Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU usage after virus removal


  • Please log in to reply
8 replies to this topic

#1 Lugi

Lugi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 August 2018 - 05:54 AM

Hello,

 

about two weeks ago my computer got infected pretty hard, I used HitmanPro and Avast to get rid of the viruses and I thought I did.

Since then it has slowed down substantially, so much that you can even see how the mouse on the desktop is moving choppy, with like 10 FPS.

I tried additional boot time scan, it found a few more viruses, but it didn't fix the performance problem.

 

I tried running FRST in safe mode, and I got some logs, but I don't have a spare PC, so couldn't do it properly.

 

Please help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Lugi (administrator) on LUGI-PC (04-08-2018 12:15:03)
Running from E:\
Loaded Profiles: Lugi (Available Profiles: Lugi & MSSQLSERVER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\cmd.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [V0420Mon.exe] => C:\Windows\V0420Mon.exe [32768 2007-04-30] (Creative Technology Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-04-13] (Sony)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [754176 2016-07-29] (Oracle Corporation)
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {0197d8f2-f083-11e7-82c1-02444b173606} - E:\AutoRun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {364f2b63-21ca-11e7-82be-6c626db42707} - E:\autorun.exe
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\MountPoints2: {364f2b65-21ca-11e7-82be-6c626db42707} - E:\Autorun.exe
AppInit_DLLs: C:\ProgramData\Quoteex\Zummaron.dll => C:\ProgramData\Quoteex\Zummaron.dll [342528 2018-07-15] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{04BFD8FF-CDC3-4094-B588-98ABD9FA3431}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0EE1496B-262C-4FC2-A311-09A8E35BA886}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{1374243A-5E5A-4D01-9EED-7E7419E73344}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1950F0AD-0CD8-4FEB-906A-57A34A8B82E2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{19EACBD0-661E-41F0-A7D9-1FEDEFCE8BCC}: [DhcpNameServer] 62.179.1.62 62.179.1.63
Tcpip\..\Interfaces\{4B97EA35-03B4-4B63-96D9-C91A27B7995D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{92F7CCFC-6273-4DC4-81B6-427AE1327DA4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D15FC7E7-8917-402A-9A58-BBC8F046BE56}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-07-15] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-07-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-03] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-15] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-29] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-29] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,
CHR Profile: C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default [2018-08-04]
CHR Extension: (Prezentacje) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Dysk Google) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
CHR Extension: (YouTube) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
CHR Extension: (uBlock Origin) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-22]
CHR Extension: (Arkusze) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (I don't care about cookies) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2018-08-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-14]
CHR Extension: (AdBlock) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-26]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Tind3r.com - client.) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\olicollicgbjgnialpnmnolopimdccon [2017-05-25]
CHR Extension: (Gmail) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Lugi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-07-15] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-15] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-20] ()
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-07-23] (SurfRight B.V.)
S2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] ()
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39334400 2017-03-18] () [File not signed]
S3 MySQLRouter; C:\Program Files\MySQL\MySQL Router 2.1\bin\mysqlrouter.exe [326144 2017-04-06] () [File not signed]
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-16] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-09-24] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2017-09-24] ()
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2202112 2017-04-13] (Sony) [File not signed]
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-07-15] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-15] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-07-15] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-07-15] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-07-15] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-07-15] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-07-15] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-07-15] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-07-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-07-15] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-07-15] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467064 2018-07-24] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-07-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-07-15] (AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-01-26] (www.winchiphead.com)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-04-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-04-15] (Disc Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2017-05-14] (Sony Mobile Communications)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-16] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-12-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-12-16] (NVIDIA Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4620040 2016-01-04] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation)
S3 ALSysIO; \??\C:\Users\Lugi\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 12:14 - 2018-08-04 12:15 - 000000000 ____D C:\FRST
2018-07-29 13:01 - 2018-07-29 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-24 02:02 - 2018-07-24 02:02 - 000005234 _____ C:\Windows\system32\.crusader
2018-07-24 01:31 - 2018-07-15 16:16 - 000378072 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-07-23 00:59 - 2018-07-24 02:01 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-23 00:59 - 2018-07-23 00:59 - 000001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2018-07-23 00:59 - 2018-07-23 00:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-07-23 00:59 - 2018-07-23 00:59 - 000000000 ____D C:\Program Files\HitmanPro
2018-07-23 00:57 - 2018-07-23 00:57 - 011576808 _____ (SurfRight B.V.) C:\Users\Lugi\Downloads\HitmanPro_x64.exe
2018-07-23 00:52 - 2018-07-23 00:52 - 000193673 _____ C:\Users\Lugi\Downloads\CH340.zip
2018-07-23 00:52 - 2018-07-23 00:52 - 000000000 ____D C:\WCH.CN
2018-07-23 00:52 - 2018-07-23 00:52 - 000000000 ____D C:\Users\Lugi\Downloads\CH340
2018-07-23 00:52 - 2015-01-26 00:00 - 000059904 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S64.SYS
2018-07-23 00:52 - 2015-01-26 00:00 - 000041472 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341SER.SYS
2018-07-23 00:52 - 2008-12-18 00:00 - 000020089 _____ C:\Windows\system32\CH341SER.VXD
2018-07-23 00:52 - 2007-06-12 00:00 - 000019680 _____ (www.winchiphead.com) C:\Windows\system32\Drivers\CH341S98.SYS
2018-07-23 00:52 - 2005-07-30 00:00 - 000006712 _____ (www.winchiphead.com) C:\Windows\system32\CH341PT.DLL
2018-07-21 02:47 - 2018-07-21 02:48 - 000000000 ____D C:\Users\Lugi\Desktop\xd
2018-07-15 21:43 - 2018-07-15 21:54 - 523355054 _____ C:\Users\Lugi\Downloads\Vengeance Future House Vol.4.rar
2018-07-15 21:30 - 2018-07-15 21:31 - 000000000 ____D C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.2
2018-07-15 21:14 - 2018-07-15 21:21 - 454348487 _____ C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.2.rar
2018-07-15 20:59 - 2018-07-15 21:03 - 000000000 ____D C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.1
2018-07-15 20:34 - 2018-07-15 20:40 - 415404692 _____ C:\Users\Lugi\Downloads\Vengeance Essential Clubsounds Vol.1.rar
2018-07-15 20:17 - 2018-07-15 20:17 - 000000000 ____D C:\Users\Lugi\Downloads\yugi_boi_drumkit_revised
2018-07-15 20:15 - 2018-07-15 20:15 - 020121625 _____ C:\Users\Lugi\Downloads\yugi_boi_drumkit_revised.zip
2018-07-15 20:15 - 2018-07-15 20:15 - 000000000 ____D C:\Users\Lugi\Downloads\OWEN J'S MAIN STASH 2.0
2018-07-15 19:36 - 2018-07-15 19:36 - 000000000 ____D C:\Program Files\VSTPlugins
2018-07-15 19:36 - 2018-07-15 19:36 - 000000000 ____D C:\Program Files\Nicky Romero
2018-07-15 19:35 - 2018-07-15 19:35 - 000000000 ____D C:\Users\Lugi\Downloads\Nicky.Romero.Kickstart.v1.0.9.Incl_.Keygen-R2R
2018-07-15 19:34 - 2018-08-02 19:52 - 005170201 _____ C:\Users\Lugi\Downloads\Nicky.Romero.Kickstart.v1.0.9.Incl_.Keygen-R2R.zip
2018-07-15 19:29 - 2018-07-15 19:29 - 000122826 _____ C:\Users\Lugi\Downloads\London On Da Track  Nexus Expansion.zip
2018-07-15 19:29 - 2018-07-15 19:29 - 000000000 ____D C:\Users\Lugi\Downloads\London On Da Track  Nexus Expansion
2018-07-15 19:10 - 2018-07-15 19:10 - 000003032 _____ C:\Windows\System32\Tasks\{2201F696-EAD4-49CC-84E6-719352E68D27}
2018-07-15 14:20 - 2018-07-15 14:20 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\Google
2018-07-15 14:12 - 2018-07-15 14:12 - 000000000 ___HD C:\$AV_ASW
