Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU overheating for no apparent reason & computer works slowly


  • Please log in to reply
5 replies to this topic

#1 random3986xo

random3986xo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 08 August 2018 - 06:03 AM

I've made a stupid mistake and installed a program from a torrent website. It immediately installed several programs, slowed the computer down, and doing as much as playing a YT video and playing a video game resulted in CPU reaching over 90 degrees Celsius.

 

After having run a few free malware/antivirus removal programs, the overheating is less drastic, but the computer still slows down & the CPU will reach 70 degrees while doing nothing but watching Twitch. Playing YouTube while playing an old version of WoW will still bring it up to 80 degrees.

 

(The programs I used all found some infected files - many mentioned a crypto miner.)

 

I didn't have any of these problems before.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
Ran by User (administrator) on USER-PC (08-08-2018 12:40:33)
Running from Z:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) Z:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() Z:\Windows\System32\ASGT.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Felix Logic) Z:\Program Files\Cold Turkey\CTService.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) Z:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) Z:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
() C:\Program Files\Webstart Studios\Web Blocker\TWBService.exe
() C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe
(CyberGhost S.A.) Z:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) Z:\Program Files\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Adobe Systems Incorporated) Z:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) Z:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) Z:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) Z:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(VIA) Z:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) Z:\Program Files\Common Files\Java\Java Update\jusched.exe
(f.lux Software LLC) Z:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) Z:\Windows\System32\wuauclt.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Piriform Ltd) Z:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Oracle Corporation) Z:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Almico Software (www.almico.com)) Z:\Program Files\SpeedFan\speedfan.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
() Z:\Users\User\Desktop\Scrivener\Scrivener.exe
(Microsoft Corporation) Z:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) Z:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Felix Belzile) Z:\Program Files\Cold Turkey\CTServiceInstaller.exe
(Microsoft Corporation) Z:\Program Files\Cold Turkey\vcredist_x86.exe
(Microsoft Corporation) L:\891667eefbff1a8357f0\Setup.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => Z:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1701888 2009-10-28] (VIA)
HKLM\...\Run: [NvBackend] => Z:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => Z:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => Z:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Run: [f.lux] => Z:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Run: [CCleaner Monitoring] => Z:\Program Files\CCleaner\CCleaner.exe [12762872 2018-07-24] (Piriform Ltd)
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Run: [GoogleChromeAutoLaunch_CD98D86ACC9F07A51EA009EAF98C1911] => Z:\Program Files\Google\Chrome\Application\chrome.exe [1458008 2018-06-22] (Google Inc.)
BootExecute: Z:\Windows\system32\autochk.exeavgBoot.exe /M:641dd7e86d4 /dir:"Z:\Program Files\AVG\Antivirus"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2648BF1D-9967-4AB4-BBB2-B50967F6702E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2648BF1D-9967-4AB4-BBB2-B50967F6702E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD4AF727-1106-4BC3-83DC-2B9BE3B69EC1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180621__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Z:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Z:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-30] (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> Z:\Program Files\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Z:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Z:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Z:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-30] (Oracle Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2018-07-30] (AO Kaspersky Lab)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2018-07-30] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - Z:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 5uf4tpad.default
FF ProfilePath: Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default [2018-08-08]
FF Homepage: Mozilla\Firefox\Profiles\5uf4tpad.default -> file:///Z:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\5uf4tpad.default -> file:///Z:/ProgramData/Quoteexs/ff.NT
FF Extension: (LastPass) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\support@lastpass.com [2016-12-17] [Legacy]
FF Extension: (Stylish) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-09-03] [Legacy]
FF Extension: (No Name) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{603e7ffb-43ec-48e6-ad82-08c42b81a913}.xpi [2018-07-30] [not signed]
FF Extension: (FT DeepDark) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-01-16] [Legacy]
FF Extension: (iMacros for Firefox) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-09-03] [Legacy]
FF Extension: (Video DownloadHelper) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30] [Legacy]
FF Extension: (Adblock Plus) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF SearchPlugin: Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-06-21]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-08-11] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-30]
FF Plugin: @adobe.com/FlashPlayer -> Z:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> Z:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> Z:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-30] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> Z:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> z:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> Z:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> Z:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> Z:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @raidcall.tw/RCplugin -> Z:\Users\User\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> Z:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> Z:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: Adobe Acrobat -> Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> Z:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1473089369-2215227133-162011811-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> Z:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: Z:\Users\User\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-09-25] (Octoshape ApS)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-08-08]
CHR Extension: (Slides) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Kaspersky Protection) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-07-30]
CHR Extension: (Docs) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-14]
CHR Extension: (YouTube) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-14]
CHR Extension: (Twitter Web - Night Mode) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadmiljohldbooihfbkjkobepojailca [2017-10-02]
CHR Extension: (Adblock Plus) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-23]
CHR Extension: (Video Downloader professional) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-07-31]
CHR Extension: (Sheets) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-15]
CHR Extension: (AdBlock) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25]
CHR Extension: (LastPass: Free Password Manager) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-07-27]
CHR Extension: (Video DownloadHelper) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
CHR Extension: (Bandcamp Saver) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcjnkdkagdlpccdhohflbbaandekogh [2018-07-31]
CHR Extension: (Chrome Web Store Payments) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-14]
CHR Extension: (Chrome Media Router) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-24]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor14.0; Z:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [176864 2015-12-07] (Adobe Systems Incorporated)
R2 ASGT; Z:\Windows\System32\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 avast; Z:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-24] (AVAST Software)
S3 avastm; Z:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-24] (AVAST Software)
S2 AVP19.0.0; Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
R2 bdredline; Z:\Program Files\Bitdefender Antivirus Free\bdredline.exe [1929240 2018-03-22] (Bitdefender)
S3 c2wts; Z:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CG6Service; Z:\Program Files\CyberGhost 6\CyberGhost.Service.exe [204880 2018-06-11] (CyberGhost S.A.)
R2 CTService; Z:\Program Files\Cold Turkey\\CTService.exe [329728 2016-02-14] (Felix Logic) [File not signed]
S3 fussvc; Z:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2014-02-19] (Microsoft Corporation) [File not signed]
S2 KSDE3.0.0; Z:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 NvNetworkService; Z:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 ProductAgentService; Z:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S3 Te.Service; Z:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation) [File not signed]
R2 updatesrv; Z:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236208 2018-05-14] (Bitdefender)
R2 vsserv; Z:\Program Files\Bitdefender Antivirus Free\vsserv.exe [236208 2018-05-14] (Bitdefender)
R2 vsservppl; Z:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [236208 2018-05-14] (Bitdefender)
S3 VSStandardCollectorService140; Z:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-06-20] (Microsoft Corporation)
R2 Web Blocker Service; C:\Program Files\Webstart Studios\Web Blocker\TWBService.exe [32768 2010-09-13] () [File not signed]
R2 Web Blocker Service URL; C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe [24064 2010-09-13] () [File not signed]
S3 WinDefend; Z:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; Z:\Windows\System32\DRIVERS\atc.sys [1010256 2018-04-27] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; Z:\Windows\System32\DRIVERS\avc3.sys [1419144 2018-04-17] (BitDefender)
R0 BdDci; Z:\Windows\System32\DRIVERS\bddci.sys [126056 2018-04-19] (Bitdefender)
R0 cm_km; Z:\Windows\System32\DRIVERS\cm_km.sys [178368 2018-01-27] (AO Kaspersky Lab)
R3 edrsensor; Z:\Windows\System32\DRIVERS\edrsensor.sys [208216 2018-04-19] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 giveio; Z:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 gzflt; Z:\Windows\System32\drivers\gzflt.sys [157256 2018-05-29] (BitDefender LLC)
R2 ISOMount; Z:\Program Files\Free ISO Mount\FIMx86.sys [26984 2015-03-28] ()
R0 kl1; Z:\Windows\System32\DRIVERS\kl1.sys [151240 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; Z:\Windows\System32\DRIVERS\klbackupdisk.sys [63688 2017-12-27] (AO Kaspersky Lab)
R1 klbackupflt; Z:\Windows\System32\DRIVERS\klbackupflt.sys [101568 2018-02-02] (AO Kaspersky Lab)
R2 kldisk; Z:\Windows\System32\DRIVERS\kldisk.sys [75456 2018-07-30] (AO Kaspersky Lab)
R3 klflt; Z:\Windows\System32\DRIVERS\klflt.sys [173248 2018-07-30] (AO Kaspersky Lab)
R1 klhk; Z:\Windows\System32\DRIVERS\klhk.sys [659144 2018-07-30] (AO Kaspersky Lab)
R1 KLIF; Z:\Windows\System32\DRIVERS\klif.sys [875200 2018-07-30] (AO Kaspersky Lab)
R1 klim6; Z:\Windows\System32\DRIVERS\klim6.sys [49344 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; Z:\Windows\System32\DRIVERS\klkbdflt.sys [51400 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; Z:\Windows\System32\DRIVERS\klmouflt.sys [76328 2017-12-11] (AO Kaspersky Lab)
R1 klpd; Z:\Windows\System32\DRIVERS\klpd.sys [45520 2017-05-30] (AO Kaspersky Lab)
R3 kltap; Z:\Windows\System32\DRIVERS\kltap.sys [45496 2018-02-12] (The OpenVPN Project)
R1 kltdi; Z:\Windows\System32\DRIVERS\kltdi.sys [75488 2017-11-07] (AO Kaspersky Lab)
R1 klwtp; Z:\Windows\System32\DRIVERS\klwtp.sys [137016 2018-07-30] (AO Kaspersky Lab)
R1 kneps; Z:\Windows\System32\DRIVERS\kneps.sys [168640 2018-02-24] (AO Kaspersky Lab)
S3 mafmouse; Z:\Windows\System32\DRIVERS\mafmouse.sys [6144 2009-08-22] (MAF-Soft) [File not signed]
R3 MTsensor; Z:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 netr28u; Z:\Windows\System32\DRIVERS\netr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
R2 npf; Z:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NvStreamKms; Z:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; Z:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R0 PxHelp20; Z:\Windows\System32\drivers\PxHelp20.sys [46096 2013-09-03] (Corel Corporation)
R0 speedfan; Z:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 tap0901; Z:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R2 trufos; Z:\Windows\System32\drivers\trufos.sys [520816 2018-04-25] (Bitdefender)
R3 VIAHdAudAddService; Z:\Windows\System32\drivers\viahduaa.sys [1102848 2009-10-21] (VIA Technologies, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
R4 IOMap; \??\Z:\Windows\system32\drivers\IOMap.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-08 12:40 - 2018-08-08 12:44 - 000025044 _____ Z:\Users\User\Downloads\FRST.txt
2018-08-08 12:40 - 2018-08-08 12:40 - 000000000 ____D Z:\Users\User\Downloads\FRST-OlderVersion
2018-08-07 23:09 - 2018-08-07 23:09 - 000076121 _____ Z:\Users\User\Downloads\[limetorrents.io]The.Endless..2017..[BluRay].[1080p].[YTS.AM].torrent
2018-08-07 23:09 - 2018-08-07 23:09 - 000000000 ____D Z:\Users\User\AppData\LocalLow\uTorrent
2018-07-31 20:02 - 2018-07-31 20:02 - 034162712 _____ Z:\Users\User\Downloads\Massiv in Mensch - Hamburg.mp4
2018-07-30 16:07 - 2018-07-30 16:07 - 000262144 _____ Z:\Windows\system32\config\elam
2018-07-30 15:32 - 2018-07-30 15:32 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-07-30 15:32 - 2018-07-30 15:31 - 000001160 _____ Z:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-07-30 15:31 - 2018-07-30 15:32 - 000000000 ____D Z:\Program Files\Common Files\AV
2018-07-30 15:29 - 2018-07-30 15:29 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-07-30 15:29 - 2018-07-30 15:28 - 000002015 _____ Z:\Users\Public\Desktop\Kaspersky Free.lnk
2018-07-30 15:26 - 2018-08-01 21:51 - 000000000 ____D Z:\ProgramData\Kaspersky Lab
2018-07-30 15:26 - 2018-07-30 15:30 - 000000000 ____D Z:\Program Files\Kaspersky Lab
2018-07-30 15:25 - 2018-07-30 15:39 - 000875200 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klif.sys
2018-07-30 15:25 - 2018-07-30 15:39 - 000173248 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klflt.sys
2018-07-30 15:25 - 2018-07-30 15:38 - 000659144 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klhk.sys
2018-07-30 15:11 - 2018-07-30 15:11 - 002536320 _____ (Kaspersky Lab) Z:\Users\User\Downloads\startup_14460 (2).exe
2018-07-30 15:11 - 2018-07-30 15:11 - 002536320 _____ (Kaspersky Lab) Z:\Users\User\Downloads\startup_14460 (1).exe
2018-07-29 17:15 - 2018-07-29 17:15 - 000307296 _____ Z:\Windows\Minidump\072918-19734-01.dmp
2018-07-28 12:27 - 2018-07-28 12:27 - 000041632 _____ Z:\Users\User\Downloads\prisoners-english-yify-3289.zip
2018-07-28 00:56 - 2018-07-28 00:56 - 000012283 _____ Z:\Users\User\Downloads\enemy-english-yify-15909.zip
2018-07-25 21:21 - 2018-07-25 21:21 - 002536320 _____ (Kaspersky Lab) Z:\Users\User\Downloads\startup_14460.exe
2018-07-25 20:49 - 2018-07-25 20:49 - 000000000 ____D Z:\ProgramData\bdch
2018-07-25 20:39 - 2018-08-08 12:40 - 000000000 ____D Z:\FRST
2018-07-25 20:34 - 2018-08-08 12:40 - 001773056 _____ (Farbar) Z:\Users\User\Downloads\FRST.exe
2018-07-25 18:54 - 2018-07-25 18:54 - 000028993 _____ Z:\ProgramData\agent.update.1532537647.bdinstall.bin
2018-07-25 18:40 - 2018-07-25 18:40 - 000001148 _____ Z:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2018-07-25 18:40 - 2018-07-25 18:40 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2018-07-25 18:40 - 2018-05-29 05:04 - 000157256 _____ (BitDefender LLC) Z:\Windows\system32\Drivers\gzflt.sys
2018-07-25 18:40 - 2018-04-19 11:15 - 000208216 _____ (BitDefender S.R.L. Bucharest, ROMANIA) Z:\Windows\system32\Drivers\edrsensor.sys
2018-07-25 18:39 - 2018-04-27 06:29 - 001010256 _____ (BitDefender S.R.L. Bucharest, ROMANIA) Z:\Windows\system32\Drivers\atc.sys
2018-07-25 18:39 - 2018-04-19 05:11 - 000126056 _____ (Bitdefender) Z:\Windows\system32\Drivers\bddci.sys
2018-07-25 18:39 - 2018-04-17 11:27 - 001419144 _____ (BitDefender) Z:\Windows\system32\Drivers\avc3.sys
2018-07-25 18:33 - 2018-04-25 05:26 - 000520816 _____ (Bitdefender) Z:\Windows\system32\Drivers\trufos.sys
2018-07-25 18:32 - 2018-08-08 12:44 - 000000000 ____D Z:\Program Files\Bitdefender Antivirus Free
2018-07-25 18:30 - 2018-07-25 18:30 - 000040748 _____ Z:\ProgramData\agent.1532536217.bdinstall.bin
2018-07-25 18:29 - 2018-07-25 18:29 - 009986176 _____ Z:\Users\User\Downloads\bitdefender_online.exe
2018-07-24 20:44 - 2018-07-24 21:02 - 000000000 _____ Z:\Windows\system32\last.dump
2018-07-24 20:42 - 2018-07-24 20:45 - 000000000 ____D Z:\cf951a9866ca0542800cc9b5b3df89d9
2018-07-24 20:34 - 2018-07-24 20:36 - 000000000 ____D Z:\72915a314b0e92c61c0007
2018-07-24 20:28 - 2018-07-24 20:28 - 000000258 __RSH Z:\ProgramData\ntuser.pol
2018-07-24 18:15 - 2018-07-24 18:15 - 076975376 _____ (Malwarebytes ) Z:\Users\User\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6021.exe
2018-07-24 18:15 - 2018-07-24 18:15 - 000000000 ____D Z:\ProgramData\MB2Migration
2018-07-24 17:42 - 2018-07-24 17:42 - 000002457 _____ Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-24 17:42 - 2018-07-24 17:42 - 000002414 _____ Z:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-24 17:36 - 2018-07-25 19:17 - 000000000 ____D Z:\Users\User\AppData\Local\AVAST Software
2018-07-24 17:32 - 2018-07-24 17:32 - 001142072 _____ (Microsoft Corporation) Z:\Windows\ucrtbase.dll
