BD44F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{65C4F0CC-60A3-4B96-BE54-135E6DDC6996}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E0F5F3AE-2DDB-41E5-AF5C-1105F357D4C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D1D467D7-2E7E-44B0-AB68-35C141C7AC56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7CB8D67-880F-47A0-AE6B-E0AFA9A057AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D50C90C6-EBDC-41C5-83C8-6222DD488DD8}] => (Allow) D:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{0418D487-0629-48F3-80AA-960128E46638}] => (Allow) D:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{3047E7F3-1ADC-4D0B-9B16-3D14449213D0}] => (Allow) D:\Program Files (x86)\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{07A16DA5-5AA5-4CA9-80D5-D4BDB81EC5B4}] => (Allow) D:\Program Files (x86)\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{40CF7B0D-95F5-4842-A4F8-537053A7E25A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3A5F8403-D0FD-4CAA-A07F-B2EB6B776286}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8B4D793C-C84B-4CF7-A7E8-9EF9D0C318B9}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{29B537EC-AECB-4242-A8D6-9DD45504B37F}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8B5EBC5E-C64E-41F6-90F5-E4C79D55AC3F}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [UDP Query User{6E183EF2-47B1-45BF-9A6C-45907D29C190}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [{50F8B758-7B65-43EC-9B36-6A0FF87ADB0C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{D9002E3F-0194-4E8E-8F7A-23040C8B9078}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{BF1CB30A-5A38-4ABC-B14E-3C5066770F24}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{67051A5A-024E-444D-8DD6-5F24B0B0D098}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8D6C101C-897A-44E9-9B47-680596017839}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CC6498A2-987B-4D94-978E-F1E068947BBC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3ED7979F-40A6-4E6D-AC8B-E0193900ACD2}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2018 09:28:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/08/2018 08:31:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/06/2018 01:00:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/05/2018 07:13:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/04/2018 08:59:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/04/2018 07:03:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/04/2018 06:38:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/03/2018 06:38:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (10/08/2018 08:33:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (10/08/2018 08:32:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (10/08/2018 08:31:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (10/08/2018 08:30:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/06/2018 05:03:37 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/06/2018 01:00:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (10/06/2018 12:59:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/05/2018 08:18:22 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Windows Defender:
===================================
Date: 2017-04-29 03:03:42.497
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{7CD7A6D1-48A4-4E60-B5A7-8DD321FBFBB1}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 8174.49 MB
Available physical RAM: 3726.23 MB
Total Virtual: 16347.13 MB
Available Virtual: 12746.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200 GB) (Free:7.27 GB) NTFS
Drive d: () (Fixed) (Total:731.41 GB) (Free:214.59 GB) NTFS

\\?\Volume{d96159fc-2152-11e7-8ce7-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{364f2b63-21ca-11e7-82be-6c626db42707}\ (PRBF2) (CDROM) (Total:7.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FA03DE70)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=731.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 09 October 2018 - 07:20 AM

Hi,

This DHCP address is from Poland. It his location in your area?
Tcpip\..\Interfaces\{19EACBD0-661E-41F0-A7D9-1FEDEFCE8BCC}: [DhcpNameServer] 62.179.1.62 62.179.1.63
===
 

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}


You currently have no protection. Please Enable AVAST. Let me know if you have any problems with it.
Avast was enabled in your Addition.log posted in post no3.
However the report was that many Avast drivers could not load.
If you have additional problem when Avast is enabled your should remove it it using their uninstaller tool/
Follow the instructions on this page. Avast
https://www.avast.com/en-ca/uninstall-utility

Do not reinstall it just now.
Reboot your computer, Windows Defender will be enable and you should find out if the problem persists after you have executed by fix below.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
PandaViewer (HKLM-x32\...\PandaViewer) (Version: - )
SafeFinder (HKLM-x32\...\{B0F6BAC7-9BAF-4C8A-96C8-BD393B6CE5BC}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION

CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
This file is not signed and could be compromised.
If needed get the latest version from this site.
https://www.cpuid.com/
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-08-11] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-08-11] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
2017-05-14 18:24 - 2017-05-14 18:24 - 049508048 _____ (Sony) C:\Users\Lugi\AppData\Local\Temp\xcs76B6.tmp.exe
AlternateDataStreams: C:\ProgramData\.rdata:X [128]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#12 Lugi

Lugi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 09 October 2018 - 04:06 PM

Unfortunately problem still persists.

 

Online Application was nowhere to be found in Programs and Features, Safe Finder was already removed supposedly, so it just got removed from the list.

 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by Lugi (09-10-2018 23:02:37) Run:4
Running from C:\Users\Lugi\Downloads
Loaded Profiles: Lugi & MSSQLSERVER (Available Profiles: Lugi & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-08-11] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-08-11] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
2017-05-14 18:24 - 2017-05-14 18:24 - 049508048 _____ (Sony) C:\Users\Lugi\AppData\Local\Temp\xcs76B6.tmp.exe
AlternateDataStreams: C:\ProgramData\.rdata:X [128]

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
"HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => removed successfully
HKLM\Software\Classes\CLSID\{ielnksrch} => not found
C:\Users\Lugi\AppData\Local\Temp\xcs76B6.tmp.exe => moved successfully
C:\ProgramData\.rdata => ":X" ADS removed successfully


The system needed a reboot.

==== End of Fixlog 23:02:57 ====

Edited by Lugi, 09 October 2018 - 04:08 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 10 October 2018 - 07:58 AM


Hi,

Your logs are clean.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please paste the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#14 Lugi

Lugi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 11 October 2018 - 03:38 AM

TDSS:

10:09:13.0064 3232  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:09:13.0797 3232  ============================================================
10:09:13.0797 3232  Current date / time: 2018/10/11 10:09:13.0797
10:09:13.0797 3232  SystemInfo:
10:09:13.0797 3232  
10:09:13.0797 3232  OS Version: 6.1.7601 ServicePack: 1.0
10:09:13.0797 3232  Product type: Workstation
10:09:13.0797 3232  ComputerName: LUGI-PC
10:09:13.0797 3232  UserName: Lugi
10:09:13.0797 3232  Windows directory: C:\Windows
10:09:13.0797 3232  System windows directory: C:\Windows
10:09:13.0797 3232  Running under WOW64
10:09:13.0797 3232  Processor architecture: Intel x64
10:09:13.0797 3232  Number of processors: 4
10:09:13.0797 3232  Page size: 0x1000
10:09:13.0797 3232  Boot type: Normal boot
10:09:13.0797 3232  ============================================================
10:09:14.0982 3232  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:14.0982 3232  ============================================================
10:09:14.0982 3232  \Device\Harddisk0\DR0:
10:09:14.0982 3232  MBR partitions:
10:09:14.0982 3232  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:09:14.0982 3232  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19000000
10:09:14.0982 3232  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19032800, BlocksNum 0x5B6D3800
10:09:14.0982 3232  ============================================================
10:09:14.0998 3232  C: <-> \Device\Harddisk0\DR0\Partition2
10:09:15.0045 3232  D: <-> \Device\Harddisk0\DR0\Partition3
10:09:15.0045 3232  ============================================================
10:09:15.0045 3232  Initialize success
10:09:15.0045 3232  ============================================================
10:09:17.0728 2216  ============================================================
10:09:17.0728 2216  Scan started
10:09:17.0728 2216  Mode: Manual; 
10:09:17.0728 2216  ============================================================
10:09:21.0035 2216  ================ Scan system memory ========================
10:09:21.0035 2216  System memory - ok
10:09:21.0035 2216  ================ Scan services =============================
10:09:21.0129 2216  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
10:09:21.0129 2216  1394ohci - ok
10:09:21.0160 2216  [ DCA5495CA17AEB2F4FD8AC60812C3999 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:09:21.0160 2216  ACPI - ok
10:09:21.0176 2216  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:09:21.0176 2216  AcpiPmi - ok
10:09:21.0191 2216  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:09:21.0191 2216  adp94xx - ok
10:09:21.0207 2216  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:09:21.0207 2216  adpahci - ok
10:09:21.0222 2216  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:09:21.0238 2216  adpu320 - ok
10:09:21.0254 2216  [ 262D7C87D0AC20B96EF9877D3CA478A0 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:09:21.0254 2216  AeLookupSvc - ok
10:09:21.0285 2216  [ 0DC2A9882540DEA4A55B08785E09D8FC ] AFD             C:\Windows\system32\drivers\afd.sys
10:09:21.0285 2216  AFD - ok
10:09:21.0316 2216  [ 466BF4170DC41BB939F1F9AB8F97F8F5 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:09:21.0316 2216  agp440 - ok
10:09:21.0332 2216  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:09:21.0347 2216  ALG - ok
10:09:21.0363 2216  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:09:21.0378 2216  aliide - ok
10:09:21.0378 2216  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:09:21.0378 2216  amdide - ok
10:09:21.0394 2216  [ F30DB0E52DC67D05086EF73EEC825074 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:09:21.0394 2216  AmdK8 - ok
10:09:21.0410 2216  [ 267E32B061CF5CC6B348371F6A7820E5 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:09:21.0410 2216  AmdPPM - ok
10:09:21.0441 2216  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:09:21.0441 2216  amdsata - ok
10:09:21.0456 2216  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:09:21.0456 2216  amdsbs - ok
10:09:21.0472 2216  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:09:21.0472 2216  amdxata - ok
10:09:21.0488 2216  AndnetBus - ok
10:09:21.0488 2216  AndNetDiag - ok
10:09:21.0503 2216  ANDNetModem - ok
10:09:21.0534 2216  [ B36955F227F71D6EADFF2D1B12061F4B ] AppID           C:\Windows\system32\drivers\appid.sys
10:09:21.0534 2216  AppID - ok
10:09:21.0534 2216  [ C07670E831E37A25B8A64FE548B5B1BB ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:09:21.0534 2216  AppIDSvc - ok
10:09:21.0566 2216  [ 672F9F574E34C4E0E671CD8B6D529CC9 ] Appinfo         C:\Windows\System32\appinfo.dll
10:09:21.0566 2216  Appinfo - ok
10:09:21.0581 2216  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:09:21.0581 2216  AppMgmt - ok
10:09:21.0612 2216  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:09:21.0612 2216  arc - ok
10:09:21.0628 2216  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:09:21.0628 2216  arcsas - ok
10:09:21.0706 2216  [ A8EAEFC4FCF34CE2B85DAA573144A26A ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:09:21.0706 2216  aspnet_state - ok
10:09:21.0722 2216  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:09:21.0722 2216  AsyncMac - ok
10:09:21.0722 2216  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:09:21.0737 2216  atapi - ok
10:09:21.0753 2216  [ 67C717EC24FCAAE7B518D9E06AD036AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:09:21.0753 2216  AudioEndpointBuilder - ok
10:09:21.0768 2216  [ 67C717EC24FCAAE7B518D9E06AD036AB ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:09:21.0768 2216  AudioSrv - ok
10:09:21.0768 2216  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:09:21.0768 2216  AxInstSV - ok
10:09:21.0784 2216  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:09:21.0800 2216  b06bdrv - ok
10:09:21.0815 2216  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:09:21.0831 2216  b57nd60a - ok
10:09:21.0831 2216  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:09:21.0831 2216  BDESVC - ok
10:09:21.0846 2216  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:09:21.0846 2216  Beep - ok
10:09:21.0940 2216  [ 615C34C71FA4637849BB61DE4193C462 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
10:09:22.0018 2216  BEService - ok
10:09:22.0049 2216  [ E3ED6C06462FDDE33100F7E45E8F5213 ] BFE             C:\Windows\System32\bfe.dll
10:09:22.0065 2216  BFE - ok
10:09:22.0080 2216  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:09:22.0096 2216  BITS - ok
10:09:22.0096 2216  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:09:22.0112 2216  blbdrive - ok
10:09:22.0127 2216  [ D7E5C916557268B3DCC9E7DAD58E7727 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:09:22.0127 2216  bowser - ok
10:09:22.0143 2216  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:09:22.0143 2216  BrFiltLo - ok
10:09:22.0158 2216  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:09:22.0158 2216  BrFiltUp - ok
10:09:22.0174 2216  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:09:22.0174 2216  Browser - ok
10:09:22.0190 2216  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:09:22.0190 2216  Brserid - ok
10:09:22.0190 2216  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:09:22.0190 2216  BrSerWdm - ok
10:09:22.0190 2216  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:09:22.0190 2216  BrUsbMdm - ok
10:09:22.0205 2216  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:09:22.0205 2216  BrUsbSer - ok
10:09:22.0221 2216  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:09:22.0221 2216  BTHMODEM - ok
10:09:22.0252 2216  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:09:22.0252 2216  bthserv - ok
10:09:22.0252 2216  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:09:22.0252 2216  cdfs - ok
10:09:22.0268 2216  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:09:22.0268 2216  cdrom - ok
10:09:22.0268 2216  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:09:22.0268 2216  CertPropSvc - ok
10:09:22.0299 2216  [ 3C0A1B6F538E00F318C109F4A3F29515 ] CH341SER_A64    C:\Windows\system32\Drivers\CH341S64.SYS
10:09:22.0314 2216  CH341SER_A64 - ok
10:09:22.0314 2216  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:09:22.0314 2216  circlass - ok
10:09:22.0330 2216  [ B5D7A0638CA817BA7D8A4DFD3499BA2A ] CLFS            C:\Windows\system32\CLFS.sys
10:09:22.0346 2216  CLFS - ok
10:09:22.0486 2216  [ 22F1A07A69B3A24AB3E0E1051CAD5C8C ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
10:09:22.0533 2216  ClickToRunSvc - ok
10:09:22.0595 2216  [ F13EC8A783E0CB0D6DC26A3CA848B7B8 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:09:22.0611 2216  clr_optimization_v2.0.50727_32 - ok
10:09:22.0626 2216  [ B4D73F04E9BC076F7CDAC4327DF636BB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:09:22.0626 2216  clr_optimization_v2.0.50727_64 - ok
10:09:22.0673 2216  [ 53076ABBB58EBFFB79177BEF0DB30888 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:09:22.0673 2216  clr_optimization_v4.0.30319_32 - ok