2018-07-15 14:10 - 2018-08-03 22:13 - 000000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
2018-07-15 14:10 - 2018-07-15 14:13 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-07-15 14:10 - 2018-07-15 14:10 - 000003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2018-07-15 14:10 - 2018-07-15 14:10 - 000001933 _____ C:\Users\Lugi\Desktop\PandaViewer.lnk
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\Mozilla
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Users\Lugi\AppData\Local\AdvinstAnalytics
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Program Files (x86)\Uninstall Nexus
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Program Files (x86)\PandaViewer
2018-07-15 14:10 - 2018-07-15 14:10 - 000000000 ____D C:\Program Files (x86)\Manual
2018-07-15 14:10 - 2009-10-24 21:15 - 001332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2018-07-15 14:10 - 2009-10-23 23:00 - 005811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
2018-07-15 14:09 - 2018-07-24 02:02 - 000000000 ____D C:\ProgramData\Quoteex
2018-07-15 14:09 - 2018-07-15 19:35 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-07-15 14:09 - 2018-07-15 14:10 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
2018-07-15 14:09 - 2018-07-15 14:10 - 000000000 ____D C:\ProgramData\Quoteexs
2018-07-15 14:09 - 2018-07-15 14:09 - 007631872 _____ C:\Users\Lugi\AppData\Local\agent.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 001988310 _____ C:\Users\Lugi\AppData\Local\U--Phase.tst
2018-07-15 14:09 - 2018-07-15 14:09 - 000126464 _____ C:\Users\Lugi\AppData\Local\noah.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000070896 _____ C:\Users\Lugi\AppData\Local\Config.xml
2018-07-15 14:09 - 2018-07-15 14:09 - 000018432 _____ C:\Users\Lugi\AppData\Local\Main.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000005568 _____ C:\Users\Lugi\AppData\Local\md.xml
2018-07-15 14:08 - 2018-07-15 14:10 - 000929792 _____ C:\Users\Lugi\AppData\Local\sham.db
2018-07-15 14:08 - 2018-07-15 14:08 - 000140800 _____ C:\Users\Lugi\AppData\Local\installer.dat
2018-07-15 14:08 - 2018-07-15 14:08 - 000016416 _____ C:\Users\Lugi\AppData\Local\InstallationConfiguration.xml
2018-07-15 14:07 - 2018-07-15 14:23 - 000000000 ____D C:\Users\Lugi\AppData\Local\XService
2018-07-15 13:43 - 2018-07-15 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1
2018-07-15 13:43 - 2018-07-15 13:43 - 000000000 ____D C:\Program Files (x86)\Steinberg
2018-07-15 13:29 - 2018-07-15 13:29 - 000000000 ____D C:\Program Files\Steinberg
2018-07-15 13:12 - 2018-07-15 13:51 - 592745962 _____ C:\Users\Lugi\Downloads\OWEN J'S MAIN STASH 2.0.zip
2018-07-15 12:30 - 2018-07-15 12:30 - 000000000 ____D C:\Users\Lugi\Downloads\Crobbins Sample Pack
2018-07-15 12:19 - 2018-07-15 12:28 - 386148703 _____ C:\Users\Lugi\Downloads\Crobbins Sample Pack.rar
2018-07-14 23:30 - 2018-07-15 02:17 - 000000015 _____ C:\Users\Lugi\Desktop\i.txt
2018-07-11 23:26 - 2018-07-30 22:41 - 000000000 ____D C:\Users\Lugi\AppData\LocalLow\uTorrent
2018-07-11 17:48 - 2018-06-21 02:58 - 000398376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 17:48 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-07-11 17:48 - 2018-06-16 19:07 - 025743872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 17:48 - 2018-06-16 18:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 17:48 - 2018-06-16 18:46 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 17:48 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-07-11 17:48 - 2018-06-16 18:33 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 17:48 - 2018-06-16 18:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 17:48 - 2018-06-16 18:31 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 17:48 - 2018-06-16 18:31 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 17:48 - 2018-06-16 18:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 17:48 - 2018-06-16 18:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 17:48 - 2018-06-16 18:27 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 17:48 - 2018-06-16 18:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 17:48 - 2018-06-16 18:23 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 17:48 - 2018-06-16 18:20 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 17:48 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-07-11 17:48 - 2018-06-16 18:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 17:48 - 2018-06-16 18:19 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 17:48 - 2018-06-16 18:19 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 17:48 - 2018-06-16 18:19 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 17:48 - 2018-06-16 18:12 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 17:48 - 2018-06-16 18:08 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 17:48 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-07-11 17:48 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-07-11 17:48 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-07-11 17:48 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-07-11 17:48 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-07-11 17:48 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-07-11 17:48 - 2018-06-16 18:02 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 17:48 - 2018-06-16 18:02 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 17:48 - 2018-06-16 18:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 17:48 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-07-11 17:48 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-07-11 17:48 - 2018-06-16 17:58 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 17:48 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-07-11 17:48 - 2018-06-16 17:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 17:48 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-07-11 17:48 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-07-11 17:48 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-07-11 17:48 - 2018-06-16 17:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 17:48 - 2018-06-16 17:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 17:48 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-07-11 17:48 - 2018-06-16 17:46 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 17:48 - 2018-06-16 17:44 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 17:48 - 2018-06-16 17:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 17:48 - 2018-06-16 17:42 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 17:48 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-07-11 17:48 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-07-11 17:48 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-07-11 17:48 - 2018-06-16 17:40 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 17:48 - 2018-06-16 17:39 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 17:48 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-07-11 17:48 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-07-11 17:48 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-07-11 17:48 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-07-11 17:48 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-07-11 17:48 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-07-11 17:48 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-07-11 17:48 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-07-11 17:48 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-07-11 17:48 - 2018-06-16 17:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 17:48 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-07-11 17:48 - 2018-06-16 17:16 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 17:48 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-07-11 17:48 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-07-11 17:48 - 2018-06-16 17:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 17:48 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-07-11 17:48 - 2018-06-13 18:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 17:48 - 2018-06-13 18:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 17:48 - 2018-06-13 18:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 17:48 - 2018-06-13 18:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 17:48 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-07-11 17:48 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-07-11 17:48 - 2018-06-13 17:40 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 17:48 - 2018-06-08 18:27 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 17:48 - 2018-06-08 18:27 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-11 17:48 - 2018-06-08 18:27 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 17:48 - 2018-06-08 18:27 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 17:48 - 2018-06-08 18:27 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 17:48 - 2018-06-08 18:23 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-07-11 17:48 - 2018-06-08 18:22 - 001665344 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 17:48 - 2018-06-08 18:21 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 17:48 - 2018-06-08 18:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 17:48 - 2018-06-08 18:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-07-11 17:48 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-07-11 17:48 - 2018-06-08 17:57 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-07-11 17:48 - 2018-06-08 17:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:44 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 17:48 - 2018-06-08 17:44 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 