2018-07-24 17:32 - 2018-07-24 17:32 - 000000000 ____D Z:\Program Files\Common Files\AVAST Software
2018-07-24 17:31 - 2018-07-25 19:17 - 000000000 ____D Z:\Program Files\AVAST Software
2018-07-24 17:31 - 2018-07-24 17:31 - 000178320 _____ (AVAST Software) Z:\Users\User\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2018-07-24 17:17 - 2018-07-24 18:10 - 000000000 ____D Z:\Program Files\eFlow
2018-07-24 17:17 - 2018-07-24 17:20 - 000000000 ____D Z:\Program Files\ShutdownTime
2018-07-24 17:15 - 2018-07-25 19:25 - 000000000 ____D Z:\Users\User\AppData\Roaming\Windows Maintenance Service
2018-07-24 17:15 - 2018-07-25 19:23 - 000000000 ____D Z:\Windows\system32\nokmsgaj
2018-07-24 17:14 - 2018-07-24 17:14 - 000000000 ____D Z:\Users\User\AppData\Local\AdvinstAnalytics
2018-07-24 10:21 - 2018-07-29 17:14 - 3757277514 _____ Z:\Windows\MEMORY.DMP
2018-07-24 10:21 - 2018-07-24 10:21 - 000277312 _____ Z:\Windows\Minidump\072418-30591-01.dmp
2018-07-23 01:57 - 2018-07-23 01:57 - 000000000 ____D Z:\Users\User\AppData\Local\CrashRpt
2018-07-22 22:17 - 2018-07-22 22:18 - 000000000 ____D Z:\Program Files\FlashIntegro
2018-07-22 22:17 - 2018-07-22 22:17 - 000001170 _____ Z:\Users\User\Desktop\VSDC Free Video Editor x32.lnk
2018-07-22 22:17 - 2018-07-22 22:17 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2018-07-22 22:17 - 2018-06-20 09:48 - 000065672 _____ (Flash-Integro LLC) Z:\Windows\system32\mslvddsfilter4.ax
2018-07-22 21:49 - 2018-07-22 21:49 - 000000000 ____D Z:\Users\User\AppData\Local\Meltytech
2018-07-22 21:44 - 2018-07-22 21:44 - 000001833 _____ Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2018-07-22 21:42 - 2018-07-22 21:44 - 000000000 ____D Z:\Program Files\Shotcut
2018-07-17 09:26 - 2018-07-17 09:26 - 000000000 ____D Z:\5d9f826d62add7bfd2b8999211f9
2018-07-13 05:20 - 2018-07-13 05:20 - 000000000 ____D Z:\887d240aaf3769d0b9
2018-07-11 11:25 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) Z:\Windows\system32\iedkcs32.dll
2018-07-11 11:25 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) Z:\Windows\system32\mshtml.dll
2018-07-11 11:25 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) Z:\Windows\system32\mshtml.tlb
2018-07-11 11:25 - 2018-06-16 18:19 - 000004096 _____ (Microsoft Corporation) Z:\Windows\system32\ieetwcollectorres.dll
2018-07-11 11:25 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) Z:\Windows\system32\vbscript.dll
2018-07-11 11:25 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) Z:\Windows\system32\iesetup.dll
2018-07-11 11:25 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) Z:\Windows\system32\html.iec
2018-07-11 11:25 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) Z:\Windows\system32\ieetwproxystub.dll
2018-07-11 11:25 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) Z:\Windows\system32\MshtmlDac.dll
2018-07-11 11:25 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) Z:\Windows\system32\iertutil.dll
2018-07-11 11:25 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) Z:\Windows\system32\jsproxy.dll
2018-07-11 11:25 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) Z:\Windows\system32\iernonce.dll
2018-07-11 11:25 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) Z:\Windows\system32\ieui.dll
2018-07-11 11:25 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) Z:\Windows\system32\jscript.dll
2018-07-11 11:25 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) Z:\Windows\system32\ieUnatt.exe
2018-07-11 11:25 - 2018-06-16 17:56 - 000104960 _____ (Microsoft Corporation) Z:\Windows\system32\ieetwcollector.exe
2018-07-11 11:25 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) Z:\Windows\system32\jscript9diag.dll
2018-07-11 11:25 - 2018-06-16 17:49 - 000668160 _____ (Microsoft Corporation) Z:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 11:25 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) Z:\Windows\system32\dxtmsft.dll
2018-07-11 11:25 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) Z:\Windows\system32\tdc.ocx
2018-07-11 11:25 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) Z:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 11:25 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) Z:\Windows\system32\inseng.dll
2018-07-11 11:25 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) Z:\Windows\system32\msrating.dll
2018-07-11 11:25 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) Z:\Windows\system32\mshtmled.dll
2018-07-11 11:25 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) Z:\Windows\system32\dxtrans.dll
2018-07-11 11:25 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) Z:\Windows\system32\occache.dll
2018-07-11 11:25 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) Z:\Windows\system32\jscript9.dll
2018-07-11 11:25 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) Z:\Windows\system32\ieframe.dll
2018-07-11 11:25 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) Z:\Windows\system32\webcheck.dll
2018-07-11 11:25 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) Z:\Windows\system32\msfeeds.dll
2018-07-11 11:25 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) Z:\Windows\system32\inetcpl.cpl
2018-07-11 11:25 - 2018-06-16 17:28 - 000692224 _____ (Microsoft Corporation) Z:\Windows\system32\ie4uinit.exe
2018-07-11 11:25 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) Z:\Windows\system32\mshtmlmedia.dll
2018-07-11 11:25 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) Z:\Windows\system32\wininet.dll
2018-07-11 11:25 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) Z:\Windows\system32\urlmon.dll
2018-07-11 11:25 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) Z:\Windows\system32\ieapfltr.dll
2018-07-11 11:25 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) Z:\Windows\system32\shell32.dll
2018-07-11 11:25 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) Z:\Windows\system32\ExplorerFrame.dll
2018-07-11 11:25 - 2018-06-13 17:25 - 002404352 _____ (Microsoft Corporation) Z:\Windows\system32\win32k.sys
2018-07-11 11:25 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) Z:\Windows\system32\ntkrnlpa.exe
2018-07-11 11:25 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) Z:\Windows\system32\ntoskrnl.exe
2018-07-11 11:25 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) Z:\Windows\system32\halmacpi.dll
2018-07-11 11:25 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) Z:\Windows\system32\hal.dll
2018-07-11 11:25 - 2018-06-08 18:02 - 000137920 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 11:25 - 2018-06-08 18:02 - 000136384 _____ (Microsoft Corporation) Z:\Windows\system32\halacpi.dll
2018-07-11 11:25 - 2018-06-08 18:02 - 000067264 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 11:25 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) Z:\Windows\system32\ntdll.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) Z:\Windows\system32\ole32.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 001063424 _____ (Microsoft Corporation) Z:\Windows\system32\lsasrv.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000872448 _____ (Microsoft Corporation) Z:\Windows\system32\kernel32.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000655360 _____ (Microsoft Corporation) Z:\Windows\system32\rpcrt4.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) Z:\Windows\system32\kerberos.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000400896 _____ (Microsoft Corporation) Z:\Windows\system32\srcore.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000377344 _____ (Microsoft Corporation) Z:\Windows\system32\rpcss.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) Z:\Windows\system32\zipfldr.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000294400 _____ (Microsoft Corporation) Z:\Windows\system32\KernelBase.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) Z:\Windows\system32\msv1_0.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) Z:\Windows\system32\schannel.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) Z:\Windows\system32\ncrypt.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) Z:\Windows\system32\wdigest.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000171008 _____ (Microsoft Corporation) Z:\Windows\system32\winsrv.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) Z:\Windows\system32\msaudite.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) Z:\Windows\system32\rpchttp.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000099840 _____ (Microsoft Corporation) Z:\Windows\system32\sspicli.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) Z:\Windows\system32\TSpkg.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) Z:\Windows\system32\msobjs.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000050176 _____ (Microsoft Corporation) Z:\Windows\system32\setbcdlocale.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) Z:\Windows\system32\srclient.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) Z:\Windows\system32\oleres.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) Z:\Windows\system32\secur32.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) Z:\Windows\system32\adtschema.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) Z:\Windows\system32\advapi32.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) Z:\Windows\system32\dnsapi.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000131584 _____ (Microsoft Corporation) Z:\Windows\system32\dnsrslvr.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000082432 _____ (Microsoft Corporation) Z:\Windows\system32\bcrypt.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) Z:\Windows\system32\appidapi.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000038912 _____ (Microsoft Corporation) Z:\Windows\system32\csrsrv.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) Z:\Windows\system32\credssp.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) Z:\Windows\system32\apisetschema.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) Z:\Windows\system32\comcat.dll
2018-07-11 11:25 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) Z:\Windows\system32\dnscacheugc.exe
2018-07-11 11:25 - 2018-06-08 17:27 - 000097792 _____ (Microsoft Corporation) Z:\Windows\system32\appidpolicyconverter.exe
2018-07-11 11:25 - 2018-06-08 17:27 - 000050688 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\appid.sys
2018-07-11 11:25 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) Z:\Windows\system32\auditpol.exe
2018-07-11 11:25 - 2018-06-08 17:27 - 000029696 _____ (Microsoft Corporation) Z:\Windows\system32\appidsvc.dll
2018-07-11 11:25 - 2018-06-08 17:27 - 000016896 _____ (Microsoft Corporation) Z:\Windows\system32\appidcertstorecheck.exe
2018-07-11 11:25 - 2018-06-08 17:25 - 000271360 _____ (Microsoft Corporation) Z:\Windows\system32\conhost.exe
2018-07-11 11:25 - 2018-06-08 17:24 - 000262656 _____ (Microsoft Corporation) Z:\Windows\system32\rstrui.exe
2018-07-11 11:25 - 2018-06-08 17:24 - 000107008 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\videoprt.sys
2018-07-11 11:25 - 2018-06-08 17:21 - 000226304 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 11:25 - 2018-06-08 17:21 - 000124416 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 11:25 - 2018-06-08 17:21 - 000098304 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 11:25 - 2018-06-08 17:19 - 000069632 _____ (Microsoft Corporation) Z:\Windows\system32\smss.exe
2018-07-11 11:25 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) Z:\Windows\system32\cryptbase.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000022016 _____ (Microsoft Corporation) Z:\Windows\system32\lsass.exe
2018-07-11 11:25 - 2018-06-08 17:19 - 000015872 _____ (Microsoft Corporation) Z:\Windows\system32\sspisrv.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 11:25 - 2018-06-07 17:57 - 000564736 _____ (Microsoft Corporation) Z:\Windows\system32\MPSSVC.dll
2018-07-11 11:25 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) Z:\Windows\system32\FirewallAPI.dll
2018-07-11 11:25 - 2018-06-07 17:57 - 000089088 _____ (Microsoft Corporation) Z:\Windows\system32\icfupgd.dll
2018-07-11 11:25 - 2018-06-07 17:34 - 000060416 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 11:25 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) Z:\Windows\system32\wfapigp.dll
2018-07-11 11:25 - 2018-05-31 17:56 - 001310912 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\tcpip.sys
2018-07-11 11:25 - 2018-05-31 17:56 - 000240832 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\netio.sys
2018-07-11 11:25 - 2018-05-31 17:56 - 000187584 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 11:25 - 2018-05-02 17:30 - 000285184 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbport.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000259584 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbhub.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000076288 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000046592 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbehci.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000024576 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000020480 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbohci.sys
2018-07-11 11:25 - 2018-05-02 17:29 - 000006016 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbd.sys
2018-07-11 11:25 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) Z:\Windows\system32\ucrtbase.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 11:25 - 2018-04-25 17:54 - 000088576 _____ (Microsoft Corporation) Z:\Windows\system32\wkssvc.dll
2018-07-11 11:25 - 2018-04-25 17:17 - 000088576 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\dfsc.sys
2018-07-11 11:24 - 2018-06-13 19:59 - 000122560 _____ (Microsoft Corporation) Z:\Windows\system32\CompatTelRunner.exe
2018-07-11 11:24 - 2018-06-13 17:53 - 000554496 _____ (Microsoft Corporation) Z:\Windows\system32\aeinv.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 002703872 _____ (Microsoft Corporation) Z:\Windows\system32\aitstatic.exe
2018-07-11 11:24 - 2018-06-08 15:05 - 001359360 _____ (Microsoft Corporation) Z:\Windows\system32\appraiser.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000619520 _____ (Microsoft Corporation) Z:\Windows\system32\generaltel.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000517120 _____ (Microsoft Corporation) Z:\Windows\system32\devinv.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000358912 _____ (Microsoft Corporation) Z:\Windows\system32\invagent.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000353792 _____ (Microsoft Corporation) Z:\Windows\system32\centel.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) Z:\Windows\system32\acmigration.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000202752 _____ (Microsoft Corporation) Z:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-08 12:31 - 2010-11-20 23:01 - 000781790 _____ Z:\Windows\system32\PerfStringBackup.INI
2018-08-08 12:31 - 2009-07-14 04:37 - 000000000 ____D Z:\Windows\inf
2018-08-08 12:17 - 2015-01-19 15:25 - 000000000 ____D Z:\ProgramData\Zoom Player
2018-08-08 11:57 - 2009-07-14 06:34 - 000026080 ____H Z:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-08 11:57 - 2009-07-14 06:34 - 000026080 ____H Z:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-08 00:26 - 2015-01-23 00:16 - 000000000 ____D Z:\Program Files\SpeedFan
2018-08-08 00:12 - 2015-01-23 02:37 - 000000000 ____D Z:\Users\User\AppData\Roaming\uTorrent
2018-08-04 22:48 - 2018-04-20 22:08 - 000000000 ____D Z:\Users\User\AppData\Local\Mixxx
2018-08-04 04:55 - 2018-01-26 17:08 - 000000000 ____D Z:\Users\User\AppData\Roaming\MediaMonkey
2018-08-01 21:30 - 2015-01-22 23:38 - 000000000 ____D Z:\ProgramData\NVIDIA
2018-08-01 21:30 - 2009-07-14 06:53 - 000000006 ____H Z:\Windows\Tasks\SA.DAT
2018-08-01 19:30 - 2009-07-14 04:37 - 000000000 ____D Z:\Windows\system32\NDF
2018-07-30 16:04 - 2015-03-02 12:38 - 000000000 ____D Z:\Program Files\CCleaner
2018-07-30 15:39 - 2018-05-16 21:05 - 000075456 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\kldisk.sys
2018-07-30 15:38 - 2018-02-17 02:50 - 000137016 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klwtp.sys
2018-07-29 17:15 - 2016-04-02 22:04 - 000000000 ____D Z:\Windows\Minidump
2018-07-25 20:18 - 2015-09-14 00:46 - 000007680 ___SH Z:\Users\User\Thumbs.db
2018-07-25 19:17 - 2015-07-01 16:27 - 000000000 ____D Z:\ProgramData\AVAST Software
2018-07-25 18:54 - 2017-12-18 17:57 - 000000000 ____D Z:\Program Files\Bitdefender Agent
2018-07-24 21:08 - 2015-07-01 16:25 - 000000000 ____D Z:\ProgramData\Malwarebytes
2018-07-24 20:27 - 2016-06-14 20:40 - 000002186 _____ Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-24 20:27 - 2016-06-14 20:40 - 000002139 _____ Z:\Users\Public\Desktop\Google Chrome.lnk
2018-07-24 20:27 - 2014-11-15 01:03 - 000001052 _____ Z:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-24 20:19 - 2015-02-01 11:48 - 000000000 ____D Z:\Program Files\uniSaLeos
2018-07-24 00:56 - 2009-07-14 04:37 - 000000000 ____D Z:\Windows\rescache
2018-07-23 02:29 - 2016-10-02 23:50 - 000000000 ____D Z:\Users\User\AppData\Roaming\FlashIntegro
2018-07-22 22:18 - 2014-11-15 01:52 - 000000000 ____D Z:\ProgramData\Package Cache
2018-07-22 22:17 - 2016-10-02 23:46 - 000000000 ____D Z:\Program Files\Common Files\FlashIntegro
2018-07-21 17:29 - 2017-07-21 12:59 - 000000404 _____ Z:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-07-13 10:55 - 2018-06-13 10:41 - 000469360 _____ Z:\Windows\system32\FNTCACHE.DAT
2018-07-13 10:52 - 2014-12-17 00:41 - 000000000 ____D Z:\Windows\system32\appraiser
2018-07-12 03:14 - 2014-12-01 06:11 - 000000000 ___RD Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-07-12 03:07 - 2009-07-14 04:37 - 000000000 ____D Z:\Program Files\Common Files\microsoft shared
2018-07-11 11:13 - 2009-07-14 04:04 - 000000478 _____ Z:\Windows\win.ini
2018-07-10 21:33 - 2015-01-23 03:29 - 000842240 _____ (Adobe Systems Incorporated) Z:\Windows\system32\FlashPlayerApp.exe
2018-07-10 21:33 - 2015-01-23 03:29 - 000175104 _____ (Adobe Systems Incorporated) Z:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-10 21:33 - 2015-01-23 03:28 - 000000000 ____D Z:\Windows\system32\Macromed
2018-07-09 13:08 - 2017-12-09 00:04 - 000002085 _____ Z:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk

==================== Files in the root of some directories =======

2015-03-06 23:31 - 2015-03-06 23:31 - 001923888 _____ () Z:\Users\User\Adaware_Installer.exe
2015-03-06 23:29 - 2015-03-06 23:28 - 004800936 _____ (AVG Technologies) Z:\Users\User\avg_free_stb_all_5751p1_177.exe
2015-03-02 12:38 - 2015-03-02 12:38 - 005325696 _____ (Piriform Ltd) Z:\Users\User\ccsetup503.exe
2015-03-28 04:07 - 2015-03-28 04:07 - 002238600 _____ (Microsoft Corporation) Z:\Users\User\DefaultPack.EXE
2015-03-28 04:12 - 2015-03-28 04:12 - 000292184 _____ (Microsoft Corporation) Z:\Users\User\dxwebsetup.exe
2015-04-30 17:50 - 2015-04-30 17:50 - 002503365 _____ (http://www.didsoft.com                                      ) Z:\Users\User\EPS_setup.exe
2015-02-16 03:15 - 2015-02-16 03:15 - 000639912 _____ (Oracle Corporation) Z:\Users\User\jxpiinstall.exe
2017-01-17 00:06 - 2017-01-17 00:06 - 000527423 _____ (                                                            ) Z:\Users\User\Lame_v3.99.3_for_Windows.exe
2015-02-10 09:13 - 2015-02-10 09:13 - 032588028 _____ (Igor Pavlov) Z:\Users\User\renpy-6.18.3-sdk.7z.exe
2015-02-06 09:10 - 2015-02-06 09:10 - 001142128 _____ () Z:\Users\User\SteamSetup.exe
2015-02-28 10:27 - 2015-02-28 10:27 - 001088905 _____ (pendrivelinux.com) Z:\Users\User\Universal-USB-Installer-1.9.5.9.exe
2016-07-02 14:34 - 2016-07-02 14:34 - 000213904 _____ (Microsoft Corporation) Z:\Users\User\vs_community_ENU.exe
2015-03-28 03:27 - 2015-03-28 03:27 - 000061064 _____ () Z:\Users\User\winxpvirtualcdcontrolpanel_21.exe
2016-08-12 20:54 - 2016-08-12 20:54 - 000004608 _____ () Z:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-13 12:21 - 2015-12-13 12:21 - 000000218 _____ () Z:\Users\User\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-05-31 20:51 - 2018-08-08 00:27 - 000192512 _____ () Z:\Users\User\AppData\Local\Temp\sfamcc00001.dll
2018-07-30 20:40 - 2018-07-30 20:40 - 000192512 _____ () Z:\Users\User\AppData\Local\Temp\sfamcc00002.dll
2018-08-01 21:48 - 2018-08-08 00:27 - 000158720 _____ () Z:\Users\User\AppData\Local\Temp\sfareca00001.dll
2018-07-30 20:40 - 2018-07-30 20:40 - 000158720 _____ () Z:\Users\User\AppData\Local\Temp\sfareca00002.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

Z:\Windows\explorer.exe => File is digitally signed
Z:\Windows\system32\winlogon.exe => File is digitally signed
Z:\Windows\system32\wininit.exe => File is digitally signed
Z:\Windows\system32\svchost.exe => File is digitally signed
Z:\Windows\system32\services.exe => File is digitally signed
Z:\Windows\system32\User32.dll => File is digitally signed
Z:\Windows\system32\userinit.exe => File is digitally signed
Z:\Windows\system32\rpcss.dll => File is digitally signed
Z:\Windows\system32\dnsapi.dll => File is digitally signed
Z:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-11 11:44