10:09:22.0673 2216  [ 64A703D8BEFF0C653FD518E72CEE16C3 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:09:22.0673 2216  clr_optimization_v4.0.30319_64 - ok
10:09:22.0689 2216  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:09:22.0689 2216  CmBatt - ok
10:09:22.0704 2216  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:09:22.0704 2216  cmdide - ok
10:09:22.0736 2216  [ 9DE8D00626F01DBD1879A6655D7A752D ] CNG             C:\Windows\system32\Drivers\cng.sys
10:09:22.0736 2216  CNG - ok
10:09:22.0751 2216  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:09:22.0751 2216  Compbatt - ok
10:09:22.0751 2216  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:09:22.0767 2216  CompositeBus - ok
10:09:22.0767 2216  COMSysApp - ok
10:09:22.0767 2216  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:09:22.0767 2216  crcdisk - ok
10:09:22.0798 2216  [ EC0550300E899BD69BDB5937E684D348 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:09:22.0798 2216  CryptSvc - ok
10:09:22.0829 2216  [ 80BC9D418607974E4940EBC42F69BC8D ] CSC             C:\Windows\system32\drivers\csc.sys
10:09:22.0829 2216  CSC - ok
10:09:22.0845 2216  [ C593B028F399934C0A739AD7438B21BF ] CscService      C:\Windows\System32\cscsvc.dll
10:09:22.0845 2216  CscService - ok
10:09:22.0892 2216  [ 43CCB07A71347064695B8852492DA126 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:09:22.0892 2216  DcomLaunch - ok
10:09:22.0907 2216  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:09:22.0907 2216  defragsvc - ok
10:09:22.0938 2216  [ 63705A08981F7EDD376241D6E0A9C2AC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:09:22.0938 2216  DfsC - ok
10:09:22.0970 2216  [ 5F78930AAB3900102EA8ACDD38F97324 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:09:22.0970 2216  dg_ssudbus - ok
10:09:23.0001 2216  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:09:23.0001 2216  Dhcp - ok
10:09:23.0157 2216  [ 7DF76667FA6276EE94F3BEAA8105E1B3 ] DiagTrack       C:\Windows\system32\diagtrack.dll
10:09:23.0157 2216  DiagTrack - ok
10:09:23.0313 2216  [ 7B00468816A1D485E38D22704EED5F5C ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
10:09:23.0313 2216  Disc Soft Lite Bus Service - ok
10:09:23.0313 2216  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:09:23.0313 2216  discache - ok
10:09:23.0328 2216  [ 616387BBD83372220B09DE95F4E67BBC ] Disk            C:\Windows\system32\drivers\disk.sys
10:09:23.0328 2216  Disk - ok
10:09:23.0344 2216  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
10:09:23.0344 2216  dmvsc - ok
10:09:23.0360 2216  [ EEEFC204476D5C44E4F6802F55697179 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:09:23.0360 2216  Dnscache - ok
10:09:23.0375 2216  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:09:23.0375 2216  dot3svc - ok
10:09:23.0375 2216  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:09:23.0375 2216  DPS - ok
10:09:23.0391 2216  [ 26FE888505E5A945B0536AF9A2A27A6F ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:09:23.0391 2216  drmkaud - ok
10:09:23.0391 2216  [ 679FF716052109392D870F6A6C4A3535 ] dtlitescsibus   C:\Windows\system32\DRIVERS\dtlitescsibus.sys
10:09:23.0391 2216  dtlitescsibus - ok
10:09:23.0422 2216  [ E23FDD696839A4790682CA66C48D3F2F ] dtliteusbbus    C:\Windows\system32\DRIVERS\dtliteusbbus.sys
10:09:23.0422 2216  dtliteusbbus - ok
10:09:23.0438 2216  [ 781C6AE4B9111C9AD5017F1677599CDE ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:09:23.0453 2216  DXGKrnl - ok
10:09:23.0469 2216  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:09:23.0469 2216  EapHost - ok
10:09:23.0516 2216  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:09:23.0547 2216  ebdrv - ok
10:09:23.0578 2216  [ 4DC3966AAD03A89102ED0156EC6A9E95 ] EFS             C:\Windows\System32\lsass.exe
10:09:23.0578 2216  EFS - ok
10:09:23.0609 2216  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:09:23.0625 2216  ehRecvr - ok
10:09:23.0625 2216  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:09:23.0625 2216  ehSched - ok
10:09:23.0640 2216  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:09:23.0640 2216  elxstor - ok
10:09:23.0672 2216  [ 9002EED07FD7FCFF6B8C5C06B454AC19 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:09:23.0672 2216  ErrDev - ok
10:09:23.0687 2216  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:09:23.0703 2216  EventSystem - ok
10:09:23.0718 2216  [ 7E45F8B117419ABA3BB26579F6E70324 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:09:23.0718 2216  exfat - ok
10:09:23.0734 2216  [ 6EDFA237D25433C03F42FBFDB16BDD24 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:09:23.0734 2216  fastfat - ok
10:09:23.0765 2216  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:09:23.0765 2216  Fax - ok
10:09:23.0781 2216  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:09:23.0781 2216  fdc - ok
10:09:23.0796 2216  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:09:23.0796 2216  fdPHost - ok
10:09:23.0796 2216  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:09:23.0796 2216  FDResPub - ok
10:09:23.0812 2216  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:09:23.0812 2216  FileInfo - ok
10:09:23.0828 2216  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:09:23.0828 2216  Filetrace - ok
10:09:23.0828 2216  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:09:23.0828 2216  flpydisk - ok
10:09:23.0859 2216  [ DC591A7A196E99EFB5A48D708CB989FD ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:09:23.0859 2216  FltMgr - ok
10:09:23.0906 2216  [ 785F474FB5E67E448E1931C98E8D0ABC ] FontCache       C:\Windows\system32\FntCache.dll
10:09:23.0921 2216  FontCache - ok
10:09:23.0952 2216  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:09:23.0952 2216  FontCache3.0.0.0 - ok
10:09:23.0952 2216  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:09:23.0952 2216  FsDepends - ok
10:09:23.0968 2216  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:09:23.0968 2216  Fs_Rec - ok
10:09:23.0999 2216  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:09:23.0999 2216  fvevol - ok
10:09:24.0015 2216  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:09:24.0015 2216  gagp30kx - ok
10:09:24.0062 2216  [ A1F556318931B9EA276F4E2DA2C1791C ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
10:09:24.0062 2216  ggflt - ok
10:09:24.0077 2216  [ 7F56A3E09A6AD40B07E4EFAD34A40A18 ] ggsomc          C:\Windows\system32\DRIVERS\ggsomc.sys
10:09:24.0077 2216  ggsomc - ok
10:09:24.0093 2216  [ E4AE497857409127ED57562AF913A903 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:09:24.0108 2216  gpsvc - ok
10:09:24.0140 2216  [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:09:24.0140 2216  gupdate - ok
10:09:24.0140 2216  [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:09:24.0140 2216  gupdatem - ok
10:09:24.0155 2216  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:09:24.0155 2216  hcw85cir - ok
10:09:24.0186 2216  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:09:24.0186 2216  HdAudAddService - ok
10:09:24.0202 2216  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:09:24.0202 2216  HDAudBus - ok
10:09:24.0202 2216  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:09:24.0202 2216  HidBatt - ok
10:09:24.0218 2216  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:09:24.0218 2216  HidBth - ok
10:09:24.0218 2216  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:09:24.0218 2216  HidIr - ok
10:09:24.0249 2216  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:09:24.0249 2216  hidserv - ok
10:09:24.0264 2216  [ 90D91013D16A15B22A4B4EB6D4140A5B ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
10:09:24.0264 2216  HidUsb - ok
10:09:24.0311 2216  [ 4B0FA75C978B6EEC68E3D9C51580AD81 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
10:09:24.0311 2216  HitmanProScheduler - ok
10:09:24.0327 2216  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:09:24.0327 2216  hkmsvc - ok
10:09:24.0342 2216  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:09:24.0342 2216  HomeGroupListener - ok
10:09:24.0358 2216  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:09:24.0358 2216  HomeGroupProvider - ok
10:09:24.0374 2216  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:09:24.0374 2216  HpSAMD - ok
10:09:24.0405 2216  [ 93C367EA831FB39DEE3BA96539A187FB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:09:24.0405 2216  HTTP - ok
10:09:24.0420 2216  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:09:24.0420 2216  hwpolicy - ok
10:09:24.0452 2216  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:09:24.0452 2216  i8042prt - ok
10:09:24.0483 2216  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:09:24.0483 2216  iaStorV - ok
10:09:24.0514 2216  [ C98A5B9D932430AD8EEBD3EF73756EF7 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:09:24.0530 2216  idsvc - ok