17:48 - 2018-06-08 17:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 17:48 - 2018-06-08 17:44 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 17:48 - 2018-06-08 17:43 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 17:48 - 2018-06-08 17:39 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 17:48 - 2018-06-08 17:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 17:48 - 2018-06-08 17:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 17:48 - 2018-06-08 17:34 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 17:48 - 2018-06-08 17:34 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 17:48 - 2018-06-08 17:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 17:48 - 2018-06-08 17:33 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 17:48 - 2018-06-08 17:33 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 17:48 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-07-11 17:48 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2018-07-11 17:48 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-07-11 17:48 - 2018-06-08 17:21 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-07-11 17:48 - 2018-06-08 17:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-07-11 17:48 - 2018-06-08 17:21 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-07-11 17:48 - 2018-06-08 17:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-07-11 17:48 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 17:48 - 2018-06-08 15:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 17:48 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-11 17:48 - 2018-06-07 18:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 17:48 - 2018-06-07 18:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 17:48 - 2018-06-07 18:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 17:48 - 2018-06-07 18:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 17:48 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-07-11 17:48 - 2018-06-07 17:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 17:48 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-07-11 17:48 - 2018-05-31 18:28 - 001893568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 17:48 - 2018-05-31 18:28 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 17:48 - 2018-05-31 18:28 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 17:48 - 2018-05-02 17:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 17:48 - 2018-05-02 17:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 17:48 - 2018-04-26 15:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-11 17:48 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-11 17:48 - 2018-04-25 18:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 17:48 - 2018-04-25 17:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-10 22:58 - 2018-07-29 17:53 - 000000000 ____D C:\Users\Lugi\Prismatik
2018-07-10 22:58 - 2018-07-14 13:11 - 000003870 _____ C:\Windows\System32\Tasks\PsiegUpdateElevate_Prismatik
2018-07-10 22:58 - 2018-07-10 22:58 - 000000824 _____ C:\Users\Public\Desktop\Prismatik (unofficial) 64bit.lnk
2018-07-10 22:58 - 2018-07-10 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prismatik
2018-07-10 22:58 - 2018-07-10 22:58 - 000000000 ____D C:\Program Files\Prismatik
2018-07-10 22:56 - 2018-07-10 22:56 - 009081464 _____ (Patrick Siegler ) C:\Users\Lugi\Downloads\Prismatik.unofficial.64bit.Setup.5.11.2.17.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 12:13 - 2017-07-15 16:17 - 000370276 _____ C:\Windows\ntbtlog.txt
2018-08-04 12:06 - 2009-07-14 07:13 - 000906446 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-04 12:06 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-04 11:53 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-04 11:53 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-04 11:36 - 2017-04-14 14:19 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-04 11:36 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-31 02:46 - 2017-04-14 14:26 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\uTorrent
2018-07-29 13:04 - 2017-05-07 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-29 13:01 - 2017-05-07 14:47 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-29 13:01 - 2017-05-07 14:47 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-29 13:01 - 2017-05-07 14:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-24 20:12 - 2018-03-26 13:03 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-24 20:12 - 2018-03-26 13:03 - 000002386 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-24 02:02 - 2017-05-18 11:02 - 000000000 ____D C:\Windows\AutoKMS
2018-07-24 02:02 - 2017-05-07 15:33 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-07-24 01:33 - 2017-05-09 14:29 - 000467064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-07-24 01:33 - 2017-05-09 14:29 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-07-24 01:32 - 2017-05-09 14:29 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-07-24 01:27 - 2017-06-08 22:29 - 000000000 ____D C:\Users\MSSQLSERVER
2018-07-24 01:27 - 2017-04-14 13:47 - 000000000 ____D C:\Users\Lugi
2018-07-24 01:25 - 2017-12-20 13:15 - 000000000 ____D C:\Program Files\Core Temp
2018-07-24 01:25 - 2017-05-09 14:29 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-07-24 01:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2018-07-24 01:16 - 2017-06-11 12:17 - 000000000 ____D C:\Users\Lugi\AppData\Local\CrashDumps
2018-07-16 19:33 - 2018-03-26 13:02 - 000000000 ____D C:\Users\Lugi\AppData\Local\AVAST Software
2018-07-15 19:36 - 2017-09-24 23:17 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-07-15 16:16 - 2018-01-08 20:06 - 000239680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-07-15 16:16 - 2017-11-16 18:47 - 000197160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 001027728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000381584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000229392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000211160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000201328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000159640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000111872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000059592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-07-15 16:16 - 2017-05-09 14:29 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-07-15 15:21 - 2017-07-23 19:26 - 000000000 ____D C:\Users\Lugi\Documents\ProjectReality
2018-07-15 14:10 - 2017-04-14 14:01 - 000002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-15 14:10 - 2017-04-14 14:01 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-15 14:10 - 2017-04-14 13:47 - 000001401 _____ C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-15 13:14 - 2017-04-14 13:47 - 000000000 ____D C:\Users\Lugi\AppData\Local\VirtualStore
2018-07-14 18:01 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-07-14 13:11 - 2017-08-27 18:35 - 000003584 _____ C:\Windows\System32\Tasks\Update Manager
2018-07-14 13:11 - 2017-06-08 21:59 - 000003146 _____ C:\Windows\System32\Tasks\{59D44A39-0068-474D-BD1A-523BAD2D71C3}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:11 - 2017-04-14 14:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-12-29 16:09 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-06-29 02:33 - 000003654 _____ C:\Windows\System32\Tasks\MySQLNotifierTask
2018-07-14 13:10 - 2017-04-14 14:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-04-14 14:20 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-04-14 14:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-14 13:10 - 2017-04-14 13:58 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-14 13:10 - 2017-04-14 13:58 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-13 18:14 - 2017-08-26 20:30 - 000000000 ____D C:\Users\Lugi\AppData\Roaming\audacity
2018-07-12 22:13 - 2017-07-23 19:27 - 000000000 ___SH C:\ProgramData\.rdata
2018-07-12 20:32 - 2009-07-14 06:45 - 000424424 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-12 20:28 - 2017-04-18 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-12 01:39 - 2017-04-15 14:37 - 000898568 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2018-07-15 14:10 - 2009-10-23 23:00 - 005811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
2018-06-14 00:47 - 2018-06-14 00:47 - 001776169 _____ () C:\Users\Lugi\AppData\Roaming\Setup.exe
2018-07-15 14:09 - 2018-07-15 14:09 - 007631872 _____ () C:\Users\Lugi\AppData\Local\agent.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000070896 _____ () C:\Users\Lugi\AppData\Local\Config.xml
2018-07-15 14:08 - 2018-07-15 14:08 - 000016416 _____ () C:\Users\Lugi\AppData\Local\InstallationConfiguration.xml
2018-07-15 14:08 - 2018-07-15 14:08 - 000140800 _____ () C:\Users\Lugi\AppData\Local\installer.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000018432 _____ () C:\Users\Lugi\AppData\Local\Main.dat
2018-07-15 14:09 - 2018-07-15 14:09 - 000005568 _____ () C:\Users\Lugi\AppData\Local\md.xml
2018-07-15 14:09 - 2018-07-15 14:09 - 000126464 _____ () C:\Users\Lugi\AppData\Local\noah.dat
2018-06-10 21:25 - 2018-06-10 21:25 - 000000851 _____ () C:\Users\Lugi\AppData\Local\recently-used.xbel
2017-08-29 21:07 - 2017-11-27 18:36 - 000007603 _____ () C:\Users\Lugi\AppData\Local\Resmon.ResmonCfg
2018-07-15 14:08 - 2018-07-15 14:10 - 000929792 _____ () C:\Users\Lugi\AppData\Local\sham.db
2018-07-15 14:09 - 2018-07-15 14:09 - 001988310 _____ () C:\Users\Lugi\AppData\Local\U--Phase.tst
2018-07-15 14:10 - 2018-07-15 14:10 - 000032038 _____ () C:\Users\Lugi\AppData\Local\uninstall_temp.ico
 