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
Ran by User (08-08-2018 12:45:25)
Running from Z:\Users\User\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-11-14 23:02:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1473089369-2215227133-162011811-500 - Administrator - Disabled)
Guest (S-1-5-21-1473089369-2215227133-162011811-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1473089369-2215227133-162011811-1002 - Limited - Enabled)
User (S-1-5-21-1473089369-2215227133-162011811-1000 - Administrator - Enabled) => Z:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Kaspersky Free (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Active Directory Authentication Library for SQL Server (x86) (HKLM\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (32 Bit) (HKLM\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM\...\{956E041C-44B4-4D7F-88E3-92882DEC9766}) (Version: 14.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
Application Insights Tools for Visual Studio 2015 (HKLM\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ASUS GPU Tweak (HKLM\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 67.1.664.99 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Avernum Series (HKLM\...\GOGPACKAVERNUM_is1) (Version: 2.0.0.3 - GOG.com)
Azure AD Authentication Connected Service (HKLM\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.12.41 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (HKLM\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Brave (HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Brave) (Version: 0.20.30 - Brave Software)
calibre (HKLM\...\{FDE5EECE-678C-47F7-9E76-6388FF3BC098}) (Version: 3.22.1 - Kovid Goyal)
Canta 1.11 (HKLM\...\Canta) (Version: 1.11 - Chaumet Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CLANNAD Full Voice 1.5 (HKLM\...\{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1) (Version:  - Visual Art's / Key)
Cold Turkey (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 2.0 - Felix Logic)
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
D-Box 2.3 (HKLM\...\{DB4F122C-02CB-4EBB-B283-D22F180EBD84}_is1) (Version:  - Truben)
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
Disk Savvy 10.3.16 (HKLM\...\Disk Savvy) (Version: 10.3.16 - Flexense Computing Systems Ltd.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Driver Easy 5.5.2 (HKLM\...\DriverEasy_is1) (Version: 5.5.2 - Easeware)
Elite Proxy Switcher 1.27 (HKLM\...\Elite Proxy Switcher_is1) (Version:  - hxxp://www.didsoft.com)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Evernote v. 6.2.4 (HKLM\...\{1F000A98-5FF1-11E6-8BF2-0050569584E9}) (Version: 6.2.4.3244 - Evernote Corp.)
Ezvid (HKLM\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.)
f.lux (HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Flux) (Version:  - f.lux Software LLC)
ffdshow v1.3.4533 [2014-09-29] (HKLM\...\ffdshow_is1) (Version: 1.3.4533.0 - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FocalFilter (HKLM\...\{78156F61-016D-402A-9EF9-C2AA253DB22A}) (Version: 0.9.00 - FocalFilter)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Fraps (HKLM\...\Fraps) (Version:  - )
Free ISO Mount (HKLM\...\FreeISOMount) (Version: 1.0 - Media Freeware)
GetDiz (HKLM\...\GetDiz) (Version: 4.9 - Outertech)
Glitchys MES 2.7 (HKLM\...\Glitchy's Model Editing Suite_is1) (Version:  - GeeTards)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPUTweakStreaming (HKLM\...\{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS) Hidden
GPUTweakStreaming (HKLM\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HexEdit (HKLM\...\{083EF76E-0760-4D7A-9508-0B88A3AF1889}) (Version: 4.0.0 - Expert Commercial Software Pty Ltd)
IIS 10.0 Express (HKLM\...\{61F97EA0-3E4D-47E9-90FF-B75C16735DEE}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Infinite HD™ App (HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kaspersky Free (HKLM\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LAV Filters 0.63.0 (HKLM\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Life Is Strange Episode 2 (HKLM\...\Life Is Strange Episode 2_is1) (Version:  - )
Life Is Strange Episode 5 (HKLM\...\Life Is Strange Episode 5_is1) (Version:  - )
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x86) 1.0.0-beta5 (HKLM\...\{2a375a89-9d97-35b7-917d-92f1ea73080d}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM\...\Design_8.0.31217.1) (Version: 8.0.31217.1 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.0.337.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - Slovenian/slovenščina (HKLM\...\Office15.OMUI.sl-si) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{5FC4C5FD-75D0-43D5-B9A5-6FE208D12F7D}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{4B604E42-B6D7-4957-B5A5-CC7450D8E1EB}) (Version: 3.1238.1962 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Mixxx (HKLM\...\{4D0410A1-4119-11E8-AA3A-95F918E40B74}) (Version: 2.1.0.6681 - The Mixxx Development Team) Hidden
Mixxx (HKLM\...\{5a3dc425-6343-443e-bec2-afdd809f66bc}) (Version: 2.1.0.6681 - The Mixxx Development Team)
Movavi Screen Recorder 9 (HKLM\...\Movavi Screen Recorder 9) (Version: 9.3.0 - Movavi)
MSBuild/NuGet Integration 14.0 (x86) (HKLM\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.2.15 (HKLM\...\{6364CB48-2FFE-4205-ABF7-0F94BB50824E}) (Version: 1.2.15 - Thorvald Natvig)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Open XML SDK 2.5 for Microsoft Office (HKLM\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM\...\{1E52C95E-DFE3-4CE1-82F2-1FF39B51916E}) (Version: 4.13.9783 - Apache Software Foundation)
Orodja za preverjanje za Microsoft Office 2013 – slovenščina (HKLM\...\{90150000-001F-0424-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141666}) (Version: 4.0.19 - dotPDN LLC)
PeaZip 5.5.0 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
PreEmptive Analytics Visual Studio Components (HKLM\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Python 3.4.3 (HKLM\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
RaidCall (HKLM\...\RaidCall) (Version: 8.1.8-1.0.3112.146 - raidcall.com.ru)
Roslyn Language Services - x86 (HKLM\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM\...\{7138CC92-123A-393F-BC30-B784794DF4E7}) (Version: 14.0.25421 - Microsoft Corporation) Hidden
RuneScape Launcher 1.2.7 (HKLM\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0100-0424-0000-0000000FF1CE}_Office15.OMUI.sl-si_{B4940E78-35F5-4A93-9313-5C159A19ED0B}) (Version:  - Microsoft)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-0000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shotcut (HKLM\...\Shotcut) (Version:  - )
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.26 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Software Updater (HKLM\...\SoftwareUpdater) (Version: 1.0.0.0 - Software Updater Ltd) <==== ATTENTION
SoulseekQt version 2017.2.20 (HKLM\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steins;Gate version 1.0 (HKLM\...\{2A05A52B-BDD8-4FD5-A65A-687CB10D98DF}_is1) (Version: 1.0 - JAST USA)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (HKLM\...\{C0402801-37B7-30B1-A678-AE3E73E4C4F6}) (Version: 14.98.25331 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (HKLM\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Web Blocker (HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\The Web Blocker) (Version:  - Webstart Studios)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 9.12 - Ghisler Software GmbH)
TrueRTA (HKLM\...\TrueRTA) (Version:  - )
TypeScript Power Tool (HKLM\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM\...\{BDB33BE7-73D0-4C02-A576-78FD17C95A8D}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
Ultima Online Enhanced Client (HKLM\...\Ultima Online Enhanced) (Version:  - Electronic Arts)
Ultra Video Splitter 6.4.1208 (HKLM\...\Ultra Video Splitter_is1) (Version:  - Aone Software)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2015 Update 3 (KB3022398) (HKLM\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (HKLM\...\{5C946395-4D29-3274-A47D-B77D4B10E126}) (Version: 14.0.25421 - Microsoft Corporation) Hidden
vs_update3notification (HKLM\...\{B5BE6171-568A-3657-90CD-A76BEC01F62D}) (Version: 14.0.25421 - Microsoft Corporation) Hidden
VSDC Free Video Editor version 5.8.9.857 (HKLM\...\VSDC Free Video Editor_is1) (Version: 5.8.9.857 - Flash-Integro LLC)
WCF Data Services 5.6.4 Runtime (HKLM\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinCheck (HKLM\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION
WinDirStat 1.1.2 (HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\WinDirStat) (Version:  - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.21 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
Wondershare Filmora(Build 6.8.2) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Workflow Manager Client 1.0 (HKLM\...\{804931D3-4226-413E-8DD7-E240479E9042}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
yEdit2 (HKLM\...\yEdit2_is1) (Version:  - Spacejock Software)
ZetaWord (HKLM\...\ZetaWord) (Version: 1.05 - Zeta Centauri)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 9.5.0 - Inmatrix LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1473089369-2215227133-162011811-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> Z:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-apoctoshape.dll (Octoshape ApS)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => Z:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => Z:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll [2012-01-03] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => Z:\Program Files\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => Z:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2014-11-18] (Foxit Software Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\shellex.dll [2018-07-30] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => Z:\Program Files\WinRAR\rarext.dll [2015-01-22] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\shellex.dll [2018-07-30] (AO Kaspersky Lab)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => Z:\Program Files\File Shredder\fsshell.dll [2012-11-09] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => Z:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\shellex.dll [2018-07-30] (AO Kaspersky Lab)
ContextMenuHandlers4: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => Z:\Program Files\Zoom Player\zpshlext.dll [2008-08-12] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => Z:\Windows\system32\nvshext.dll [2014-07-02] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => Z:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll [2012-01-03] (Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\shellex.dll [2018-07-30] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => Z:\Program Files\WinRAR\rarext.dll [2015-01-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BFA51F1-3DFF-409C-9C14-96E6B799897A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => Z:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {116F2492-681B-4990-B5F3-671B2AC7C116} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => z:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-06-13] (Microsoft Corporation)
Task: {16EED728-8D95-4825-ABD9-85066720BBEB} - System32\Tasks\Driver Easy Scheduled Scan => Z:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2017-06-30] (Easeware)
Task: {2987E0D4-DDA8-4574-8E3C-92A86334AA89} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => Z:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {2AF10B24-2D69-4F7F-A15C-359001C4DC86} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => Z:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-24] (Microsoft Corporation)
Task: {2E24B297-E743-4822-90AF-4F2560419167} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => Z:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2E59095F-7B2C-4E96-B095-4F999EF26283} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => Z:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {3F10220D-ABA7-422E-BD88-B1A074BF5153} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => z:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-06-13] (Microsoft Corporation)
Task: {4C3002CC-F1E9-4476-B288-FA1925FC3EA4} - System32\Tasks\Adobe Acrobat Update Task => Z:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5192C4CF-98E7-4108-891C-848E6732C2E9} - System32\Tasks\AvastUpdateTaskMachineCore => Z:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-07-24] (AVAST Software)
Task: {58A3E81C-C33F-48A8-B187-DB5DC37FD0FC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => Z:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-07-30] (AO Kaspersky Lab)
Task: {6839A2BF-84C2-45FE-8316-E28C6312B220} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => z:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-06-13] (Microsoft)
Task: {70375ABC-D868-4508-BFD6-C612DE131DBA} - System32\Tasks\AvastUpdateTaskMachineUA => Z:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-07-24] (AVAST Software)
Task: {776A323D-0FA8-4883-A56C-C58B4DA4F496} - System32\Tasks\CCleanerSkipUAC => Z:\Program Files\CCleaner\CCleaner.exe [2018-07-24] (Piriform Ltd)
Task: {8590F0CB-74AC-4517-BAC6-22DCDC41238F} - System32\Tasks\CCleaner Update => Z:\Program Files\CCleaner\CCUpdate.exe [2018-07-24] (Piriform Ltd)
Task: {86BBB6F3-2757-4A6A-A8A1-8F9D97374FBB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => Z:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8856A4F8-BE9B-4FBD-ABFA-CB3AD6BC01D7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => z:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-06-13] (Microsoft Corporation)
Task: {887F37C2-011B-40CA-B73C-85C32FF6488A} - System32\Tasks\{B6B3B41A-499B-4469-9A96-6021649523AF} => Z:\Tyrian\tyrian.exe
Task: {8EE3DA34-04DF-43FB-BEF1-D359852C034E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {9A8F76AB-F9DD-47AB-BB6E-AD956AA2DD29} - System32\Tasks\Adobe Flash Player Updater => Z:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {A22D658F-DB2F-482B-862D-A50148D04419} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => z:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-06-13] (Microsoft)
Task: {AE1DCD15-93B4-43D7-9525-EB4D4D0F725D} - System32\Tasks\{436A8D3C-D55D-434C-A852-896C92E9B777} => Z:\Tyrian\tyrian.exe
Task: {AE5EFA53-4F57-4DA5-B1C3-6E1DDAC7AFB9} - System32\Tasks\GoogleUpdateTaskMachineUA => Z:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {CD135407-0AC1-4024-A7DF-009294EB6229} - System32\Tasks\{2D8C303A-B6FD-49AE-88F2-A60F5E045051} => Z:\Cfodder\CFODDER.EXE [1994-09-27] ()
Task: {DB513FC6-F8A7-4EE2-B794-C28D701B7BEA} - System32\Tasks\{24ECD6BB-81B4-4B1A-A986-52CBDB6D0E58} => Z:\Tyrian\tyrian.exe
Task: {E81EAAD7-3443-4FCC-BA8A-40B58C8AB1B9} - System32\Tasks\GoogleUpdateTaskMachineCore => Z:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {EF21A735-F6B8-4979-BFA6-6391FA49EB1E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => z:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-06-13] (Microsoft Corporation)
Task: {F1159D7C-FF9E-4A02-9164-746B3B264FFA} - System32\Tasks\ASUS\ASUS Product Register Service => Z:\Program Files\ASUS\APRP\aprp.exe [2014-03-26] (ASUSTek Computer Inc.)
Task: {F4E597FE-0AB6-4909-AD78-AE8718180E7B} - System32\Tasks\Avast Software\Overseer => Z:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-07-24] (AVAST Software)
Task: {FB67F459-E740-4C12-9837-7F6E544DBF52} - System32\Tasks\CTServiceInstaller => Z:\Program Files\Cold Turkey\\CTServiceInstaller.exe [2016-02-13] (Felix Belzile)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: Z:\Windows\Tasks\Driver Easy Scheduled Scan.job => Z:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-01-17 21:24 - 2012-01-17 21:24 - 000055296 _____ () Z:\Windows\System32\ASGT.exe
2016-02-18 14:37 - 2014-03-02 21:35 - 000075776 _____ () Z:\Program Files\Cold Turkey\PcapDotNet.Core.dll
2018-07-25 18:39 - 2017-11-21 19:55 - 000220096 _____ () Z:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-07-25 18:39 - 2018-06-18 19:15 - 000848208 _____ () Z:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2018-07-25 18:39 - 2018-06-18 19:15 - 000470016 _____ () Z:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2018-07-25 18:39 - 2018-06-18 19:15 - 002652424 _____ () Z:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2018-07-25 18:39 - 2018-06-18 19:15 - 001290856 _____ () Z:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2010-09-13 02:50 - 2010-09-13 02:50 - 000032768 _____ () C:\Program Files\Webstart Studios\Web Blocker\TWBService.exe
2010-09-13 02:55 - 2010-09-13 02:55 - 000024064 _____ () C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe
2015-01-22 23:37 - 2014-07-02 21:42 - 000107992 _____ () Z:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-02-23 09:29 - 2017-02-23 09:29 - 008909512 _____ () Z:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-15 02:40 - 2009-05-08 02:50 - 000073728 _____ () Z:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2014-11-15 02:40 - 2009-05-08 02:53 - 000106496 _____ () Z:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2014-11-15 02:40 - 2008-02-14 23:57 - 000094208 _____ () Z:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2014-11-15 02:40 - 2009-10-28 20:27 - 047628288 _____ () Z:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2018-06-26 06:33 - 2018-06-22 21:04 - 003867480 _____ () Z:\Program Files\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 06:33 - 2018-06-22 21:04 - 000085848 _____ () Z:\Program Files\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-08-01 21:48 - 2018-08-08 00:27 - 000158720 _____ () Z:\Users\User\AppData\Local\Temp\sfareca00001.dll