10:09:24.0530 2216  IEEtwCollectorService - ok
10:09:24.0561 2216  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:09:24.0561 2216  iirsp - ok
10:09:24.0576 2216  [ 25AF7D5C819F19D7C97F4A9607F2609A ] IKEEXT          C:\Windows\System32\ikeext.dll
10:09:24.0576 2216  IKEEXT - ok
10:09:24.0654 2216  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:09:24.0717 2216  IntcAzAudAddService - ok
10:09:24.0732 2216  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:09:24.0748 2216  intelide - ok
10:09:24.0764 2216  [ EFD9FD12D2C2C1663ACD21F29536FF25 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
10:09:24.0764 2216  intelppm - ok
10:09:24.0779 2216  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:09:24.0779 2216  IPBusEnum - ok
10:09:24.0795 2216  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:09:24.0795 2216  IpFilterDriver - ok
10:09:24.0810 2216  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:09:24.0826 2216  iphlpsvc - ok
10:09:24.0826 2216  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:09:24.0826 2216  IPMIDRV - ok
10:09:24.0842 2216  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:09:24.0842 2216  IPNAT - ok
10:09:24.0857 2216  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:09:24.0857 2216  IRENUM - ok
10:09:24.0873 2216  [ 905E9D664F38B93B53FA05422165F5B5 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:09:24.0873 2216  isapnp - ok
10:09:24.0888 2216  [ 96BB922A0981BC7432C8CF52B5410FE6 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:09:24.0888 2216  iScsiPrt - ok
10:09:24.0920 2216  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:09:24.0920 2216  kbdclass - ok
10:09:24.0920 2216  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:09:24.0920 2216  kbdhid - ok
10:09:24.0935 2216  [ 4DC3966AAD03A89102ED0156EC6A9E95 ] KeyIso          C:\Windows\system32\lsass.exe
10:09:24.0935 2216  KeyIso - ok
10:09:24.0951 2216  [ 523FF868A36F2287EF2402BAFBB9E5EF ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:09:24.0951 2216  KSecDD - ok
10:09:24.0951 2216  [ 59E7C73F199A109DE80FF4646EE1ED1F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:09:24.0951 2216  KSecPkg - ok
10:09:24.0966 2216  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:09:24.0966 2216  ksthunk - ok
10:09:24.0998 2216  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:09:24.0998 2216  KtmRm - ok
10:09:25.0013 2216  [ E65118228501478C4630BC96F2E1C876 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:09:25.0029 2216  LanmanServer - ok
10:09:25.0029 2216  [ 01C95A8CAE16CCF1EA1181395C872B9F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:09:25.0029 2216  LanmanWorkstation - ok
10:09:25.0044 2216  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:09:25.0044 2216  lltdio - ok
10:09:25.0060 2216  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:09:25.0060 2216  lltdsvc - ok
10:09:25.0060 2216  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:09:25.0076 2216  lmhosts - ok
10:09:25.0091 2216  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:09:25.0091 2216  LSI_FC - ok
10:09:25.0091 2216  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:09:25.0091 2216  LSI_SAS - ok
10:09:25.0107 2216  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:09:25.0107 2216  LSI_SAS2 - ok
10:09:25.0122 2216  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:09:25.0122 2216  LSI_SCSI - ok
10:09:25.0154 2216  [ 5416CEB2916BBE635288C4D1075B045E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:09:25.0154 2216  luafv - ok
10:09:25.0185 2216  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
10:09:25.0185 2216  MBfilt - ok
10:09:25.0200 2216  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:09:25.0200 2216  Mcx2Svc - ok
10:09:25.0216 2216  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:09:25.0216 2216  megasas - ok
10:09:25.0232 2216  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:09:25.0232 2216  MegaSR - ok
10:09:25.0263 2216  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:09:25.0263 2216  MEIx64 - ok
10:09:25.0278 2216  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:09:25.0278 2216  MMCSS - ok
10:09:25.0310 2216  [ C3786C8607B1F1BAF029B2F588ADAE65 ] Mobile Broadband HL Service C:\Program Files (x86)\MobileBrServ\mbbservice.exe
10:09:25.0310 2216  Mobile Broadband HL Service - ok
10:09:25.0325 2216  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:09:25.0325 2216  Modem - ok
10:09:25.0341 2216  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:09:25.0341 2216  monitor - ok
10:09:25.0372 2216  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
10:09:25.0372 2216  mouclass - ok
10:09:25.0388 2216  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:09:25.0388 2216  mouhid - ok
10:09:25.0419 2216  [ 072D8646E23ECF8A3F5F0157017B4DB6 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:09:25.0419 2216  mountmgr - ok
10:09:25.0434 2216  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:09:25.0434 2216  mpio - ok
10:09:25.0450 2216  [ 3F829492638A86A3C4E0BB06778F0C23 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:09:25.0450 2216  mpsdrv - ok
10:09:25.0481 2216  [ C7A8706D5536D9BE35396C0116CAA8EE ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:09:25.0497 2216  MpsSvc - ok
10:09:25.0512 2216  [ 98DB1790F0A584E0A2528B92B052417F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:09:25.0512 2216  MRxDAV - ok
10:09:25.0528 2216  [ D8FE82385B0D8C0C195B20A8CA029136 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:09:25.0528 2216  mrxsmb - ok
10:09:25.0559 2216  [ 3CF8C21F6C8143CEEF7EC2AF10674182 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:09:25.0559 2216  mrxsmb10 - ok
10:09:25.0590 2216  [ D0C02AC405C333954FE4C443849FB9AD ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:09:25.0590 2216  mrxsmb20 - ok
10:09:25.0606 2216  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:09:25.0606 2216  msahci - ok
10:09:25.0622 2216  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:09:25.0622 2216  msdsm - ok
10:09:25.0637 2216  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:09:25.0637 2216  MSDTC - ok
10:09:25.0653 2216  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:09:25.0653 2216  Msfs - ok
10:09:25.0653 2216  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:09:25.0653 2216  mshidkmdf - ok
10:09:25.0684 2216  [ 6FE3DBEEA730A857CA3DF603B7DEADA2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:09:25.0684 2216  msisadrv - ok
10:09:25.0700 2216  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:09:25.0700 2216  MSiSCSI - ok
10:09:25.0700 2216  msiserver - ok
10:09:25.0715 2216  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:09:25.0715 2216  MSKSSRV - ok
10:09:25.0731 2216  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:09:25.0731 2216  MSPCLOCK - ok
10:09:25.0746 2216  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:09:25.0746 2216  MSPQM - ok
10:09:25.0778 2216  [ 94275393BB85D1E2B74BFEFEC386B4A0 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:09:25.0778 2216  MsRPC - ok
10:09:25.0809 2216  [ 1FC0BF25FFCB9F751BCBC6C6AC577078 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:09:25.0809 2216  mssmbios - ok
10:09:25.0824 2216  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:09:25.0824 2216  MSTEE - ok
10:09:25.0840 2216  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:09:25.0840 2216  MTConfig - ok
10:09:25.0856 2216  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:09:25.0856 2216  Mup - ok
10:09:25.0871 2216  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:09:25.0887 2216  napagent - ok
10:09:25.0918 2216  [ 9FB2A095B1166CB3C9A06651863B3452 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:09:25.0918 2216  NativeWifiP - ok
10:09:25.0965 2216  [ CBE5C2A3353A367734989E335D6AF194 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:09:25.0965 2216  NDIS - ok
10:09:25.0980 2216  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:09:25.0980 2216  NdisCap - ok
10:09:26.0027 2216  [ 3F217F77899654833B650ED6A1372BE4 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:09:26.0027 2216  NdisTapi - ok
10:09:26.0043 2216  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:09:26.0043 2216  Ndisuio - ok
10:09:26.0043 2216  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:09:26.0058 2216  NdisWan - ok
10:09:26.0058 2216  [ E46AF308E96F7730F59B0F250A884CD6 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:09:26.0058 2216  NDProxy - ok
10:09:26.0074 2216  [ 2E19EB10185992AB08BC3688AACA4CE2 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:09:26.0074 2216  NetBIOS - ok
10:09:26.0105 2216  [ 734837208CAFD6E0959A7A0333C95C9D ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:09:26.0105 2216  NetBT - ok
10:09:26.0121 2216  [ 4DC3966AAD03A89102ED0156EC6A9E95 ] Netlogon        C:\Windows\system32\lsass.exe
10:09:26.0121 2216  Netlogon - ok
10:09:26.0121 2216  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:09:26.0136 2216  Netman - ok