Some files in TEMP:
====================
2010-11-18 18:27 - 2010-11-18 18:27 - 000587776 _____ (Igor Pavlov) C:\Users\Lugi\AppData\Local\Temp\7za.exe
2017-11-19 21:18 - 2001-12-18 02:00 - 000049152 _____ (Creative Technology Ltd) C:\Users\Lugi\AppData\Local\Temp\CheckLang.dll
2017-11-19 21:18 - 2006-08-07 02:00 - 000049152 _____ (Creative Technology Ltd) C:\Users\Lugi\AppData\Local\Temp\CtRunApp.dll
2017-04-14 14:19 - 2017-04-01 03:36 - 000868152 _____ (NVIDIA Corporation) C:\Users\Lugi\AppData\Local\Temp\nvSCPAPI64.dll
2017-04-29 13:26 - 2017-04-01 03:36 - 000369208 _____ (NVIDIA Corporation) C:\Users\Lugi\AppData\Local\Temp\nvStInst.exe
2017-05-18 11:04 - 2017-05-18 11:04 - 001066336 _____ (Microsoft Corporation) C:\Users\Lugi\AppData\Local\Temp\PidGenX.dll
2014-09-12 01:44 - 2014-09-12 01:44 - 004216840 _____ (Microsoft Corporation) C:\Users\Lugi\AppData\Local\Temp\vcredist9_x86.exe
2017-05-14 18:24 - 2017-05-14 18:24 - 049508048 _____ (Sony) C:\Users\Lugi\AppData\Local\Temp\xcs76B6.tmp.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-28 01:44
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 04 August 2018 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