2018-05-31 20:51 - 2018-08-08 00:27 - 000192512 _____ () Z:\Users\User\AppData\Local\Temp\sfamcc00001.dll
2014-11-15 01:06 - 2014-05-10 21:56 - 009242960 _____ () Z:\Users\User\Desktop\Scrivener\Scrivener.exe
2014-11-15 01:06 - 2011-11-07 09:47 - 010843136 _____ () Z:\Users\User\Desktop\Scrivener\QtWebKit4.dll
2014-11-15 01:06 - 2011-11-07 09:08 - 000266752 _____ () Z:\Users\User\Desktop\Scrivener\phonon4.dll
2014-11-15 01:06 - 2011-11-07 09:02 - 008373248 _____ () Z:\Users\User\Desktop\Scrivener\QtGui4.dll
2014-11-15 01:06 - 2011-11-07 08:55 - 002293248 _____ () Z:\Users\User\Desktop\Scrivener\QtCore4.dll
2014-11-15 01:06 - 2011-11-07 08:56 - 000836096 _____ () Z:\Users\User\Desktop\Scrivener\QtNetwork4.dll
2014-11-15 01:06 - 2011-11-07 08:56 - 000591360 _____ () Z:\Users\User\Desktop\Scrivener\QtSql4.dll
2014-11-15 01:06 - 2011-11-07 08:55 - 000339968 _____ () Z:\Users\User\Desktop\Scrivener\QtXml4.dll
2014-11-15 01:06 - 2011-08-23 01:04 - 000026624 _____ () Z:\Users\User\Desktop\Scrivener\imageformats\qgif4.dll
2014-11-15 01:06 - 2011-08-23 01:05 - 000028672 _____ () Z:\Users\User\Desktop\Scrivener\imageformats\qico4.dll
2014-11-15 01:06 - 2011-08-23 01:04 - 000196608 _____ () Z:\Users\User\Desktop\Scrivener\imageformats\qjpeg4.dll
2014-11-15 01:06 - 2011-08-23 01:04 - 000220672 _____ () Z:\Users\User\Desktop\Scrivener\imageformats\qmng4.dll
2014-11-15 01:06 - 2011-08-23 01:05 - 000284672 _____ () Z:\Users\User\Desktop\Scrivener\imageformats\qtiff4.dll
2014-11-15 01:06 - 2011-08-23 01:04 - 000141824 _____ () Z:\Users\User\Desktop\Scrivener\codecs\qcncodecs4.dll
2014-11-15 01:06 - 2011-08-23 01:04 - 000167936 _____ () Z:\Users\User\Desktop\Scrivener\codecs\qjpcodecs4.dll
2014-11-15 01:06 - 2011-08-23 01:04 - 000077824 _____ () Z:\Users\User\Desktop\Scrivener\codecs\qkrcodecs4.dll
2014-11-15 01:06 - 2011-08-23 01:04 - 000155136 _____ () Z:\Users\User\Desktop\Scrivener\codecs\qtwcodecs4.dll
2014-11-15 01:06 - 2002-12-20 16:41 - 001364823 _____ () Z:\Users\User\Desktop\Scrivener\Aspell\bin\aspell-15.dll
2015-07-21 13:12 - 2015-07-21 13:12 - 000194728 _____ () Z:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: Z:\Windows\system32\config\systemprofile:.repos [6214188]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HomeGuard AMC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasementDuster => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HomeGuard AMC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2018-08-05 22:37 - 004195369 _____ Z:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
10.20.30.42    chaturbate.com
10.20.30.42    www.chaturbate.com
10.20.30.42    discordapp.com
10.20.30.42    www.discordapp.com
10.20.30.42    facebook.com
10.20.30.42    www.facebook.com
10.20.30.42    gab.ai
10.20.30.42    www.gab.ai
10.20.30.42    minds.com
10.20.30.42    www.minds.com
10.20.30.42    pornhub.com
10.20.30.42    www.pornhub.com
10.20.30.42    reddit.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1473089369-2215227133-162011811-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: Z:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FocalFilterHelper.lnk => Z:\Windows\pss\FocalFilterHelper.lnk.CommonStartup
MSCONFIG\startupfolder: Z:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => Z:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: Z:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => Z:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "Z:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "Z:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "Z:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: Octoshape Streaming Services => "Z:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: PCSpeedUp => Z:\Program Files\PC Speed Up\PCSUNotifier.exe
MSCONFIG\startupreg: RaidCall => Z:\Program Files\RaidCall.RU\raidcall.exe
MSCONFIG\startupreg: ShadowPlay => Z:\Windows\system32\rundll32.exe Z:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "Z:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "Z:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "Z:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => Z:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2A519CC3-FB5F-4163-B2FC-5759763A3DF0}] => (Allow) Z:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B10AAE7C-FD98-440C-B2B6-2B09D9B297FE}] => (Allow) Z:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0657E65-33A8-4BE5-AC99-D67F708B3E88}] => (Allow) Z:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{38B36138-AFFE-4815-8222-C067679876DA}] => (Allow) Z:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BA594575-9B6E-41D0-9B52-FBABF4CC769C}] => (Allow) Z:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F0C3DA4D-380F-45F2-AFDA-CD000BFB1E42}] => (Allow) Z:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{F5581006-BC0A-4726-9534-34523158D73D}] => (Allow) Z:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{5242612F-7BDA-435F-A2FB-8896A5AA49FD}] => (Allow) Z:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{C25A7046-2B53-410C-BBCD-19A63EEABCF0}] => (Allow) Z:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{76B4D06F-6E6C-46ED-9CC1-0A5ACC7713F4}] => (Allow) Z:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{1826565D-13FA-4689-BB81-5914CA96B86C}] => (Allow) Z:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{3AE83343-F159-4F06-9845-DA78DB644105}] => (Allow) Z:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B96FF7C2-57EB-4396-8FC0-6E62CFB9D3BC}] => (Allow) Z:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BB5416CF-88E5-4F15-9E32-FD949856ECB6}] => (Allow) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4E870385-C300-40FF-B730-8DF808DFAEB3}] => (Allow) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EE786235-27AE-492B-880B-FB070B7E9D3E}] => (Allow) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1070D154-53CC-46B2-A62D-7F71C5E1BD4C}] => (Allow) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E071CC13-AF0C-4DCB-9D57-06F468AED63B}] => (Allow) Z:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B0E4A1EF-1D5B-48F1-83E7-74208D062107}] => (Allow) Z:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33F519E2-B19F-47D2-BC0A-F51729435B46}] => (Allow) Z:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C481FD80-B789-48CC-B725-F28B5D1FD632}] => (Allow) Z:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{19BB48C0-37C3-4FA9-9E75-38D140584D30}C:\program files\mirc\mirc.exe] => (Allow) C:\program files\mirc\mirc.exe
FirewallRules: [UDP Query User{33428395-F126-4600-87D2-D42A5036DDE1}C:\program files\mirc\mirc.exe] => (Allow) C:\program files\mirc\mirc.exe
FirewallRules: [TCP Query User{4CACBA87-2603-4A47-9493-F40926895491}C:\program files\mirc\mirc.exe] => (Allow) C:\program files\mirc\mirc.exe
FirewallRules: [UDP Query User{EC0055EE-BCCB-4D46-AF6C-A57CE1825DDF}C:\program files\mirc\mirc.exe] => (Allow) C:\program files\mirc\mirc.exe
FirewallRules: [{5EB70ACB-B194-4837-83D4-B69D751AF86D}] => (Allow) Z:\Program Files\Steam\Steam.exe
FirewallRules: [{5618E846-630B-4FBE-BB1B-869A31D3097B}] => (Allow) Z:\Program Files\Steam\Steam.exe
FirewallRules: [{D4976D52-2007-43C3-8180-DB29A4247E1A}] => (Allow) Z:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{0CFEEBAE-8736-40DD-B304-74DCA1F920B5}] => (Allow) Z:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{68AE063B-EED6-453F-A240-76BDA77E9378}] => (Allow) Z:\Program Files\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{A30C4142-CE06-47DE-98D5-67CCA9AEE059}] => (Allow) Z:\Program Files\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [TCP Query User{D190FDD1-C776-4681-9679-692D35D2CA20}Z:\nudeljci\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe] => (Block) Z:\nudeljci\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe
FirewallRules: [UDP Query User{3F0CF163-FFA6-4885-AF16-0A0A35616B20}Z:\nudeljci\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe] => (Block) Z:\nudeljci\world of warcraft 1.12\wow-x.x.x.x-4.0.0.12911-downloader.exe
FirewallRules: [{A38641B8-8A43-44F7-96E3-62FA30103308}] => (Allow) Z:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{14CE99A6-5247-4D19-B125-AA961A27A2D3}] => (Allow) Z:\Users\User\AppData\Local\Temp\nsyDF8A.tmp\CnetInstaller-76060148.exe
FirewallRules: [{9F1FE7E6-90BB-448B-B101-2532F1F0D7FE}] => (Allow) Z:\Users\User\AppData\Local\Temp\nsyDF8A.tmp\CnetInstaller-76060148.exe
FirewallRules: [{C98F89DF-1B8D-4E72-A0A0-CD1CFBE4C7C9}] => (Allow) Z:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{29A8D645-8985-4560-9867-D29FD54342C4}] => (Allow) Z:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{781A8DDF-E7B1-47B4-98AF-03ED4836755D}] => (Allow) Z:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0F80BC1-60EE-4AD6-9D1B-447E470AD66B}] => (Allow) Z:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{12C5F336-8597-4193-B6D0-24B42A744C44}] => (Allow) Z:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{8DFE2223-A539-4C45-9DB6-3A56D5188160}] => (Allow) Z:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [TCP Query User{FBEE6169-9350-44B6-8D67-A52586430506}Z:\program files\java\jre1.8.0_31\bin\java.exe] => (Allow) Z:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [UDP Query User{CB19FE3B-D028-4C80-B822-0D8364391DD6}Z:\program files\java\jre1.8.0_31\bin\java.exe] => (Allow) Z:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [{5B19A298-9472-4426-BDB1-EEEC964B33E0}] => (Block) Z:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [{5978E8D4-2703-46FE-8DB9-9B2EFEC3872D}] => (Block) Z:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [TCP Query User{C3107CDE-9BEC-411C-836B-8FCDA29CDBAC}C:\program files\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\program files\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [UDP Query User{7952D59D-6BAB-4F74-B734-49530FB4867F}C:\program files\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\program files\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [{388C7B72-CEA5-48A1-92EA-102497A55D80}] => (Block) C:\program files\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [{7BABA439-E3D0-4605-83BA-A49304274B90}] => (Block) C:\program files\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [TCP Query User{C935ED20-CEAC-4AD1-B9B4-E9667C37E1C0}Z:\program files\mirc\mirc.exe] => (Allow) Z:\program files\mirc\mirc.exe
FirewallRules: [UDP Query User{ACB05375-BB1B-469B-8C78-1EE8EE49C27C}Z:\program files\mirc\mirc.exe] => (Allow) Z:\program files\mirc\mirc.exe
FirewallRules: [{C21B11E2-F0F1-49FB-955C-36926395DC2F}] => (Block) Z:\program files\mirc\mirc.exe
FirewallRules: [{5350BC67-0ED0-41CB-83E6-90E6D0D0B6C2}] => (Block) Z:\program files\mirc\mirc.exe
FirewallRules: [{1E464036-009C-4E3E-8950-CD7CCD01BE17}] => (Allow) Z:\Users\User\AppData\Local\Temp\nsj5277.tmp\Installer-75846877.exe
FirewallRules: [{0651CADC-89E2-4204-ABBC-25CBDB36EC4C}] => (Allow) Z:\Users\User\AppData\Local\Temp\nsj5277.tmp\Installer-75846877.exe
FirewallRules: [TCP Query User{E7DEF847-A348-461B-8F95-26684D7D1B4A}Z:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) Z:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{26B931BD-24F6-46E4-81B0-863FB6E81E04}Z:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) Z:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{EC0FEC95-6B2D-4A08-A253-6F6E28F4FCC3}] => (Block) Z:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{87C92344-92BB-43FF-89DF-9465CED3EE64}] => (Block) Z:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{94872C8E-7922-4CC2-B88E-BED9849D5FF0}] => (Block) Z:\Program Files\Life Is Strange Episode 5\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F149CB9B-8822-4BBD-810B-A0B011ED4C4F}] => (Allow) Z:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1920A75-3E25-4B6D-BBE7-F60C26869306}] => (Allow) Z:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A263DBBD-CDB0-453F-974C-DE5156256DCB}] => (Allow) Z:\Program Files\RaidCall.RU\rcplugin.exe
FirewallRules: [{DB7FEF23-2FBE-4FD1-A7DA-F120CA9A09D5}] => (Allow) Z:\Program Files\RaidCall.RU\rcplugin.exe
FirewallRules: [{318D8511-B540-45D1-9A63-F061BFBC91B3}] => (Allow) Z:\Program Files\Andy\andy.exe
FirewallRules: [{7DCCE04E-6D76-49EC-A663-F57E4FBF8874}] => (Allow) Z:\Program Files\Andy\andy.exe
FirewallRules: [{E5353F20-1FD1-4F8C-9D7A-1C50D6583DA0}] => (Allow) Z:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{33EC7E33-AAE8-4833-A906-525B8606B282}] => (Allow) Z:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{ED7629AA-86C2-40CA-B586-A9E6C26A39CB}] => (Allow) Z:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{93A33254-364C-46F6-A809-009DD72B6D7E}] => (Allow) Z:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{94AAD2C1-A1D1-492A-A45A-87DCA674CF96}] => (Allow) Z:\Users\User\AppData\Local\Temp\Setup.exe
FirewallRules: [{644837AF-218F-4374-A1A1-F1CE890C2D2D}] => (Allow) Z:\Users\User\AppData\Local\Temp\Setup.exe
FirewallRules: [{1E7DA342-4897-4C8B-838F-41AFB6212663}] => (Allow) Z:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{2CCE4804-3AAC-4142-A965-D50A3E641BDA}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{F2BCCCD3-AF91-49F3-A681-BC0665A34009}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{83107039-50ED-4B23-95FD-76E56F52F5B7}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{0D46C2C8-D3A0-4CDE-B336-78F5CBBC14EE}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{3F2B9E4A-F1A6-4D85-9DBA-2843215F2906}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{6454C945-7539-4A3F-B171-E46289C111EB}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{C7DFF100-91C8-412C-B0E7-B819CE138AED}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [TCP Query User{BBFB7650-006E-49BA-B93C-5B2F846A4CCF}Z:\program files\heroes of the storm\versions\base49278\heroesofthestorm.exe] => (Allow) Z:\program files\heroes of the storm\versions\base49278\heroesofthestorm.exe
FirewallRules: [UDP Query User{BB7B90F6-B142-465B-B64B-16F401D7AFCF}Z:\program files\heroes of the storm\versions\base49278\heroesofthestorm.exe] => (Allow) Z:\program files\heroes of the storm\versions\base49278\heroesofthestorm.exe
FirewallRules: [{F17BA89E-B85E-4B06-A4B0-F246DF15D5B4}] => (Block) Z:\program files\heroes of the storm\versions\base49278\heroesofthestorm.exe
FirewallRules: [{C8BD7193-346F-45EE-B2E3-0E2C2BD23D59}] => (Block) Z:\program files\heroes of the storm\versions\base49278\heroesofthestorm.exe
FirewallRules: [TCP Query User{0E503608-877B-4964-99C2-18CA0034F80F}Z:\program files\soulseekqt\soulseekqt.exe] => (Allow) Z:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{5B0AF6FA-FB4B-4F2C-B93A-E8F5CF1AA0BE}Z:\program files\soulseekqt\soulseekqt.exe] => (Allow) Z:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{EA755F98-A6F3-4F42-9E82-F0308FCD221B}] => (Block) Z:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{CB3B9BA4-776A-49E2-8508-C7CF800C613E}] => (Block) Z:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{5CC8E2F8-40F2-4BD3-969F-53E865A36941}] => (Allow) Z:\Program Files\Easeware\DriverEasy\DriverEasy.exe
FirewallRules: [{54A71429-D4EC-47DA-9742-90CF6452FDFD}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015 (32 Bit)\Photoshop.exe
FirewallRules: [TCP Query User{3634A37A-2885-4502-B623-D313C4249B3E}Z:\program files\mediamonkey\mediamonkey.exe] => (Block) Z:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{A35631C4-C47A-4FFE-8D8E-A1EA146F6F0B}Z:\program files\mediamonkey\mediamonkey.exe] => (Block) Z:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{C4317ED8-449A-4E8F-BE49-786AD68A44DC}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{695798AF-14ED-4300-871A-527750DFB941}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [{3697E6BD-FF3E-4AE8-A6AF-558A8C02A503}] => (Allow) Z:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{8F02E943-6578-42B1-8C78-D4DA3FB86FED}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{3598A336-9BB2-4141-9625-D2097234074A}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{F1123961-1AD8-4DB5-B57F-C9E25F67FD38}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{1FE3A288-27DA-4A35-A740-981C63A75270}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{52FA0D0E-8147-4AD6-98EF-5A11432CDC11}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{9ECD0DAC-15A0-4A3B-9E81-C88DE4CDCF7D}] => (Allow) Z:\Program Files\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{F1782A51-F4DB-4A67-9CA8-E23ADADB4CE2}] => (Allow) Z:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{29A6DEAA-C794-49C8-BD90-F2578246735F}] => (Allow) Z:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{67BDA89F-A825-44D9-AD6C-02607AFC12DE}] => (Allow) Z:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Restore Points =========================