10:09:26.0168 2216  [ C986B84B68DDA3EECB65F4C330175522 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:09:26.0168 2216  NetMsmqActivator - ok
10:09:26.0168 2216  [ C986B84B68DDA3EECB65F4C330175522 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:09:26.0168 2216  NetPipeActivator - ok
10:09:26.0183 2216  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:09:26.0183 2216  netprofm - ok
10:09:26.0183 2216  [ C986B84B68DDA3EECB65F4C330175522 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:09:26.0183 2216  NetTcpActivator - ok
10:09:26.0183 2216  [ C986B84B68DDA3EECB65F4C330175522 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:09:26.0183 2216  NetTcpPortSharing - ok
10:09:26.0199 2216  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:09:26.0199 2216  nfrd960 - ok
10:09:26.0214 2216  [ 93DEDBE8E24F31962755E6AA4AC2D7B0 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:09:26.0230 2216  NlaSvc - ok
10:09:26.0230 2216  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:09:26.0230 2216  Npfs - ok
10:09:26.0261 2216  [ 668B9EFF5CCA4542F435D2CD9CE3C778 ] nsi             C:\Windows\system32\nsisvc.dll
10:09:26.0261 2216  nsi - ok
10:09:26.0277 2216  [ BE313E566EEA2A4B7F9AAC9782A567D4 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:09:26.0277 2216  nsiproxy - ok
10:09:26.0324 2216  [ 854121FF6840DB681910D072F92640B7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:09:26.0324 2216  Ntfs - ok
10:09:26.0339 2216  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:09:26.0339 2216  Null - ok
10:09:26.0386 2216  [ 6DD0B2337F74336EB1F83C3866538F9B ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:09:26.0386 2216  NVHDA - ok
10:09:26.0573 2216  [ 81AAC25D5AF2948D54EC05FDF782510E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:26.0714 2216  nvlddmkm - ok
10:09:26.0745 2216  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:09:26.0745 2216  nvraid - ok
10:09:26.0760 2216  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:09:26.0760 2216  nvstor - ok
10:09:26.0807 2216  [ 761606769993B60A78F5F260CD33CD0B ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
10:09:26.0807 2216  NvStreamKms - ok
10:09:26.0838 2216  [ 45769A6DF3404F0365AEC037E3214F1B ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
10:09:26.0838 2216  NvTelemetryContainer - ok
10:09:26.0838 2216  [ CC96143828750E44313B9412694FE0E0 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
10:09:26.0838 2216  nvvad_WaveExtensible - ok
10:09:26.0854 2216  [ 7ED39FCEB91F0F93897349A4748699EA ] nvvhci          C:\Windows\system32\DRIVERS\nvvhci.sys
10:09:26.0854 2216  nvvhci - ok
10:09:26.0870 2216  [ 7425A6B64F5D37D0565F2581B886E5E3 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:09:26.0870 2216  nv_agp - ok
10:09:26.0885 2216  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:09:26.0885 2216  ohci1394 - ok
10:09:26.0948 2216  [ E6486E462462364DAFA807FD3A88E6C6 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:09:26.0948 2216  ose - ok
10:09:27.0026 2216  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:09:27.0057 2216  osppsvc - ok
10:09:27.0072 2216  [ 64FB16C5849444F0CFD403C83D9579A1 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:09:27.0088 2216  p2pimsvc - ok
10:09:27.0088 2216  [ 79DB2B358BF0B152F15D1C5A525233BD ] p2psvc          C:\Windows\system32\p2psvc.dll
10:09:27.0104 2216  p2psvc - ok
10:09:27.0119 2216  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
10:09:27.0119 2216  Parport - ok
10:09:27.0135 2216  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:09:27.0135 2216  partmgr - ok
10:09:27.0166 2216  [ 3CD83692C43D87088E85E3C916146FFB ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:09:27.0166 2216  PcaSvc - ok
10:09:27.0197 2216  [ 481DADB90C1D4E9F19328079C7A9E63D ] pci             C:\Windows\system32\drivers\pci.sys
10:09:27.0197 2216  pci - ok
10:09:27.0213 2216  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:09:27.0213 2216  pciide - ok
10:09:27.0228 2216  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:09:27.0228 2216  pcmcia - ok
10:09:27.0244 2216  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:09:27.0244 2216  pcw - ok
10:09:27.0260 2216  [ EA4D67448BE493D543F1730D6CD04694 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:09:27.0260 2216  PEAUTH - ok
10:09:27.0275 2216  [ C59E17D5E30972ECA28A72004795AEA7 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:09:27.0291 2216  PeerDistSvc - ok
10:09:27.0338 2216  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:09:27.0338 2216  PerfHost - ok
10:09:27.0384 2216  [ BC5F8C5C7ACCD0B884FCB8B67616F537 ] pla             C:\Windows\system32\pla.dll
10:09:27.0384 2216  pla - ok
10:09:27.0416 2216  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:09:27.0431 2216  PlugPlay - ok
10:09:27.0447 2216  PnkBstrA - ok
10:09:27.0462 2216  PnkBstrB - ok
10:09:27.0478 2216  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:09:27.0478 2216  PNRPAutoReg - ok
10:09:27.0478 2216  [ 64FB16C5849444F0CFD403C83D9579A1 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:09:27.0478 2216  PNRPsvc - ok
10:09:27.0509 2216  [ 80D6B0563ED2BF10656B1D4748331082 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:09:27.0509 2216  PolicyAgent - ok
10:09:27.0525 2216  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:09:27.0525 2216  Power - ok
10:09:27.0556 2216  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:09:27.0556 2216  PptpMiniport - ok
10:09:27.0572 2216  [ D7B62857ACE71B5911EEBBAB3303A7D0 ] Processor       C:\Windows\system32\drivers\processr.sys
10:09:27.0572 2216  Processor - ok
10:09:27.0603 2216  [ B6A58491307B4CADA572583D863DC602 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:09:27.0603 2216  ProfSvc - ok
10:09:27.0618 2216  [ 4DC3966AAD03A89102ED0156EC6A9E95 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:09:27.0618 2216  ProtectedStorage - ok
10:09:27.0650 2216  [ 4CE827A5433451551E99C2C1D20E4A43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:09:27.0650 2216  Psched - ok
10:09:27.0681 2216  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:09:27.0696 2216  ql2300 - ok
10:09:27.0696 2216  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:09:27.0696 2216  ql40xx - ok
10:09:27.0712 2216  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:09:27.0712 2216  QWAVE - ok
10:09:27.0728 2216  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:09:27.0728 2216  QWAVEdrv - ok
10:09:27.0743 2216  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:09:27.0743 2216  RasAcd - ok
10:09:27.0759 2216  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:09:27.0759 2216  RasAgileVpn - ok
10:09:27.0774 2216  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:09:27.0774 2216  RasAuto - ok
10:09:27.0774 2216  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:27.0774 2216  Rasl2tp - ok
10:09:27.0790 2216  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:09:27.0790 2216  RasMan - ok
10:09:27.0806 2216  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:27.0806 2216  RasPppoe - ok
10:09:27.0821 2216  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:09:27.0821 2216  RasSstp - ok
10:09:27.0837 2216  [ FB45727105E27756B3252572A138FA19 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:09:27.0837 2216  rdbss - ok
10:09:27.0852 2216  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:09:27.0852 2216  rdpbus - ok
10:09:27.0868 2216  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:27.0868 2216  RDPCDD - ok
10:09:27.0884 2216  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:09:27.0884 2216  RDPDR - ok
10:09:27.0899 2216  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:09:27.0899 2216  RDPENCDD - ok
10:09:27.0915 2216  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:09:27.0915 2216  RDPREFMP - ok
10:09:27.0930 2216  [ 4D3B50366F453BF1D17CB3DD72A024FF ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:09:27.0930 2216  RdpVideoMiniport - ok
10:09:27.0946 2216  [ FE571E088C2D83619D2D48D4E961BF41 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:09:27.0946 2216  RDPWD - ok
10:09:27.0962 2216  [ F4287A980C0AA41DE3073F053E5EA73C ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:09:27.0962 2216  rdyboost - ok
10:09:27.0977 2216  [ 0301EEE83B03229F555C6F8025FB5540 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:09:27.0977 2216  RemoteAccess - ok
10:09:27.0993 2216  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:09:28.0008 2216  RemoteRegistry - ok
10:09:28.0008 2216  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:09:28.0008 2216  RpcEptMapper - ok
10:09:28.0024 2216  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:09:28.0024 2216  RpcLocator - ok
10:09:28.0055 2216  [ 43CCB07A71347064695B8852492DA126 ] RpcSs           C:\Windows\system32\rpcss.dll
10:09:28.0055 2216  RpcSs - ok
10:09:28.0055 2216  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:09:28.0071 2216  rspndr - ok