AppInit_DLLs: C:\ProgramData\Quoteex\Zummaron.dll => C:\ProgramData\Quoteex\Zummaron.dll [342528 2018-07-15] ()
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,

S3 ALSysIO; \??\C:\Users\Lugi\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\Quoteex

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Addition.txt log that was created by the Farbar program.
Let me know what problem persists with this computer.

#3 Lugi

Lugi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 August 2018 - 09:37 AM

I did all this, and the problem is still here :/

 

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lugi (04-08-2018 16:29:55) Run:1
Running from E:\
Loaded Profiles: Lugi & MSSQLSERVER (Available Profiles: Lugi & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

AppInit_DLLs: C:\ProgramData\Quoteex\Zummaron.dll => C:\ProgramData\Quoteex\Zummaron.dll [342528 2018-07-15] ()
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1459657716-2493573527-527088305-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,

S3 ALSysIO; \??\C:\Users\Lugi\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\Quoteex

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\Quoteex\Zummaron.dll" => Value data removed successfully
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\ielnksrch => not found
"HKU\S-1-5-21-1459657716-2493573527-527088305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-1459657716-2493573527-527088305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => removed successfully
HKLM\Software\Classes\CLSID\{ielnksrch} => not found
"Chrome HomePage" => removed successfully
"HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully
ALSysIO => service removed successfully
"HKLM\System\CurrentControlSet\Services\cpuz145" => removed successfully
cpuz145 => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
C:\ProgramData\Quoteex => moved successfully


The system needed a reboot.