26-06-2018 08:58:15 Scheduled Checkpoint
03-07-2018 10:38:37 Scheduled Checkpoint
11-07-2018 11:03:40 Windows Update
12-07-2018 03:00:44 Windows Update
22-07-2018 22:18:16 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2018 12:36:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/08/2018 12:14:35 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "Z:\Windows\system32\conhost.exe".Error in manifest or policy file "Z:\Windows\system32\conhost.exe" on line 0.
Invalid Xml syntax.

Error: (08/07/2018 10:04:37 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/07/2018 09:57:48 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/06/2018 01:27:36 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/05/2018 02:50:03 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/04/2018 01:06:40 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/03/2018 01:21:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (08/07/2018 08:43:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/07/2018 02:30:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/07/2018 02:16:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/07/2018 09:54:02 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AD4AF727-1106-4BC3-83DC-2B9BE3B69EC1} because another computer on the network has the same name.  The server could not start.

Error: (08/06/2018 04:28:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (08/03/2018 08:08:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.

Error: (08/02/2018 08:14:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/01/2018 09:37:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.


Windows Defender:
===================================
Date: 2017-07-18 08:05:52.730
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Foxiebro&threatid=235004
Name:BrowserModifier:Win32/Foxiebro
ID:235004
Severity:High
Category:Browser Modifier
Path Found:file:z:\program files\outrageous deal\7za.exe;file:z:\program files\outrageous deal\Extensions\dccgckgdpfibnfhlblhkfebejelgfool.crx;file:z:\program files\outrageous deal\Extensions\{603e7ffb-43ec-48e6-ad82-08c42b81a913}.xpi;file:z:\program files\outrageous deal\Uninstaller.exe;folder:z:\program files\outrageous deal\;folder:z:\program files\outrageous deal\Extensions;regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Outrageous Deal;regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cfd32d46-7d3f-483f-bace-7172aec5592d};uninstall:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Outrageous Deal;uninstall:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cfd32d46-7d3f-483f-bace-7172aec5592d}
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:z:\program files\windows defender\MpCmdRun.exe

Date: 2016-10-07 12:18:29.505
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994
Name:SettingsModifier:Win32/PossibleHostsFileHijack
ID:14994
Severity:Medium
Category:Settings Modifier
Path Found:file:Z:\Windows\system32\drivers\etc\hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2016-10-06 08:51:06.350
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994
Name:SettingsModifier:Win32/PossibleHostsFileHijack
ID:14994
Severity:Medium
Category:Settings Modifier
Path Found:file:Z:\Windows\system32\drivers\etc\hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2016-10-05 11:14:28.084
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994
Name:SettingsModifier:Win32/PossibleHostsFileHijack
ID:14994
Severity:Medium
Category:Settings Modifier
Path Found:file:Z:\Windows\system32\drivers\etc\hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2002-01-01 00:05:43.807
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994
Name:SettingsModifier:Win32/PossibleHostsFileHijack
ID:14994
Severity:Medium
Category:Settings Modifier
Path Found:file:Z:\Windows\system32\drivers\etc\hosts
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 71%
Total physical RAM: 3583.18 MB
Available physical RAM: 1029.52 MB
Total Virtual: 7464.71 MB
Available Virtual: 3560.23 MB

==================== Drives ================================

Drive c: (C) (Fixed) (Total:37.25 GB) (Free:2.85 GB) FAT32 ==>[drive with boot components (obtained from BCD)]
Drive l: (Elements) (Fixed) (Total:2794.52 GB) (Free:2036.46 GB) NTFS
Drive z: (New Volume) (Fixed) (Total:558.91 GB) (Free:69.16 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 8FE48FE4)
Partition 1: (Active) - (Size=37.3 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.

==================== End of Addition.txt ============================

Edited by random3986xo, 08 August 2018 - 06:09 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 08 August 2018 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Do you know what this does?
If not please upload the file in bold to Virus Total.
https://www.virustotal.com/#/home/upload
(Microsoft Corporation) L:\891667eefbff1a8357f0\Setup.exe
If found to be malware delete it.
<<<>>>

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
WinCheck (HKLM\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION
<<<>>>

This fix will remove Stylish.
FF Extension: (Stylish) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-09-03] [Legacy]

Read the remarks on this page.
https://www.systemlookup.com/FF_Extensions/160.html
I remove it and installed Stylus which is working well.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Run: [GoogleChromeAutoLaunch_CD98D86ACC9F07A51EA009EAF98C1911] => Z:\Program Files\Google\Chrome\Application\chrome.exe [1458008 2018-06-22] (Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180621__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
FF Homepage: Mozilla\Firefox\Profiles\5uf4tpad.default -> file:///Z:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\5uf4tpad.default -> file:///Z:/ProgramData/Quoteexs/ff.NT
FF Extension: (Stylish) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-09-03] [Legacy]
FF Extension: (No Name) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{603e7ffb-43ec-48e6-ad82-08c42b81a913}.xpi [2018-07-30] [not signed]
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
FirewallRules: [{F0C3DA4D-380F-45F2-AFDA-CD000BFB1E42}] => (Allow) Z:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{F5581006-BC0A-4726-9534-34523158D73D}] => (Allow) Z:\Windows\AutoKMS\AutoKMS.exe
Z:\Windows\AutoKMS

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 random3986xo

random3986xo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 08 August 2018 - 02:57 PM

The problem persists. Doing nothing, the CPU temperature is ~57 degrees, but if I start downloading a torrent and playing a movie, it shoots up to 75 and eventually reaches 80. Overall performance slows down as well.

 

The room I'm in right now is rather warm, but it's not warm enough to justify what's happening.

 

I'd really appreciate any further advice.

 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
Ran by User (08-08-2018 21:10:53) Run:1
Running from Z:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Run: [GoogleChromeAutoLaunch_CD98D86ACC9F07A51EA009EAF98C1911] => Z:\Program Files\Google\Chrome\Application\chrome.exe [1458008 2018-06-22] (Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180621__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
FF Homepage: Mozilla\Firefox\Profiles\5uf4tpad.default -> file:///Z:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\5uf4tpad.default -> file:///Z:/ProgramData/Quoteexs/ff.NT
FF Extension: (Stylish) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-09-03] [Legacy]
FF Extension: (No Name) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{603e7ffb-43ec-48e6-ad82-08c42b81a913}.xpi [2018-07-30] [not signed]
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
FirewallRules: [{F0C3DA4D-380F-45F2-AFDA-CD000BFB1E42}] => (Allow) Z:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [{F5581006-BC0A-4726-9534-34523158D73D}] => (Allow) Z:\Windows\AutoKMS\AutoKMS.exe
Z:\Windows\AutoKMS

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1473089369-2215227133-162011811-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CD98D86ACC9F07A51EA009EAF98C1911" => removed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully.
"HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully.
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => not found
"HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => removed successfully.
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found
"HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully.
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => not found
"Firefox homepage" => removed successfully.
"Firefox newtab" => removed successfully.
Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi => moved successfully
Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi => path removed successfully.
Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{603e7ffb-43ec-48e6-ad82-08c42b81a913}.xpi => moved successfully
"Chrome DefaultSearchURL" => removed successfully.
"Chrome DefaultSearchKeyword" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0C3DA4D-380F-45F2-AFDA-CD000BFB1E42}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5581006-BC0A-4726-9534-34523158D73D}" => removed successfully.
Z:\Windows\AutoKMS => moved successfully


The system needed a reboot.

==== End of Fixlog 21:14:20 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 09 August 2018 - 07:04 AM

Hi,

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Run the Farbar program and scan the computer.
Post a fresh FRST.txt log for my review.

#5 random3986xo

random3986xo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 August 2018 - 04:25 PM

Right, as far as I can tell, the issue has been solved. Thank you so much for your help!

 

Are there any other steps you'd recommend just in case?

 

Here are the logs:

 

ReportRogue.txt

RogueKiller V12.12.30.0 [Aug  6 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Administrator]
Started from : Z:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 08/09/2018 20:06:03 (Duration : 02:04:37)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 79 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} (%ProgramFiles%\Windows Photo Viewer\PhotoAcq.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (Z:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} (Z:\Program Files\PC Speed Up\PCSUHelper.dll) -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\AIM Toolbar -> Found
[PUP.Conduit|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Conduit -> Found
[PUP.ModGoog|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\GlobalUpdate -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\IGS -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Found
[PUP.OnlineIO] HKEY_LOCAL_MACHINE\Software\Microleaves -> Found
[PUP.SearchProtect|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SearchProtect -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SpeedBit -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SupDp -> Found
[PUP.SpeedUpMyPc|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Uniblue -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{12A61307-94CD-4F8E-94BC-918E511FAA81} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> Found
[PUP.Auslogics] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\Auslogics -> Found
[PUP.Conduit|PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\Conduit -> Found
[PUP.DefaultTab|PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\DefaultTab -> Found
[PUP.DllFiles] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\dll-files.com -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\EBoN -> Found
[PUP.ModGoog|PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\globalUpdate -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\InstalledBrowserExtensions -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\Optimizer Pro -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\ProgSense -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\Softonic -> Found
[PUP.SysTweak|PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\Systweak -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\YahooPartnerToolbar -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\APN PIP -> Found
[PUP.ModGoog|PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\globalUpdate -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\InstalledBrowserExtensions -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\Kromtech -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\Linkey -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\SimplyTech -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\WebApp -> Found
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\AppDataLow\AskBarDis -> Found
[PUP.Gen1] HKEY_USERS\RK_Administrator_ON_C_C55F\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_USERS\RK_LocalService_ON_C_B25F\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_USERS\RK_NetworkService_ON_C_F127\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\AppDataLow\Software\adawarebp -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey -> Found
[PUP.SearchProtect|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect -> Found
[PUP.SoftwareUpdater|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SU -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wincheck -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Found
[PUP.Gen0|PUP.Gen1] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet001\Services\ASKService (C:\Program Files\AskBarDis\bar\bin\AskService.exe) -> Found
[PUP.Gen0|PUP.Gen1] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet001\Services\ASKUpgrade (C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe) -> Found
[PUP.Gen0|PUP.Gen1] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet002\Services\ASKService (C:\Program Files\AskBarDis\bar\bin\AskService.exe) -> Found
[PUP.Gen0|PUP.Gen1] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet002\Services\ASKUpgrade (C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe) -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet002\Services\BACKUPSTACK -> Found
[PUP.Gen0|PUP.Gen1] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet003\Services\ASKService (C:\Program Files\AskBarDis\bar\bin\AskService.exe) -> Found
[PUP.Gen0|PUP.Gen1] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet003\Services\ASKUpgrade (C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe) -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\RK_System_ON_C_FB3A\ControlSet003\Services\BackupStack -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-1473089369-2215227133-162011811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL :   -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {14CE99A6-5247-4D19-B125-AA961A27A2D3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Users\User\AppData\Local\Temp\nsyDF8A.tmp\CnetInstaller-76060148.exe|Name=proinstaller2073747485| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F1FE7E6-90BB-448B-B101-2532F1F0D7FE} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=Z:\Users\User\AppData\Local\Temp\nsyDF8A.tmp\CnetInstaller-76060148.exe|Name=proinstaller2073747485| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1E464036-009C-4E3E-8950-CD7CCD01BE17} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=Z:\Users\User\AppData\Local\Temp\nsj5277.tmp\Installer-75846877.exe|Name=proinstaller418024435| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0651CADC-89E2-4204-ABBC-25CBDB36EC4C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Users\User\AppData\Local\Temp\nsj5277.tmp\Installer-75846877.exe|Name=proinstaller418024435| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {94AAD2C1-A1D1-492A-A45A-87DCA674CF96} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=Z:\Users\User\AppData\Local\Temp\Setup.exe|Name=AndySetupIn| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {644837AF-218F-4374-A1A1-F1CE890C2D2D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Users\User\AppData\Local\Temp\Setup.exe|Name=AndySetupOut| [x] -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5CC8E2F8-40F2-4BD3-969F-53E865A36941} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| [7] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {14CE99A6-5247-4D19-B125-AA961A27A2D3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Users\User\AppData\Local\Temp\nsyDF8A.tmp\CnetInstaller-76060148.exe|Name=proinstaller2073747485| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9F1FE7E6-90BB-448B-B101-2532F1F0D7FE} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=Z:\Users\User\AppData\Local\Temp\nsyDF8A.tmp\CnetInstaller-76060148.exe|Name=proinstaller2073747485| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1E464036-009C-4E3E-8950-CD7CCD01BE17} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=Z:\Users\User\AppData\Local\Temp\nsj5277.tmp\Installer-75846877.exe|Name=proinstaller418024435| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0651CADC-89E2-4204-ABBC-25CBDB36EC4C} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Users\User\AppData\Local\Temp\nsj5277.tmp\Installer-75846877.exe|Name=proinstaller418024435| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {94AAD2C1-A1D1-492A-A45A-87DCA674CF96} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=Z:\Users\User\AppData\Local\Temp\Setup.exe|Name=AndySetupIn| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {644837AF-218F-4374-A1A1-F1CE890C2D2D} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Users\User\AppData\Local\Temp\Setup.exe|Name=AndySetupOut| [x] -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5CC8E2F8-40F2-4BD3-969F-53E865A36941} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=Z:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| [7] -> Found
[PUM.Desktop] HKEY_LOCAL_MACHINE\RK_Software_ON_C_6700\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 33 ¤¤¤
[PUP.Gen1][Folder] Z:\Users\User\AppData\Roaming\Easeware -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44428\utorrentie.exe -> Found
[PUP.uTorrentAds][File] Z:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe -> Found
[PUP.OnlineIO][Folder] Z:\Users\User\AppData\Local\AdvinstAnalytics -> Found
[PUP.Gen1][File] Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk [LNK@] Z:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found
[PUP.Gen1][File] Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Uninstall Driver Easy.lnk [LNK@] Z:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Found
[PUP.Gen1][Folder] Z:\Program Files\Easeware -> Found
[PUP.Gen1][Folder] Z:\Program Files\PC Speed Up -> Found
[Adw.Wizzcaster][Folder] Z:\Program Files\ShutdownTime -> Found
[PUP.Gen1][Folder] Z:\Program Files\TampaGeneration -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUM.NewTab][Firefox:Config] 5uf4tpad.default : user_pref("browser.newtab.url", "file:///Z:/ProgramData/Quoteexs/ff.NT"); -> Found
[PUM.SearchEngine][Firefox:Config] 5uf4tpad.default : user_pref("browser.search.selectedEngine", "Yahoo! Search Engine"); -> Found
[PUM.SearchEngine][Firefox:Config] 5uf4tpad.default : user_pref("browser.search.defaultenginename", "Yahoo! Search Engine"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-00A7B0 ATA Device +++++
--- User ---
[MBR] adeee6d1b35fb60654dcbccd50d022d7
[BSP] 2bb35ad98f60d5532ff5255094d6c838 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 38154 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 78140160 | Size: 572323 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic 2.0 Reader    -0 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic 2.0 Reader    -1 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic 2.0 Reader    -2 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
Ran by User (administrator) on USER-PC (09-08-2018 22:22:02)
Running from Z:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) Z:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) Z:\Windows\System32\nvvsvc.exe
() Z:\Windows\System32\ASGT.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Felix Logic) Z:\Program Files\Cold Turkey\CTService.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) Z:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) Z:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Microsoft Corporation) Z:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) Z:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AVAST Software) Z:\Program Files\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
() C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberGhost S.A.) Z:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) Z:\Windows\System32\rundll32.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VIA) Z:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Bitdefender) Z:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Oracle Corporation) Z:\Program Files\Common Files\Java\Java Update\jusched.exe
(f.lux Software LLC) Z:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(Adobe Systems Incorporated) Z:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) Z:\Windows\System32\wuauclt.exe
(Oracle Corporation) Z:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Almico Software (www.almico.com)) Z:\Program Files\SpeedFan\speedfan.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) Z:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => Z:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1701888 2009-10-28] (VIA)
HKLM\...\Run: [NvBackend] => Z:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => Z:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => Z:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Run: [f.lux] => Z:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\...\Run: [CCleaner Monitoring] => Z:\Program Files\CCleaner\CCleaner.exe [12762872 2018-07-24] (Piriform Ltd)
BootExecute: Z:\Windows\system32\autochk.exeavgBoot.exe /M:641dd7e86d4 /dir:"Z:\Program Files\AVG\Antivirus"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2648BF1D-9967-4AB4-BBB2-B50967F6702E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2648BF1D-9967-4AB4-BBB2-B50967F6702E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD4AF727-1106-4BC3-83DC-2B9BE3B69EC1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1473089369-2215227133-162011811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1473089369-2215227133-162011811-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Z:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Z:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-30] (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> Z:\Program Files\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Z:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Z:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Z:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-30] (Oracle Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2018-07-30] (AO Kaspersky Lab)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2018-07-30] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - Z:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 5uf4tpad.default
FF ProfilePath: Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default [2018-08-08]
FF NewTab: Mozilla\Firefox\Profiles\5uf4tpad.default -> file:///Z:/ProgramData/Quoteexs/ff.NT
FF Extension: (LastPass) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\support@lastpass.com [2016-12-17] [Legacy]
FF Extension: (FT DeepDark) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-01-16] [Legacy]
FF Extension: (iMacros for Firefox) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-09-03] [Legacy]
FF Extension: (Video DownloadHelper) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30] [Legacy]
FF Extension: (Adblock Plus) - Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] [Legacy]
FF SearchPlugin: Z:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5uf4tpad.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-06-21]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-08-11] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-30]
FF Plugin: @adobe.com/FlashPlayer -> Z:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> Z:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> Z:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-30] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> Z:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> z:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> Z:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> Z:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> Z:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @raidcall.tw/RCplugin -> Z:\Users\User\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> Z:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> Z:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: Adobe Acrobat -> Z:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> Z:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1473089369-2215227133-162011811-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> Z:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: Z:\Users\User\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-09-25] (Octoshape ApS)