10:09:28.0102 2216  [ 439F755B450CF66B139742CA32AACF9F ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:09:28.0102 2216  RTL8167 - ok
10:09:28.0196 2216  [ BEB0DAD9C90A87F43270571A6E94C5DD ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
10:09:28.0242 2216  RtlWlanu - ok
10:09:28.0258 2216  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:09:28.0258 2216  s3cap - ok
10:09:28.0274 2216  [ 4DC3966AAD03A89102ED0156EC6A9E95 ] SamSs           C:\Windows\system32\lsass.exe
10:09:28.0274 2216  SamSs - ok
10:09:28.0289 2216  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:09:28.0289 2216  sbp2port - ok
10:09:28.0305 2216  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:09:28.0305 2216  SCardSvr - ok
10:09:28.0320 2216  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:09:28.0320 2216  scfilter - ok
10:09:28.0352 2216  [ F4F316BD846A5CDF84FBF487D4B9AFF6 ] Schedule        C:\Windows\system32\schedsvc.dll
10:09:28.0367 2216  Schedule - ok
10:09:28.0367 2216  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:09:28.0367 2216  SCPolicySvc - ok
10:09:28.0367 2216  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:09:28.0367 2216  SDRSVC - ok
10:09:28.0383 2216  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:09:28.0383 2216  secdrv - ok
10:09:28.0414 2216  [ A19623BDD61E66A12AB53992002B4F3A ] seclogon        C:\Windows\system32\seclogon.dll
10:09:28.0414 2216  seclogon - ok
10:09:28.0430 2216  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:09:28.0430 2216  SENS - ok
10:09:28.0430 2216  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:09:28.0430 2216  SensrSvc - ok
10:09:28.0461 2216  [ B45B49C37B7FAF3B60E3DD30D7B6FAF3 ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl64.sys
10:09:28.0461 2216  Ser2pl - ok
10:09:28.0476 2216  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:09:28.0476 2216  Serenum - ok
10:09:28.0492 2216  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:09:28.0492 2216  Serial - ok
10:09:28.0523 2216  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:09:28.0523 2216  sermouse - ok
10:09:28.0539 2216  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:09:28.0539 2216  SessionEnv - ok
10:09:28.0554 2216  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:09:28.0554 2216  sffdisk - ok
10:09:28.0554 2216  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:09:28.0554 2216  sffp_mmc - ok
10:09:28.0570 2216  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:09:28.0570 2216  sffp_sd - ok
10:09:28.0570 2216  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:09:28.0570 2216  sfloppy - ok
10:09:28.0601 2216  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:09:28.0601 2216  SharedAccess - ok
10:09:28.0601 2216  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:09:28.0617 2216  ShellHWDetection - ok
10:09:28.0617 2216  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:09:28.0617 2216  SiSRaid2 - ok
10:09:28.0632 2216  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:09:28.0632 2216  SiSRaid4 - ok
10:09:28.0648 2216  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:09:28.0648 2216  Smb - ok
10:09:28.0664 2216  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:09:28.0664 2216  SNMPTRAP - ok
10:09:28.0679 2216  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:09:28.0679 2216  spldr - ok
10:09:28.0695 2216  [ 8003D39B386EDCCFB08DC21AACC0683A ] Spooler         C:\Windows\System32\spoolsv.exe
10:09:28.0710 2216  Spooler - ok
10:09:28.0742 2216  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:09:28.0788 2216  sppsvc - ok
10:09:28.0788 2216  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:09:28.0788 2216  sppuinotify - ok
10:09:28.0820 2216  [ 1145EC013B72D4E6C60497707BB1A4B6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:09:28.0820 2216  srv - ok
10:09:28.0835 2216  [ 2D8FFA3B636368130F909E0CD935B555 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:09:28.0835 2216  srv2 - ok
10:09:28.0851 2216  [ 4B1C343E11065819F687EAC68A5E13F3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:09:28.0851 2216  srvnet - ok
10:09:28.0866 2216  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:09:28.0866 2216  SSDPSRV - ok
10:09:28.0866 2216  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:09:28.0882 2216  SstpSvc - ok
10:09:28.0913 2216  [ F0B59ADCD06BCEB9D47311B7041CA2C9 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
10:09:28.0913 2216  ssudmdm - ok
10:09:28.0929 2216  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:09:28.0929 2216  stexstor - ok
10:09:28.0944 2216  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:09:28.0944 2216  stisvc - ok
10:09:28.0960 2216  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:09:28.0960 2216  storflt - ok
10:09:28.0976 2216  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:09:28.0976 2216  storvsc - ok
10:09:29.0007 2216  [ 10DCD3BDFA785E1482EC02304A7E9B96 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:09:29.0007 2216  swenum - ok
10:09:29.0022 2216  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:09:29.0022 2216  swprv - ok
10:09:29.0038 2216  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
10:09:29.0038 2216  Synth3dVsc - ok
10:09:29.0054 2216  [ 15CF7B24AA64FE958CAEA00274838B1C ] SysMain         C:\Windows\system32\sysmain.dll
10:09:29.0069 2216  SysMain - ok
10:09:29.0100 2216  [ AD359C53941A6AC57FB935E7E9F1D16E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:09:29.0100 2216  TabletInputService - ok
10:09:29.0116 2216  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:09:29.0116 2216  TapiSrv - ok
10:09:29.0147 2216  [ F9EE4B0C1783FB393B28CC93121117FE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:09:29.0163 2216  Tcpip - ok
10:09:29.0178 2216  [ F9EE4B0C1783FB393B28CC93121117FE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:09:29.0194 2216  TCPIP6 - ok
10:09:29.0210 2216  [ 7FE5586314EE7D6AA8483264A089E5AF ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:09:29.0210 2216  tcpipreg - ok
10:09:29.0225 2216  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:09:29.0225 2216  TDPIPE - ok
10:09:29.0241 2216  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:09:29.0241 2216  TDTCP - ok
10:09:29.0272 2216  [ 4DD986720F7CB7A8A5D1226793097B9A ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:09:29.0272 2216  tdx - ok
10:09:29.0288 2216  [ AC24D7A7D9EEDE11E2926F9001BEAFB5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:09:29.0288 2216  TermDD - ok
10:09:29.0303 2216  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
10:09:29.0303 2216  terminpt - ok
10:09:29.0319 2216  [ 67772797BCC49EBF4B5A1519C88A80D4 ] TermService     C:\Windows\System32\termsrv.dll
10:09:29.0334 2216  TermService - ok
10:09:29.0334 2216  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:09:29.0350 2216  Themes - ok
10:09:29.0366 2216  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:09:29.0366 2216  THREADORDER - ok
10:09:29.0366 2216  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:09:29.0366 2216  TrkWks - ok
10:09:29.0412 2216  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:09:29.0412 2216  TrustedInstaller - ok
10:09:29.0428 2216  [ 2CF58216424757ED29605B4F18EC443C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:29.0428 2216  tssecsrv - ok
10:09:29.0444 2216  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:09:29.0444 2216  TsUsbFlt - ok
10:09:29.0459 2216  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:09:29.0459 2216  TsUsbGD - ok
10:09:29.0475 2216  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
10:09:29.0475 2216  tsusbhub - ok
10:09:29.0490 2216  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:09:29.0490 2216  tunnel - ok
10:09:29.0506 2216  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:09:29.0506 2216  uagp35 - ok
10:09:29.0506 2216  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:09:29.0522 2216  udfs - ok
10:09:29.0522 2216  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:09:29.0537 2216  UI0Detect - ok
10:09:29.0553 2216  [ B70E26A57F35ECA5199E6D6B9592A67C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:09:29.0553 2216  uliagpkx - ok
10:09:29.0553 2216  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:09:29.0553 2216  umbus - ok
10:09:29.0568 2216  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:09:29.0568 2216  UmPass - ok
10:09:29.0584 2216  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
10:09:29.0584 2216  UmRdpService - ok
10:09:29.0600 2216  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:09:29.0600 2216  upnphost - ok
10:09:29.0631 2216  [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:09:29.0631 2216  usbaudio - ok
10:09:29.0662 2216  [ E6DFE1F33B1250A6E26EA6F6CE10B09C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:29.0662 2216  usbccgp - ok
10:09:29.0678 2216  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:09:29.0678 2216  usbcir - ok