==== End of Fixlog 16:31:22 ====

Addition.txt from before:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lugi (04-08-2018 12:16:32)
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) (2017-04-14 11:47:29)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1459657716-2493573527-527088305-500 - Administrator - Disabled)
Guest (S-1-5-21-1459657716-2493573527-527088305-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1459657716-2493573527-527088305-1002 - Limited - Enabled)
Lugi (S-1-5-21-1459657716-2493573527-527088305-1000 - Administrator - Enabled) => C:\Users\Lugi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

${{arpDisplayName}} (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
µTorrent (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Age of Empires II HD Edition ver. 5.3.1 (HKLM-x32\...\{A435EA2A-DB9C-4A79-8257-7EA7C609EEC4}_is1) (Version: 5.3.1 - *Let'sРlay*)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{D25C9EDD-984F-444C-9229-5A58130C6B10}) (Version: 4.3.60226.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.2 - Arduino LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 67.1.664.100 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bioshock Infinite version 1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: 1.1.25.5165 - Mr DJ)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CMake (HKLM\...\{7EFC6372-ACA9-459B-A7C8-BB2CA6C2CE19}) (Version: 3.8.1 - Kitware)
CodeBlocks (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Command Line Tools (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_command_line_tools_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Compiler (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_compiler_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) (HKLM\...\Creative VF0420) (Version:  - )
CUBLAS Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUBLAS Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cublas_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Documentation (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_documentation_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Toolkit (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDA Version (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVersion_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUDART Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cudart_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUFFT Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cufft_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CURAND Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CURAND Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_curand_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSOLVER Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSOLVER Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusolver_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSPARSE Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
CUSPARSE Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_cusparse_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Demo Suite (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_demo_suite_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Docker Toolbox version 18.03.0-ce (HKLM\...\{FC4417F0-D7F3-48DB-BCE1-F5ED5BAFFD91}_is1) (Version: 18.03.0-ce - Docker)
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{80B15934-444B-4B4F-B2A9-439FCCBA4C81}) (Version: 1.1.132.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fortran Examples (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_fortran_examples_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Git version 2.12.2.2 (HKLM\...\Git_is1) (Version: 2.12.2.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ)
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HDF5 (HKLM\...\{1F3BE804-92AD-412F-9FF9-89F9994CDEDA}) (Version: 1.10.0 - HDF_Group)
HDFView 2.13 (HKLM\...\{BEAE5309-CD2F-4763-92B8-167541402E7E}) (Version: 2.13 - The HDF Group)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JetBrains PyCharm Community Edition 2017.1.2 (HKLM-x32\...\PyCharm Community Edition 2017.1.2) (Version: 171.4249.47 - JetBrains s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.27.20180328 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Medieval 2 Total War Gold version 1.05 (HKLM-x32\...\{8241AE65-BF38-4C3F-B0AF-6E9983A4516C}_is1) (Version: 1.05 - vol1)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Updates (HKLM-x32\...\{f90e9ec5-977b-4752-8518-abe39dac065d}) (Version: 14.0.24720.41 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.29.01.264 - Huawei Technologies Co.,Ltd)
Mount.Blade.Warband.v1.168.ACOK2.2-ALI213 version 1.168 (HKLM-x32\...\{247B81A0-D9F6-421A-83B6-AC6325708382}}_is1) (Version: 1.168 - Ali213.net)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector C++ 1.1.8 (HKLM\...\{4BFAEC5F-9E57-467F-A19F-2FF716DDC9E6}) (Version: 1.1.8 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9F9DCBD0-6C06-445C-B407-B2FF16C98B63}) (Version: 5.1.42 - Oracle Corporation)
MySQL Connector Net 6.9.9 (HKLM-x32\...\{E09F82E9-3EB3-4725-BDC8-3C77F83E262C}) (Version: 6.9.9 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{788AEC1D-78E4-4E65-A388-AC87D0490911}) (Version: 6.1.10 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{EB0CFCBD-B0C8-4F0F-ACF4-8B674A19B459}) (Version: 5.3.8 - Oracle Corporation)
MySQL Documents 5.7 (HKLM-x32\...\{B3E47FBC-B036-4AC9-975E-55AA7252A7A0}) (Version: 5.7.18 - Oracle Corporation)
MySQL Examples and Samples 5.7 (HKLM-x32\...\{A991DCE5-AB3B-4E9F-A58E-EF5E02742665}) (Version: 5.7.18 - Oracle Corporation)
MySQL for Visual Studio 1.2.7 (HKLM-x32\...\{63F92630-4546-4297-A0F5-761886A689EE}) (Version: 1.2.7 - Oracle)
MySQL Installer - Community (HKLM-x32\...\{DE64E7EF-38D5-4A3A-8B18-A691FB177438}) (Version: 1.4.19.0 - Oracle Corporation)
MySQL Notifier 1.1.7 (HKLM-x32\...\{724CDD73-430E-47DA-8F4E-7DF2000BA268}) (Version: 1.1.7 - Oracle)
MySQL Router 2.1 (HKLM\...\{929202C7-D089-4B21-934F-753E12A7500F}) (Version: 2.1.3 - Oracle Corporation)
MySQL Server 5.7 (HKLM\...\{2DA17C9C-993C-4A53-8C65-C05A470A2849}) (Version: 5.7.18 - Oracle Corporation)
MySQL Shell 1.0.9 (HKLM\...\{69E5F01E-8F6B-44F8-92D9-54EC39F846DA}) (Version: 1.0.9 - Oracle and/or its affiliates)
MySQL Utilities (HKLM\...\{BEDAC2EF-DBA2-4B25-857A-7DF385FA645E}) (Version: 1.6.5 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{CD8C5EC0-56A3-4F6E-BB22-E230059DF1F2}) (Version: 6.3.9 - Oracle Corporation)
Nicky Romero Kickstart 1.0.9 (HKLM\...\Kickstart_is1) (Version: 1.0.9 - Nicky Romero)
NPP Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NPP Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_npp_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVGRAPH Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVGRAPH Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvgraph_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA CUDA Development 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADevelopment_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Documentation 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocument_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Runtime 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDARuntimes_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Samples 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_samples_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 8.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_visual_studio_integration_8.0) (Version: 8.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 5.2.0.16321 (HKLM\...\{39F2CF8F-DE76-49F1-85D5-FC215853B709}) (Version: 5.2.0.16321 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{B56D2F88-8865-40FD-B7AC-F074EE4D201D}) (Version: 1.00.00.00 - NVIDIA Corporation)
NVML Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvml_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVRTC Development (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_dev_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
NVRTC Runtime (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_nvrtc_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Occupancy Calculator (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_occupancy_calculator_8.0) (Version: 8.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
PandaViewer (HKLM-x32\...\PandaViewer) (Version:  - )
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prismatik (unofficial) 64bit (remove only) (HKLM-x32\...\{ABD88CE7-1FFA-416C-96CA-CCC6F2B34236}_is1) (Version: 5.11.2.17 - Patrick Siegler)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.4 - Project Reality)
Project Reality: WW2 (HKLM\...\Project Reality: WW2 (pr_ww2)_is1) (Version: v0.2 - Project Reality)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1459657716-2493573527-527088305-1000\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (64-bit) (HKLM\...\{E151A5E4-D373-4388-82FB-0C9F5F6CFB76}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (HKLM\...\{5397E020-59CB-43BF-A0FE-32B26DE98187}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (HKLM\...\{911FCD3E-A42F-472C-983A-0518799BFE7D}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (HKLM\...\{24C31CC2-A8F2-417E-A61B-5E682D39893B}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (HKLM\...\{A74E3253-CB6C-4214-8964-FFCEB37DB5D8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (HKLM\...\{976C50E6-00DF-40A6-9E59-70A4F3EF4E32}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (HKLM\...\{A4B31C78-C884-4B36-BDE4-FBAD3A2A1C7E}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (HKLM\...\{7BA8A393-A7EB-4529-8A63-D7A4502C0D24}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (HKLM\...\{E5642976-7F8E-41C1-A249-419B809CA2A8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Roslyn Language Services - x86 (HKLM-x32\...\{3107684C-8011-3031-BD28-10CA30F58267}) (Version: 14.0.24730 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SafeFinder (HKLM-x32\...\{B0F6BAC7-9BAF-4C8A-96C8-BD393B6CE5BC}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.6.201704121541 - Sony Mobile Communications Inc.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls V Skyrim Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim Special Edition_is1) (Version:  - )
TP-LINK TL-WN823N Driver (HKLM-x32\...\{CE194A8D-C8DF-47EB-AB04-5A54CDC1C5BD}) (Version: 1.3.1 - TP-LINK)
TypeScript Power Tool (HKLM-x32\...\{CF436B98-B0FE-447F-8E46-68E0B14FDDE0}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{F66F9C2A-E14B-4D30-82C5-A4E32B569286}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{33952D66-D503-10CA-DD8E-E365C15EB4E0}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{27b15812-304d-4fc2-80b7-55a920f30a28}) (Version: 1.6.5.0 - Sony)
Xperia Companion (HKLM-x32\...\{9D56F227-FC8D-419D-ADEB-41E5734025BD}) (Version: 1.6.5.0 - Sony) Hidden
Xperia Companion Service (HKLM\...\{941E0B86-5EC0-43BC-9DA9-9BC596150B4B}) (Version: 1.6.5.0 - Sony) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-15] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C802091-C7FA-425C-9929-4941F7A9F67F} - System32\Tasks\{59D44A39-0068-474D-BD1A-523BAD2D71C3} => C:\Windows\system32\pcalua.exe -a C:\Users\Lugi\Downloads\SQLServer2016-SSEI-Expr.exe -d C:\Users\Lugi\Downloads
Task: {198B3C60-DE17-44CD-9B2C-53434C839A2A} - System32\Tasks\PsiegUpdateElevate_Prismatik => C:\Program Files\Prismatik\UpdateElevate.exe [2018-04-26] ()
Task: {1A17110F-6E5F-4350-82E3-BF19EADE4E8F} - \AutoKMS -> No File <==== ATTENTION
Task: {23EE076D-09B0-4BDB-82F7-4891DB28E463} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
Task: {3982C222-FDC5-4D8D-A460-3E3BF6F0D3D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-29] (Microsoft Corporation)
Task: {46DC569D-490B-4FFC-BDEF-2355C6D05500} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {478BBDD7-1686-4290-863F-C6B9ED90A761} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {492C011E-4734-4DD2-A4A5-9805DDD2AD87} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {4FA3091A-DFF7-4B0B-ABBB-5AB3DB02E596} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {6E9D57AF-101E-47A6-B2C7-1C592E082595} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2017-04-10] (Oracle Corporation)
Task: {6ED941D8-0D8B-487D-8CFC-C8D514C390CB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-16] (NVIDIA Corporation)
Task: {7473CBD5-C27B-43A6-9E43-FFAF94912B8E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {82F88F6A-DDDD-493E-9801-2432A89A1E24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
Task: {8608600C-761E-45DE-8144-781C219F4F74} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-16] (NVIDIA Corporation)
Task: {86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0} - \KMSAutoNet -> No File <==== ATTENTION
Task: {9314B47C-5DFA-4361-AFAD-213BBC8F3700} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-29] (Microsoft Corporation)
Task: {9BDE2224-6B31-44F2-A34E-F77C05874016} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-29] (Microsoft Corporation)
Task: {A02EB10E-C3D5-48E3-ACFB-0E0011DE22ED} - System32\Tasks\{2201F696-EAD4-49CC-84E6-719352E68D27} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {ABED4595-8397-4671-A531-1438E96AB9DA} - System32\Tasks\Update Manager => C:\Users\Lugi\AppData\Roaming\Mount.Blade.Warband.v1.168.ACOK2.2-ALI213\Upgrade.exe
Task: {B79BEA93-5AB2-4DD6-95B4-9526E1A1391B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {BEB693A4-3872-4D69-AEE0-5842155AD015} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2016-07-29] (Oracle Corporation)
Task: {C08263A0-BCBC-4CA0-86DC-B1EEDC1B83B5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-16] (NVIDIA Corporation)
Task: {C9C51744-5B61-4FC9-A769-9C5FD975D158} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-16] (NVIDIA Corporation)
Task: {CF56C87F-FB2A-401C-89C4-F809D8FDDAE5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-05] (AVAST Software)
Task: {D07B5D8F-8AE4-4700-8E0B-16AC7CD1F2A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-16] (NVIDIA Corporation)
Task: {D29B3572-FC9C-4FFD-8B36-5A1D0B75950A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-26] (AVAST Software)
Task: {DBF1D0B4-1074-47BB-98C6-B7C818C7FFBD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-07-15] (AVAST Software)
Task: {E4871CB9-142E-4A30-8337-BFEDAFF122B7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-29] (Microsoft Corporation)
Task: {F3DBF3C1-5CB1-4FA3-B6C8-F0917EF3DECC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-29] (Microsoft Corporation)
Task: {F4C68B86-A4D9-4490-80C4-39EF81D9963F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-16] (NVIDIA Corporation)
Task: {F625D623-A39E-415D-B3BC-F26A4BD1AAEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Lugi\Desktop\HDFView-2.13.0.lnk -> C:\Users\Lugi\AppData\Local\Apps\HDF_Group\HDFView\2.13.0\hdfview.bat ()
Shortcut: C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDFView-2.13.0\HDFView-2.13.0.lnk -> C:\Users\Lugi\AppData\Local\Apps\HDF_Group\HDFView\2.13.0\hdfview.bat ()