Chrome: 
=======
CHR Profile: Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-08-09]
CHR Extension: (Kaspersky Protection) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-08-08]
CHR Extension: (Adblock Plus) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-09]
CHR Extension: (Chrome Web Store Payments) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-08]
CHR Extension: (Chrome Media Router) - Z:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-08]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor14.0; Z:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [176864 2015-12-07] (Adobe Systems Incorporated)
R2 ASGT; Z:\Windows\System32\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 avast; Z:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-24] (AVAST Software)
S3 avastm; Z:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-24] (AVAST Software)
S2 AVP19.0.0; Z:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
R2 bdredline; Z:\Program Files\Bitdefender Antivirus Free\bdredline.exe [1929240 2018-03-22] (Bitdefender)
S3 c2wts; Z:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CG6Service; Z:\Program Files\CyberGhost 6\CyberGhost.Service.exe [204880 2018-06-11] (CyberGhost S.A.)
R2 CTService; Z:\Program Files\Cold Turkey\\CTService.exe [329728 2016-02-14] (Felix Logic) [File not signed]
S3 fussvc; Z:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2014-02-19] (Microsoft Corporation) [File not signed]
S2 KSDE3.0.0; Z:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 NvNetworkService; Z:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; Z:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 ProductAgentService; Z:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S3 Te.Service; Z:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation) [File not signed]
R2 updatesrv; Z:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236208 2018-05-14] (Bitdefender)
R2 vsserv; Z:\Program Files\Bitdefender Antivirus Free\vsserv.exe [236208 2018-05-14] (Bitdefender)
R2 vsservppl; Z:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [236208 2018-05-14] (Bitdefender)
S3 VSStandardCollectorService140; Z:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-06-20] (Microsoft Corporation)
S2 Web Blocker Service; C:\Program Files\Webstart Studios\Web Blocker\TWBService.exe [32768 2010-09-13] () [File not signed]
R2 Web Blocker Service URL; C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe [24064 2010-09-13] () [File not signed]
S3 WinDefend; Z:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; Z:\Windows\System32\DRIVERS\atc.sys [1010256 2018-04-27] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; Z:\Windows\System32\DRIVERS\avc3.sys [1419144 2018-04-17] (BitDefender)
R0 BdDci; Z:\Windows\System32\DRIVERS\bddci.sys [126056 2018-04-19] (Bitdefender)
R0 cm_km; Z:\Windows\System32\DRIVERS\cm_km.sys [178368 2018-01-27] (AO Kaspersky Lab)
R3 edrsensor; Z:\Windows\System32\DRIVERS\edrsensor.sys [208216 2018-04-19] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 giveio; Z:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 gzflt; Z:\Windows\System32\drivers\gzflt.sys [157256 2018-05-29] (BitDefender LLC)
R2 ISOMount; Z:\Program Files\Free ISO Mount\FIMx86.sys [26984 2015-03-28] ()
R0 kl1; Z:\Windows\System32\DRIVERS\kl1.sys [151240 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; Z:\Windows\System32\DRIVERS\klbackupdisk.sys [63688 2017-12-27] (AO Kaspersky Lab)
R1 klbackupflt; Z:\Windows\System32\DRIVERS\klbackupflt.sys [101568 2018-02-02] (AO Kaspersky Lab)
R2 kldisk; Z:\Windows\System32\DRIVERS\kldisk.sys [75456 2018-07-30] (AO Kaspersky Lab)
R3 klflt; Z:\Windows\System32\DRIVERS\klflt.sys [173248 2018-07-30] (AO Kaspersky Lab)
R1 klhk; Z:\Windows\System32\DRIVERS\klhk.sys [659144 2018-07-30] (AO Kaspersky Lab)
R1 KLIF; Z:\Windows\System32\DRIVERS\klif.sys [875200 2018-07-30] (AO Kaspersky Lab)
R1 klim6; Z:\Windows\System32\DRIVERS\klim6.sys [49344 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; Z:\Windows\System32\DRIVERS\klkbdflt.sys [51400 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; Z:\Windows\System32\DRIVERS\klmouflt.sys [76328 2017-12-11] (AO Kaspersky Lab)
R1 klpd; Z:\Windows\System32\DRIVERS\klpd.sys [45520 2017-05-30] (AO Kaspersky Lab)
R3 kltap; Z:\Windows\System32\DRIVERS\kltap.sys [45496 2018-02-12] (The OpenVPN Project)
R1 kltdi; Z:\Windows\System32\DRIVERS\kltdi.sys [75488 2017-11-07] (AO Kaspersky Lab)
R1 klwtp; Z:\Windows\System32\DRIVERS\klwtp.sys [137016 2018-07-30] (AO Kaspersky Lab)
R1 kneps; Z:\Windows\System32\DRIVERS\kneps.sys [168640 2018-02-24] (AO Kaspersky Lab)
S3 mafmouse; Z:\Windows\System32\DRIVERS\mafmouse.sys [6144 2009-08-22] (MAF-Soft) [File not signed]
R3 MTsensor; Z:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 netr28u; Z:\Windows\System32\DRIVERS\netr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
R2 npf; Z:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NvStreamKms; Z:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; Z:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R0 PxHelp20; Z:\Windows\System32\drivers\PxHelp20.sys [46096 2013-09-03] (Corel Corporation)
R0 speedfan; Z:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 tap0901; Z:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R2 trufos; Z:\Windows\System32\drivers\trufos.sys [520816 2018-04-25] (Bitdefender)
R3 VIAHdAudAddService; Z:\Windows\System32\drivers\viahduaa.sys [1102848 2009-10-21] (VIA Technologies, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
R4 IOMap; \??\Z:\Windows\system32\drivers\IOMap.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-09 22:22 - 2018-08-09 22:23 - 000020626 _____ Z:\Users\User\Downloads\FRST.txt
2018-08-09 20:06 - 2018-08-09 20:06 - 000024688 _____ Z:\Windows\system32\Drivers\TrueSight.sys
2018-08-09 20:04 - 2018-08-09 22:19 - 000000000 ____D Z:\ProgramData\RogueKiller
2018-08-09 20:04 - 2018-08-09 22:15 - 000000000 ____D Z:\Program Files\RogueKiller
2018-08-09 20:04 - 2018-08-09 20:04 - 000001011 _____ Z:\Users\Public\Desktop\RogueKiller.lnk
2018-08-09 20:04 - 2018-08-09 20:04 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-09 19:59 - 2018-08-09 20:02 - 036798240 _____ (Adlice Software ) Z:\Users\User\Downloads\RogueKiller_setup_ref3.exe
2018-08-09 19:18 - 2018-08-09 19:18 - 000000000 ____D Z:\5e511d600e913e2c15141290066125
2018-08-08 21:11 - 2018-08-08 21:11 - 000000000 ____D Z:\c8d2e955ca994e6452
2018-08-08 21:10 - 2018-08-08 21:14 - 000005219 _____ Z:\Users\User\Downloads\Fixlog.txt
2018-08-08 21:09 - 2018-08-08 21:09 - 001773056 _____ (Farbar) Z:\Users\User\Downloads\FRST (1).exe
2018-08-08 12:45 - 2018-08-08 12:48 - 000067587 _____ Z:\Users\User\Downloads\Addition.txt
2018-08-08 12:40 - 2018-08-08 12:40 - 000000000 ____D Z:\Users\User\Downloads\FRST-OlderVersion
2018-08-07 23:09 - 2018-08-07 23:09 - 000076121 _____ Z:\Users\User\Downloads\[limetorrents.io]The.Endless..2017..[BluRay].[1080p].[YTS.AM].torrent
2018-07-31 20:02 - 2018-07-31 20:02 - 034162712 _____ Z:\Users\User\Downloads\Massiv in Mensch - Hamburg.mp4
2018-07-30 16:07 - 2018-07-30 16:07 - 000262144 _____ Z:\Windows\system32\config\elam
2018-07-30 15:32 - 2018-07-30 15:32 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-07-30 15:32 - 2018-07-30 15:31 - 000001160 _____ Z:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-07-30 15:31 - 2018-07-30 15:32 - 000000000 ____D Z:\Program Files\Common Files\AV
2018-07-30 15:29 - 2018-07-30 15:29 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-07-30 15:29 - 2018-07-30 15:28 - 000002015 _____ Z:\Users\Public\Desktop\Kaspersky Free.lnk
2018-07-30 15:26 - 2018-08-09 20:04 - 000000000 ____D Z:\ProgramData\Kaspersky Lab
2018-07-30 15:26 - 2018-07-30 15:30 - 000000000 ____D Z:\Program Files\Kaspersky Lab
2018-07-30 15:25 - 2018-07-30 15:39 - 000875200 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klif.sys
2018-07-30 15:25 - 2018-07-30 15:39 - 000173248 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klflt.sys
2018-07-30 15:25 - 2018-07-30 15:38 - 000659144 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klhk.sys
2018-07-30 15:11 - 2018-07-30 15:11 - 002536320 _____ (Kaspersky Lab) Z:\Users\User\Downloads\startup_14460 (2).exe
2018-07-30 15:11 - 2018-07-30 15:11 - 002536320 _____ (Kaspersky Lab) Z:\Users\User\Downloads\startup_14460 (1).exe
2018-07-29 17:15 - 2018-07-29 17:15 - 000307296 _____ Z:\Windows\Minidump\072918-19734-01.dmp
2018-07-28 12:27 - 2018-07-28 12:27 - 000041632 _____ Z:\Users\User\Downloads\prisoners-english-yify-3289.zip
2018-07-28 00:56 - 2018-07-28 00:56 - 000012283 _____ Z:\Users\User\Downloads\enemy-english-yify-15909.zip
2018-07-25 21:21 - 2018-07-25 21:21 - 002536320 _____ (Kaspersky Lab) Z:\Users\User\Downloads\startup_14460.exe
2018-07-25 20:49 - 2018-07-25 20:49 - 000000000 ____D Z:\ProgramData\bdch
2018-07-25 20:39 - 2018-08-09 22:22 - 000000000 ____D Z:\FRST
2018-07-25 20:34 - 2018-08-08 12:40 - 001773056 _____ (Farbar) Z:\Users\User\Downloads\FRST.exe
2018-07-25 18:54 - 2018-07-25 18:54 - 000028993 _____ Z:\ProgramData\agent.update.1532537647.bdinstall.bin
2018-07-25 18:40 - 2018-07-25 18:40 - 000001148 _____ Z:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2018-07-25 18:40 - 2018-07-25 18:40 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2018-07-25 18:40 - 2018-05-29 05:04 - 000157256 _____ (BitDefender LLC) Z:\Windows\system32\Drivers\gzflt.sys
2018-07-25 18:40 - 2018-04-19 11:15 - 000208216 _____ (BitDefender S.R.L. Bucharest, ROMANIA) Z:\Windows\system32\Drivers\edrsensor.sys
2018-07-25 18:39 - 2018-04-27 06:29 - 001010256 _____ (BitDefender S.R.L. Bucharest, ROMANIA) Z:\Windows\system32\Drivers\atc.sys
2018-07-25 18:39 - 2018-04-19 05:11 - 000126056 _____ (Bitdefender) Z:\Windows\system32\Drivers\bddci.sys
2018-07-25 18:39 - 2018-04-17 11:27 - 001419144 _____ (BitDefender) Z:\Windows\system32\Drivers\avc3.sys
2018-07-25 18:33 - 2018-04-25 05:26 - 000520816 _____ (Bitdefender) Z:\Windows\system32\Drivers\trufos.sys
2018-07-25 18:32 - 2018-08-09 22:23 - 000000000 ____D Z:\Program Files\Bitdefender Antivirus Free
2018-07-25 18:30 - 2018-07-25 18:30 - 000040748 _____ Z:\ProgramData\agent.1532536217.bdinstall.bin
2018-07-25 18:29 - 2018-07-25 18:29 - 009986176 _____ Z:\Users\User\Downloads\bitdefender_online.exe
2018-07-24 20:44 - 2018-07-24 21:02 - 000000000 _____ Z:\Windows\system32\last.dump
2018-07-24 20:42 - 2018-07-24 20:45 - 000000000 ____D Z:\cf951a9866ca0542800cc9b5b3df89d9
2018-07-24 20:34 - 2018-07-24 20:36 - 000000000 ____D Z:\72915a314b0e92c61c0007
2018-07-24 20:28 - 2018-07-24 20:28 - 000000258 __RSH Z:\ProgramData\ntuser.pol
2018-07-24 18:15 - 2018-07-24 18:15 - 076975376 _____ (Malwarebytes ) Z:\Users\User\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6021.exe
2018-07-24 18:15 - 2018-07-24 18:15 - 000000000 ____D Z:\ProgramData\MB2Migration
2018-07-24 17:42 - 2018-07-24 17:42 - 000002457 _____ Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-24 17:42 - 2018-07-24 17:42 - 000002414 _____ Z:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-24 17:36 - 2018-07-25 19:17 - 000000000 ____D Z:\Users\User\AppData\Local\AVAST Software
2018-07-24 17:32 - 2018-07-24 17:32 - 001142072 _____ (Microsoft Corporation) Z:\Windows\ucrtbase.dll
2018-07-24 17:32 - 2018-07-24 17:32 - 000000000 ____D Z:\Program Files\Common Files\AVAST Software
2018-07-24 17:31 - 2018-07-25 19:17 - 000000000 ____D Z:\Program Files\AVAST Software
2018-07-24 17:31 - 2018-07-24 17:31 - 000178320 _____ (AVAST Software) Z:\Users\User\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2018-07-24 17:17 - 2018-07-24 18:10 - 000000000 ____D Z:\Program Files\eFlow
2018-07-24 17:15 - 2018-07-25 19:25 - 000000000 ____D Z:\Users\User\AppData\Roaming\Windows Maintenance Service
2018-07-24 17:15 - 2018-07-25 19:23 - 000000000 ____D Z:\Windows\system32\nokmsgaj
2018-07-24 10:21 - 2018-07-29 17:14 - 3757277514 _____ Z:\Windows\MEMORY.DMP
2018-07-24 10:21 - 2018-07-24 10:21 - 000277312 _____ Z:\Windows\Minidump\072418-30591-01.dmp
2018-07-23 01:57 - 2018-07-23 01:57 - 000000000 ____D Z:\Users\User\AppData\Local\CrashRpt
2018-07-22 22:17 - 2018-07-22 22:18 - 000000000 ____D Z:\Program Files\FlashIntegro
2018-07-22 22:17 - 2018-07-22 22:17 - 000001170 _____ Z:\Users\User\Desktop\VSDC Free Video Editor x32.lnk
2018-07-22 22:17 - 2018-07-22 22:17 - 000000000 ____D Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2018-07-22 22:17 - 2018-06-20 09:48 - 000065672 _____ (Flash-Integro LLC) Z:\Windows\system32\mslvddsfilter4.ax
2018-07-22 21:49 - 2018-07-22 21:49 - 000000000 ____D Z:\Users\User\AppData\Local\Meltytech