10:09:29.0693 2216  [ 234F9E56606CE5D1549DE7D4CCA4DE0C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:09:29.0693 2216  usbehci - ok
10:09:29.0724 2216  [ 0A33C9EC6822B24E26687F1EC6346922 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
10:09:29.0724 2216  usbhub - ok
10:09:29.0756 2216  [ 9C456BFD0FF50CB5B7ECDA7B7529F63B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:09:29.0756 2216  usbohci - ok
10:09:29.0771 2216  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:09:29.0771 2216  usbprint - ok
10:09:29.0802 2216  [ 2C42E595E7E381596B9A14F88F5AE027 ] usbrndis6       C:\Windows\system32\DRIVERS\usb80236.sys
10:09:29.0802 2216  usbrndis6 - ok
10:09:29.0802 2216  [ D029DD09E22EB24318A8FC3D8138BA43 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:09:29.0802 2216  USBSTOR - ok
10:09:29.0834 2216  [ 3C1D50EBDC6F531C0AA905D71956E106 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:09:29.0834 2216  usbuhci - ok
10:09:29.0834 2216  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
10:09:29.0834 2216  usb_rndisx - ok
10:09:29.0849 2216  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:09:29.0849 2216  UxSms - ok
10:09:29.0880 2216  [ 5662A7DA81CE13313D2E2A7929CAFEC4 ] V0420VID        C:\Windows\system32\DRIVERS\V0420Vid.sys
10:09:29.0880 2216  V0420VID - ok
10:09:29.0880 2216  [ 4DC3966AAD03A89102ED0156EC6A9E95 ] VaultSvc        C:\Windows\system32\lsass.exe
10:09:29.0880 2216  VaultSvc - ok
10:09:29.0927 2216  [ D3F37EDC077DAFEC2ECAF472DC697476 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
10:09:29.0927 2216  VBoxNetAdp - ok
10:09:29.0943 2216  [ 7BDCE021786C3DCCFD2C22EBF643EE36 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:09:29.0943 2216  vdrvroot - ok
10:09:29.0958 2216  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:09:29.0958 2216  vds - ok
10:09:29.0974 2216  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:29.0974 2216  vga - ok
10:09:29.0990 2216  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:09:29.0990 2216  VgaSave - ok
10:09:29.0990 2216  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:09:30.0005 2216  vhdmp - ok
10:09:30.0005 2216  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:09:30.0005 2216  viaide - ok
10:09:30.0036 2216  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:09:30.0036 2216  vmbus - ok
10:09:30.0036 2216  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:09:30.0036 2216  VMBusHID - ok
10:09:30.0052 2216  [ 8EDE91FBAC7BF7605323C517C717A253 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:09:30.0052 2216  volmgr - ok
10:09:30.0083 2216  [ 85C5468BC395819AE2A0C747334BA14C ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:09:30.0099 2216  volmgrx - ok
10:09:30.0099 2216  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:09:30.0099 2216  volsnap - ok
10:09:30.0114 2216  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:09:30.0114 2216  vsmraid - ok
10:09:30.0146 2216  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:09:30.0161 2216  VSS - ok
10:09:30.0161 2216  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:09:30.0161 2216  vwifibus - ok
10:09:30.0177 2216  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:09:30.0177 2216  vwififlt - ok
10:09:30.0192 2216  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:09:30.0192 2216  W32Time - ok
10:09:30.0208 2216  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:09:30.0208 2216  WacomPen - ok
10:09:30.0224 2216  [ DC4CB3626E7423B9D83CF1B4857FDF15 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:09:30.0224 2216  WANARP - ok
10:09:30.0239 2216  [ DC4CB3626E7423B9D83CF1B4857FDF15 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:09:30.0239 2216  Wanarpv6 - ok
10:09:30.0270 2216  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:09:30.0286 2216  WatAdminSvc - ok
10:09:30.0317 2216  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:09:30.0317 2216  wbengine - ok
10:09:30.0348 2216  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:09:30.0348 2216  WbioSrvc - ok
10:09:30.0364 2216  [ 79E3903FD75A22386326B542F17A2563 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:09:30.0364 2216  wcncsvc - ok
10:09:30.0395 2216  [ 35050F01D00E7E72A2449EB6F9ABF8B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:09:30.0395 2216  WcsPlugInService - ok
10:09:30.0395 2216  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
10:09:30.0395 2216  Wd - ok
10:09:30.0411 2216  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:09:30.0426 2216  Wdf01000 - ok
10:09:30.0426 2216  [ C6F7473B55510F0B93961DA03D8E3B38 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:09:30.0442 2216  WdiServiceHost - ok
10:09:30.0442 2216  [ C6F7473B55510F0B93961DA03D8E3B38 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:09:30.0442 2216  WdiSystemHost - ok
10:09:30.0458 2216  [ EE841B6D1F2B9508D3ABAE52AC05A94F ] WebClient       C:\Windows\System32\webclnt.dll
10:09:30.0458 2216  WebClient - ok
10:09:30.0473 2216  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:09:30.0473 2216  Wecsvc - ok
10:09:30.0473 2216  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:09:30.0473 2216  wercplsupport - ok
10:09:30.0489 2216  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:09:30.0489 2216  WerSvc - ok
10:09:30.0489 2216  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:09:30.0489 2216  WfpLwf - ok
10:09:30.0489 2216  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:09:30.0489 2216  WIMMount - ok
10:09:30.0520 2216  WinDefend - ok
10:09:30.0520 2216  WinHttpAutoProxySvc - ok
10:09:30.0567 2216  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:09:30.0567 2216  Winmgmt - ok
10:09:30.0598 2216  [ EBDA1B0F15CB9B2CBCC6C94824E4E054 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:09:30.0614 2216  WinRM - ok
10:09:30.0629 2216  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:09:30.0629 2216  WinUsb - ok
10:09:30.0676 2216  [ 4B7912EB80820EAC543EE54806EFCAF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:09:30.0676 2216  Wlansvc - ok
10:09:30.0707 2216  [ 43471A750D4F3918AC92F5131AE252D3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:09:30.0707 2216  WmiAcpi - ok
10:09:30.0738 2216  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:09:30.0738 2216  wmiApSrv - ok
10:09:30.0738 2216  WMPNetworkSvc - ok
10:09:30.0738 2216  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:09:30.0738 2216  WPCSvc - ok
10:09:30.0738 2216  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:09:30.0754 2216  WPDBusEnum - ok
10:09:30.0754 2216  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:09:30.0754 2216  ws2ifsl - ok
10:09:30.0770 2216  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:09:30.0770 2216  wscsvc - ok
10:09:30.0770 2216  WSearch - ok
10:09:30.0832 2216  [ 0A2E5059B5775E7DBBE05B8156ECE0C6 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:09:30.0848 2216  wuauserv - ok
10:09:30.0863 2216  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:09:30.0863 2216  WudfPf - ok
10:09:30.0879 2216  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:30.0894 2216  WUDFRd - ok
10:09:30.0894 2216  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:09:30.0910 2216  wudfsvc - ok
10:09:30.0926 2216  [ 04F82965C09CBDF646B487E145060301 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:09:30.0926 2216  WwanSvc - ok
10:09:30.0957 2216  ================ Scan global ===============================
10:09:30.0972 2216  [ 168EA9CD9BD6056BB6F60B57D5304BBE ] C:\Windows\system32\basesrv.dll
10:09:31.0004 2216  [ C11ED023F42C92CD3245A3810A377DFA ] C:\Windows\system32\winsrv.dll
10:09:31.0004 2216  [ C11ED023F42C92CD3245A3810A377DFA ] C:\Windows\system32\winsrv.dll
10:09:31.0035 2216  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:09:31.0050 2216  [ 71C85477DF9347FE8E7BC55768473FCA ] C:\Windows\system32\services.exe
10:09:31.0050 2216  [Global] - ok
10:09:31.0050 2216  ================ Scan MBR ==================================
10:09:31.0066 2216  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:09:31.0487 2216  \Device\Harddisk0\DR0 - ok
10:09:31.0487 2216  ================ Scan VBR ==================================
10:09:31.0503 2216  [ 20E67F2BBFCCF7E943E9DDCBF3204E11 ] \Device\Harddisk0\DR0\Partition1
10:09:31.0503 2216  \Device\Harddisk0\DR0\Partition1 - ok
10:09:31.0518 2216  [ BE21AC0DD8508D95BCDBB5035AE03D98 ] \Device\Harddisk0\DR0\Partition2
10:09:31.0518 2216  \Device\Harddisk0\DR0\Partition2 - ok
10:09:31.0518 2216  [ 1979A8FEC3C951A5D0FA7ACC79EB3B32 ] \Device\Harddisk0\DR0\Partition3
10:09:31.0534 2216  \Device\Harddisk0\DR0\Partition3 - ok
10:09:31.0534 2216  ============================================================
10:09:31.0534 2216  Scan finished
10:09:31.0534 2216  ============================================================
10:09:31.0534 3112  Detected object count: 0
10:09:31.0534 3112  Actual detected object count: 0