ShortcutWithArgument: C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Lugi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\.rdata:X [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-26 17:44 - 000000888 _____ C:\Windows\system32\Drivers\etc\hosts

185.31.160.192 karachan.org
185.31.160.192 www.karachan.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1459657716-2493573527-527088305-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D50CB569-F4D0-43F3-B1EC-A4ADE0DD0FFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{626DAB18-64D4-49C9-9B88-91DD1516D70A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{945DFB0C-964D-4C37-B85E-2662C57C6F3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{34B5DA6B-34A3-4606-8CD2-31F11CB29FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD0B463B-0E54-46B4-B024-F027E7BBE970}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9BBBD42-2235-4DAF-B505-E5CFC9D6F436}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{21C712BD-2E90-4E16-BA6F-7E17A77E28F2}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{10589F0F-BF2C-413D-8F07-449FAC2A6C98}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{15F85AC6-8A98-4139-A63E-1844B3D8CA5A}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{121C4D03-2BB8-4507-B7E1-3E0A5916CA3D}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E2DA77D-77D7-49E7-A222-251CB1BD26B7}] => (Allow) C:\Users\Lugi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{AF759090-8BB6-41A7-A11B-680C20FF0988}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{6633FBA4-8749-4C5D-828F-2B40318BCF74}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{4EAA8BA1-49D1-47E2-85C3-3F26389C3036}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{33861894-F437-4927-94F7-DDB23A056437}D:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) D:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{52E4F96B-65C8-4644-BCBA-1C525F50FDE8}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F588E0B2-81CA-4EA9-B868-70A5B848D3E1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{21ABCCF1-B0F1-42DE-8673-A4927BB2E8DD}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{B71444E8-8897-465E-8A31-E09878029753}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{8B615E40-527C-448A-B65F-7897F45BAB1D}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{90CA630E-9D4C-42E3-888B-A1F8B447CCBA}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{33C39993-EE12-4E92-A107-C466249EDD5E}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F4970D1C-04B5-4814-BCC3-45A1AA4C5680}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{822BE8AD-99B7-46FE-8FDD-D953A16635DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2BCA81CB-F328-4FF3-97A0-1626265A8980}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5C7E3CB2-BF42-4419-96A4-E05496FF684E}] => (Allow) C:\Users\Lugi\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{044A7620-8449-4F41-9E91-2459919A7733}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{E8F53B66-0187-43AC-B412-02368FE928B4}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{0AF610DA-F923-453B-AFA6-8266D653F8A9}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F080EA30-09A9-46C8-A09B-B6EE45ED7B90}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{1D94C764-1F12-422A-9C83-2E492F61C974}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{D8035140-1373-4509-8750-DEADC3DD470E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{8DAEA91D-5C85-466D-9E78-C3DA7F709527}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{12EF279B-DC17-49D2-A690-CC0777E19889}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{07EED434-4676-4C3A-9CA0-2F9E44165EEF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{18BAEC0D-0818-41DA-8C56-5E6D85EB3001}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F43491C0-6A63-4F69-836D-3EBF7F229AE2}] => (Allow) LPort=3306
FirewallRules: [{E66C5FDA-73CB-44A4-8843-EB158DE4C478}] => (Allow) LPort=3306
FirewallRules: [{F28E37F0-67DB-41A0-8ABE-72B395C7F7F8}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{36898223-FFC2-486F-9B82-2838CA83A2FB}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{FF5C6043-5AC8-4B18-9A77-3428F0479F4C}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{8418B55C-7534-4A91-AC89-A7742CAB5DFD}] => (Allow) D:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [TCP Query User{070E9A79-87FA-40B6-9760-33F8FD58CD35}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [UDP Query User{AF1BDFE6-1C4F-487F-B8FB-4D038464109E}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [{EB3C9E65-8794-4EEE-AD6C-B466F6DE40AB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{731B4C0C-07B6-4239-A599-B65696289E10}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{9A84F5AD-C349-4E5B-B447-8707A5435490}C:\users\lugi\appdata\local\programs\python\python35\python.exe] => (Allow) C:\users\lugi\appdata\local\programs\python\python35\python.exe
FirewallRules: [UDP Query User{E59FF6A0-F5CC-4D7B-82DA-6E9903F3DFE6}C:\users\lugi\appdata\local\programs\python\python35\python.exe] => (Allow) C:\users\lugi\appdata\local\programs\python\python35\python.exe
FirewallRules: [{F5C1FCE3-4DC5-46DD-ACD7-CB11896C0B98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B71FDAA7-2DFC-42B9-A4E4-856E10A774FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2F79F137-3720-49F7-B54C-4A913A612599}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{77E7AC9B-BEDB-4202-9D46-305F46A4CFFA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{E2672BB1-5133-46DC-A002-1609ECEAC545}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{CCFCFCE1-6C76-4FD3-A905-98D392509832}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{CDD637C9-7F97-4E4F-BDCD-CF402E2D7640}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{109C1BBA-7236-4C4C-AF0B-EC6C3EE3E6DE}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{87BAAAA3-2ADE-49EA-93F0-75CD88E45B0D}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{163866C9-D94F-44BF-B9F4-299A59DBD285}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{60FEB3F7-6904-416F-BDD5-1CD968BD44F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{65C4F0CC-60A3-4B96-BE54-135E6DDC6996}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E0F5F3AE-2DDB-41E5-AF5C-1105F357D4C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D1D467D7-2E7E-44B0-AB68-35C141C7AC56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7CB8D67-880F-47A0-AE6B-E0AFA9A057AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BDC43DD8-0CFB-4B63-8B7C-03801265C945}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D50C90C6-EBDC-41C5-83C8-6222DD488DD8}] => (Allow) D:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{0418D487-0629-48F3-80AA-960128E46638}] => (Allow) D:\Program Files (x86)\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{3047E7F3-1ADC-4D0B-9B16-3D14449213D0}] => (Allow) D:\Program Files (x86)\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{07A16DA5-5AA5-4CA9-80D5-D4BDB81EC5B4}] => (Allow) D:\Program Files (x86)\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{40CF7B0D-95F5-4842-A4F8-537053A7E25A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3A5F8403-D0FD-4CAA-A07F-B2EB6B776286}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8B4D793C-C84B-4CF7-A7E8-9EF9D0C318B9}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{29B537EC-AECB-4242-A8D6-9DD45504B37F}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8B5EBC5E-C64E-41F6-90F5-E4C79D55AC3F}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [UDP Query User{6E183EF2-47B1-45BF-9A6C-45907D29C190}C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.2\bin\pycharm64.exe
FirewallRules: [{86FD3174-6F67-45F9-8D3B-98DFF4D2EED6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{50F8B758-7B65-43EC-9B36-6A0FF87ADB0C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{D9002E3F-0194-4E8E-8F7A-23040C8B9078}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{05108757-34A3-4082-A399-3FE8F57325B7}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{7077E7AE-78FF-42C6-A820-794532D57359}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DF17E643-345A-4EED-ABDD-74DDAA110610}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2018 12:14:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2018 11:37:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/04/2018 11:36:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/03/2018 06:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/03/2018 06:15:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/02/2018 09:48:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (08/02/2018 09:48:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/02/2018 06:29:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm
cdrom
CSC
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
VBoxDrv
VBoxNetLwf
VBoxUSBMon
vwififlt
Wanarpv6
WfpLwf

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: 
A device attached to the system is not functioning.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (08/04/2018 12:13:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: 
A device attached to the system is not functioning.


Windows Defender:
===================================
Date: 2017-04-29 03:03:42.497
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{7CD7A6D1-48A4-4E60-B5A7-8DD321FBFBB1}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 8174.49 MB
Available physical RAM: 6678.71 MB
Total Virtual: 16347.15 MB
Available Virtual: 14960.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200 GB) (Free:4.63 GB) NTFS
Drive d: () (Fixed) (Total:731.41 GB) (Free:288.3 GB) NTFS
Drive e: (USB DISK) (Removable) (Total:7.46 GB) (Free:7.39 GB) NTFS

\\?\Volume{d96159fc-2152-11e7-8ce7-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: FA03DE70)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=731.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 04 August 2018 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Still some work to be done.

CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION program not signed could be compromised
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
SafeFinder (HKLM-x32\...\{B0F6BAC7-9BAF-4C8A-96C8-BD393B6CE5BC}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION

===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Task: {1A17110F-6E5F-4350-82E3-BF19EADE4E8F} - \AutoKMS -> No File <==== ATTENTION
Task: {478BBDD7-1686-4290-863F-C6B9ED90A761} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0} - \KMSAutoNet -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
C:\Program Files (x86)\Microleaves

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Any remaing issues?

#5 Lugi

Lugi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 August 2018 - 12:03 PM

Still not solved

 

log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Lugi (04-08-2018 18:55:09) Run:3
Running from E:\
Loaded Profiles: Lugi & MSSQLSERVER (Available Profiles: Lugi & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

Task: {1A17110F-6E5F-4350-82E3-BF19EADE4E8F} - \AutoKMS -> No File <==== ATTENTION
Task: {478BBDD7-1686-4290-863F-C6B9ED90A761} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0} - \KMSAutoNet -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
C:\Program Files (x86)\Microleaves

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1A17110F-6E5F-4350-82E3-BF19EADE4E8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A17110F-6E5F-4350-82E3-BF19EADE4E8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{478BBDD7-1686-4290-863F-C6B9ED90A761}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{478BBDD7-1686-4290-863F-C6B9ED90A761}" => removed successfully
"C:\Windows\System32\Tasks\Updater_Online_Application" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86EAA642-0E7B-42E3-BE4E-13B0B1ABB5F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet" => removed successfully
"C:\Windows\Tasks\Updater_Online_Application.job" => not found
"C:\Program Files (x86)\Microleaves" => not found


The system needed a reboot.

==== End of Fixlog 18:56:33 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 04 August 2018 - 01:22 PM

Hi,

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#7 Lugi

Lugi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 August 2018 - 03:26 PM

Problem still persists, but RogueKiller deleted around 15 threats

RogueKiller V12.12.29.0 (x64) [Jul 30 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lugi [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/04/2018 21:53:32 (Duration : 00:25:29)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\mtQuoteex -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\mtQuoteex -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\mtQuoteex -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Start Page : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Start Page : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahJtx1glp6s_XwF8Hem_MAqrbctlKcBg1Ods_KQ_3uyd8qWLvn3_gsblTwKz96G4O1llDu2CJtz5fV8eYhD03tjPlW_bg,,  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1459657716-2493573527-527088305-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFYzHmKUzWMpeTkQkLYRNt-3mUZx2djdRigs--d_zqR71i8McUygV3YpoWeQnGRddXGRW_6pJ_tm7gLxqVmK6vnU_aJg,,&q={searchTerms}  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Update Manager -- C:\Users\Lugi\AppData\Roaming\Mount.Blade.Warband.v1.168.ACOK2.2-ALI213\Upgrade.exe (/upgradeid=f561932c-0bef-41b9-9289-b7d5c099b86b) -> Found

¤¤¤ Files : 26 ¤¤¤
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS -> Found
[PUP.LogicHandler][Folder] C:\ProgramData\Logic Cramble -> Found
[PUP.Gen1][Folder] C:\ProgramData\Quoteexs -> Found
[PUP.YahooChrome][Folder] C:\ProgramData\yahoochrome_D -> Found
[Hj.Shortcut][File] C:\Users\Public\Desktop\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe %SNP% -> Found
[Hj.Shortcut][File] C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe %SNP% -> Found
[Hj.Shortcut][File] C:\Users\Lugi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe %SNP% -> Found
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found
[PUP.Linkury][File] C:\Windows\SysWOW64\findit.xml -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Lugi\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Found
[PUP.OnlineIO][Folder] C:\Users\Lugi\AppData\Local\AdvinstAnalytics -> Found
[Tr.XService][Folder] C:\Users\Lugi\AppData\Local\XService -> Found
[PUP.HackTool][Folder] C:\ProgramData\KMSAutoS -> Found
[PUP.LogicHandler][Folder] C:\ProgramData\Logic Cramble -> Found
[Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe %SNP% -> Found
[PUP.Gen1][Folder] C:\ProgramData\Quoteexs -> Found
[PUP.YahooChrome][Folder] C:\ProgramData\yahoochrome_D -> Found
[Hj.Shortcut][File] C:\Users\Public\Desktop\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe %SNP% -> Found
[Hj.Shortcut][File] C:\Users\Lugi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe %SNP% -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYolP6ClmhIs7cdzRlF6k3KmZzDmfrH1o8lN1eMFLzdp8kt-MlKYeg3u8NkY0zjYahFeNuR9Xp_gIphtWnecSusUa0hAqDQgbmfPmYNpaJOQtH2WUfKCmtabN5NdFOSszxxaet2v9WYwqPIpf3Qhu5edQhF9g,,] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM010-2EP102 ATA Device +++++
--- User ---
[MBR] e9fc54f900a01a2f97a4531058ab04bb
[BSP] d18795272575c24b3c470a8554e177fc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419637248 | Size: 748967 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK




#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 05 August 2018 - 06:39 AM

Hi,

If not already done please run the RogueKiller program and delete all the entries.
If required the default setting will be used.
===

If possible please start the computer in Normal Mode and run the Farbar program again.
Post a fresh FRST.txt and Addition.txt logs for my review.
p.s.
To create a new Addition.txt log make sure that before scanning with the Farbar program that the box to created an Addition.txt file is checked.
====

Is the problem still the same or is the computer running better now?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 AM

Posted 11 August 2018 - 06:55 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users