aswMBR:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-10-11 00:32:30
-----------------------------
00:32:30.849    OS Version: Windows x64 6.1.7601 Service Pack 1
00:32:30.849    Number of processors: 4 586 0x2A07
00:32:30.849    ComputerName: LUGI-PC  UserName: Lugi
00:32:31.239    Initialize success
00:32:31.255    VM: initialized successfully
00:32:31.255    VM: Intel CPU BiosDisabled 
00:33:14.288    AVAST engine defs: 17030301
00:33:16.114    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:33:16.114    Disk 0 Vendor: ST1000DM010-2EP102 CC43 Size: 953869MB BusType: 3
00:33:16.207    Disk 0 MBR read successfully
00:33:16.207    Disk 0 MBR scan
00:33:16.223    Disk 0 Windows 7 default MBR code
00:33:16.238    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:33:16.238    Disk 0 Boot: NTFS     code=1
00:33:16.238    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       204800 MB offset 206848
00:33:16.270    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       748967 MB offset 419637248
00:33:16.301    Disk 0 scanning C:\Windows\system32\drivers
00:33:32.150    Service scanning
00:34:47.483    Modules scanning
00:34:47.483    Disk 0 trace - called modules:
00:34:47.499    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 
00:34:47.514    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e42060]
00:34:47.514    3 CLASSPNP.SYS[fffff880018e343f] -> nt!IofCallDriver -> [0xfffffa8007b91520]
00:34:47.514    5 ACPI.sys[fffff88000f617a5] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b8d680]
00:34:55.564    AVAST engine scan C:\Windows
00:35:02.459    AVAST engine scan C:\Windows\system32
00:39:59.192    AVAST engine scan C:\Windows\system32\drivers
00:40:15.213    AVAST engine scan C:\Users\Lugi
01:38:51.069    AVAST engine scan C:\ProgramData
01:40:29.880    Disk 0 statistics 7904902/0/0 @ 1.12 MB/s
01:40:29.896    Scan finished successfully
10:07:43.240    Disk 0 MBR has been saved successfully to "C:\Users\Lugi\Desktop\MBR.dat"
10:07:43.240    The log file has been saved successfully to "C:\Users\Lugi\Desktop\aswMBR.txt"



Attached Files

  • Attached File  MBR.zip   568bytes   5 downloads


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 AM

Posted 11 October 2018 - 07:55 AM

Hi
===

Many of the Avast Drivers are not working correctly.

Remove Avast following the instructions on this page.
https://www.avast.com/en-ca/uninstall-utility

When completed restart the computer to reset the registry.

Do not reinstall the application just yet. Windows Defender will protect you for now.

How is the computer running?

Please run the Farbar program and post fresh FRST.TXT and Addition.txt logs for my review.
To recreate the Addition.txt make sure the box to create the file is checked.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users