2018-07-22 21:44 - 2018-07-22 21:44 - 000001833 _____ Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2018-07-22 21:42 - 2018-07-22 21:44 - 000000000 ____D Z:\Program Files\Shotcut
2018-07-17 09:26 - 2018-07-17 09:26 - 000000000 ____D Z:\5d9f826d62add7bfd2b8999211f9
2018-07-13 05:20 - 2018-07-13 05:20 - 000000000 ____D Z:\887d240aaf3769d0b9
2018-07-11 11:25 - 2018-06-21 02:00 - 000348824 _____ (Microsoft Corporation) Z:\Windows\system32\iedkcs32.dll
2018-07-11 11:25 - 2018-06-16 18:36 - 020286464 _____ (Microsoft Corporation) Z:\Windows\system32\mshtml.dll
2018-07-11 11:25 - 2018-06-16 18:19 - 002724864 _____ (Microsoft Corporation) Z:\Windows\system32\mshtml.tlb
2018-07-11 11:25 - 2018-06-16 18:19 - 000004096 _____ (Microsoft Corporation) Z:\Windows\system32\ieetwcollectorres.dll
2018-07-11 11:25 - 2018-06-16 18:06 - 000498176 _____ (Microsoft Corporation) Z:\Windows\system32\vbscript.dll
2018-07-11 11:25 - 2018-06-16 18:06 - 000062464 _____ (Microsoft Corporation) Z:\Windows\system32\iesetup.dll
2018-07-11 11:25 - 2018-06-16 18:05 - 000341504 _____ (Microsoft Corporation) Z:\Windows\system32\html.iec
2018-07-11 11:25 - 2018-06-16 18:05 - 000047616 _____ (Microsoft Corporation) Z:\Windows\system32\ieetwproxystub.dll
2018-07-11 11:25 - 2018-06-16 18:04 - 000064000 _____ (Microsoft Corporation) Z:\Windows\system32\MshtmlDac.dll
2018-07-11 11:25 - 2018-06-16 18:02 - 002295296 _____ (Microsoft Corporation) Z:\Windows\system32\iertutil.dll
2018-07-11 11:25 - 2018-06-16 17:59 - 000047104 _____ (Microsoft Corporation) Z:\Windows\system32\jsproxy.dll
2018-07-11 11:25 - 2018-06-16 17:59 - 000030720 _____ (Microsoft Corporation) Z:\Windows\system32\iernonce.dll
2018-07-11 11:25 - 2018-06-16 17:57 - 000476160 _____ (Microsoft Corporation) Z:\Windows\system32\ieui.dll
2018-07-11 11:25 - 2018-06-16 17:56 - 000662016 _____ (Microsoft Corporation) Z:\Windows\system32\jscript.dll
2018-07-11 11:25 - 2018-06-16 17:56 - 000115712 _____ (Microsoft Corporation) Z:\Windows\system32\ieUnatt.exe
2018-07-11 11:25 - 2018-06-16 17:56 - 000104960 _____ (Microsoft Corporation) Z:\Windows\system32\ieetwcollector.exe
2018-07-11 11:25 - 2018-06-16 17:55 - 000620032 _____ (Microsoft Corporation) Z:\Windows\system32\jscript9diag.dll
2018-07-11 11:25 - 2018-06-16 17:49 - 000668160 _____ (Microsoft Corporation) Z:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 11:25 - 2018-06-16 17:47 - 000416256 _____ (Microsoft Corporation) Z:\Windows\system32\dxtmsft.dll
2018-07-11 11:25 - 2018-06-16 17:42 - 000073216 _____ (Microsoft Corporation) Z:\Windows\system32\tdc.ocx
2018-07-11 11:25 - 2018-06-16 17:42 - 000060416 _____ (Microsoft Corporation) Z:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 11:25 - 2018-06-16 17:41 - 000091136 _____ (Microsoft Corporation) Z:\Windows\system32\inseng.dll
2018-07-11 11:25 - 2018-06-16 17:39 - 000168960 _____ (Microsoft Corporation) Z:\Windows\system32\msrating.dll
2018-07-11 11:25 - 2018-06-16 17:38 - 000076288 _____ (Microsoft Corporation) Z:\Windows\system32\mshtmled.dll
2018-07-11 11:25 - 2018-06-16 17:37 - 000279040 _____ (Microsoft Corporation) Z:\Windows\system32\dxtrans.dll
2018-07-11 11:25 - 2018-06-16 17:36 - 000130048 _____ (Microsoft Corporation) Z:\Windows\system32\occache.dll
2018-07-11 11:25 - 2018-06-16 17:34 - 004496384 _____ (Microsoft Corporation) Z:\Windows\system32\jscript9.dll
2018-07-11 11:25 - 2018-06-16 17:32 - 013680128 _____ (Microsoft Corporation) Z:\Windows\system32\ieframe.dll
2018-07-11 11:25 - 2018-06-16 17:30 - 000230400 _____ (Microsoft Corporation) Z:\Windows\system32\webcheck.dll
2018-07-11 11:25 - 2018-06-16 17:29 - 000696320 _____ (Microsoft Corporation) Z:\Windows\system32\msfeeds.dll
2018-07-11 11:25 - 2018-06-16 17:28 - 002060288 _____ (Microsoft Corporation) Z:\Windows\system32\inetcpl.cpl
2018-07-11 11:25 - 2018-06-16 17:28 - 000692224 _____ (Microsoft Corporation) Z:\Windows\system32\ie4uinit.exe
2018-07-11 11:25 - 2018-06-16 17:27 - 001155072 _____ (Microsoft Corporation) Z:\Windows\system32\mshtmlmedia.dll
2018-07-11 11:25 - 2018-06-16 17:08 - 002767872 _____ (Microsoft Corporation) Z:\Windows\system32\wininet.dll
2018-07-11 11:25 - 2018-06-16 17:05 - 001313792 _____ (Microsoft Corporation) Z:\Windows\system32\urlmon.dll
2018-07-11 11:25 - 2018-06-16 17:04 - 000710144 _____ (Microsoft Corporation) Z:\Windows\system32\ieapfltr.dll
2018-07-11 11:25 - 2018-06-13 17:55 - 012880384 _____ (Microsoft Corporation) Z:\Windows\system32\shell32.dll
2018-07-11 11:25 - 2018-06-13 17:54 - 001499648 _____ (Microsoft Corporation) Z:\Windows\system32\ExplorerFrame.dll
2018-07-11 11:25 - 2018-06-13 17:25 - 002404352 _____ (Microsoft Corporation) Z:\Windows\system32\win32k.sys
2018-07-11 11:25 - 2018-06-08 18:02 - 004050624 _____ (Microsoft Corporation) Z:\Windows\system32\ntkrnlpa.exe
2018-07-11 11:25 - 2018-06-08 18:02 - 003962048 _____ (Microsoft Corporation) Z:\Windows\system32\ntoskrnl.exe
2018-07-11 11:25 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) Z:\Windows\system32\halmacpi.dll
2018-07-11 11:25 - 2018-06-08 18:02 - 000189632 _____ (Microsoft Corporation) Z:\Windows\system32\hal.dll
2018-07-11 11:25 - 2018-06-08 18:02 - 000137920 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 11:25 - 2018-06-08 18:02 - 000136384 _____ (Microsoft Corporation) Z:\Windows\system32\halacpi.dll
2018-07-11 11:25 - 2018-06-08 18:02 - 000067264 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 11:25 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) Z:\Windows\system32\ntdll.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 001417728 _____ (Microsoft Corporation) Z:\Windows\system32\ole32.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 001063424 _____ (Microsoft Corporation) Z:\Windows\system32\lsasrv.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000872448 _____ (Microsoft Corporation) Z:\Windows\system32\kernel32.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000655360 _____ (Microsoft Corporation) Z:\Windows\system32\rpcrt4.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000554496 _____ (Microsoft Corporation) Z:\Windows\system32\kerberos.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000400896 _____ (Microsoft Corporation) Z:\Windows\system32\srcore.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000377344 _____ (Microsoft Corporation) Z:\Windows\system32\rpcss.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000330240 _____ (Microsoft Corporation) Z:\Windows\system32\zipfldr.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000294400 _____ (Microsoft Corporation) Z:\Windows\system32\KernelBase.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000261120 _____ (Microsoft Corporation) Z:\Windows\system32\msv1_0.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000254464 _____ (Microsoft Corporation) Z:\Windows\system32\schannel.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000223232 _____ (Microsoft Corporation) Z:\Windows\system32\ncrypt.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000172032 _____ (Microsoft Corporation) Z:\Windows\system32\wdigest.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000171008 _____ (Microsoft Corporation) Z:\Windows\system32\winsrv.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000146432 _____ (Microsoft Corporation) Z:\Windows\system32\msaudite.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000141312 _____ (Microsoft Corporation) Z:\Windows\system32\rpchttp.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000099840 _____ (Microsoft Corporation) Z:\Windows\system32\sspicli.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000070144 _____ (Microsoft Corporation) Z:\Windows\system32\TSpkg.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000060416 _____ (Microsoft Corporation) Z:\Windows\system32\msobjs.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000050176 _____ (Microsoft Corporation) Z:\Windows\system32\setbcdlocale.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000043008 _____ (Microsoft Corporation) Z:\Windows\system32\srclient.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000026112 _____ (Microsoft Corporation) Z:\Windows\system32\oleres.dll
2018-07-11 11:25 - 2018-06-08 17:55 - 000022016 _____ (Microsoft Corporation) Z:\Windows\system32\secur32.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000690688 _____ (Microsoft Corporation) Z:\Windows\system32\adtschema.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000644096 _____ (Microsoft Corporation) Z:\Windows\system32\advapi32.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000269824 _____ (Microsoft Corporation) Z:\Windows\system32\dnsapi.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000131584 _____ (Microsoft Corporation) Z:\Windows\system32\dnsrslvr.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000082432 _____ (Microsoft Corporation) Z:\Windows\system32\bcrypt.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000050688 _____ (Microsoft Corporation) Z:\Windows\system32\appidapi.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000038912 _____ (Microsoft Corporation) Z:\Windows\system32\csrsrv.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000017408 _____ (Microsoft Corporation) Z:\Windows\system32\credssp.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000006656 _____ (Microsoft Corporation) Z:\Windows\system32\apisetschema.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000005120 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004608 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000004096 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:54 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:29 - 000007168 _____ (Microsoft Corporation) Z:\Windows\system32\comcat.dll
2018-07-11 11:25 - 2018-06-08 17:28 - 000030720 _____ (Microsoft Corporation) Z:\Windows\system32\dnscacheugc.exe
2018-07-11 11:25 - 2018-06-08 17:27 - 000097792 _____ (Microsoft Corporation) Z:\Windows\system32\appidpolicyconverter.exe
2018-07-11 11:25 - 2018-06-08 17:27 - 000050688 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\appid.sys
2018-07-11 11:25 - 2018-06-08 17:27 - 000050176 _____ (Microsoft Corporation) Z:\Windows\system32\auditpol.exe
2018-07-11 11:25 - 2018-06-08 17:27 - 000029696 _____ (Microsoft Corporation) Z:\Windows\system32\appidsvc.dll
2018-07-11 11:25 - 2018-06-08 17:27 - 000016896 _____ (Microsoft Corporation) Z:\Windows\system32\appidcertstorecheck.exe
2018-07-11 11:25 - 2018-06-08 17:25 - 000271360 _____ (Microsoft Corporation) Z:\Windows\system32\conhost.exe
2018-07-11 11:25 - 2018-06-08 17:24 - 000262656 _____ (Microsoft Corporation) Z:\Windows\system32\rstrui.exe
2018-07-11 11:25 - 2018-06-08 17:24 - 000107008 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\videoprt.sys
2018-07-11 11:25 - 2018-06-08 17:21 - 000226304 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 11:25 - 2018-06-08 17:21 - 000124416 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 11:25 - 2018-06-08 17:21 - 000098304 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 11:25 - 2018-06-08 17:19 - 000069632 _____ (Microsoft Corporation) Z:\Windows\system32\smss.exe
2018-07-11 11:25 - 2018-06-08 17:19 - 000036352 _____ (Microsoft Corporation) Z:\Windows\system32\cryptbase.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000022016 _____ (Microsoft Corporation) Z:\Windows\system32\lsass.exe
2018-07-11 11:25 - 2018-06-08 17:19 - 000015872 _____ (Microsoft Corporation) Z:\Windows\system32\sspisrv.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000006144 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000004608 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000003584 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 17:19 - 000003072 ____H (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 11:25 - 2018-06-07 17:57 - 000564736 _____ (Microsoft Corporation) Z:\Windows\system32\MPSSVC.dll
2018-07-11 11:25 - 2018-06-07 17:57 - 000463360 _____ (Microsoft Corporation) Z:\Windows\system32\FirewallAPI.dll
2018-07-11 11:25 - 2018-06-07 17:57 - 000089088 _____ (Microsoft Corporation) Z:\Windows\system32\icfupgd.dll
2018-07-11 11:25 - 2018-06-07 17:34 - 000060416 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 11:25 - 2018-06-07 17:34 - 000018944 _____ (Microsoft Corporation) Z:\Windows\system32\wfapigp.dll
2018-07-11 11:25 - 2018-05-31 17:56 - 001310912 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\tcpip.sys
2018-07-11 11:25 - 2018-05-31 17:56 - 000240832 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\netio.sys
2018-07-11 11:25 - 2018-05-31 17:56 - 000187584 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 11:25 - 2018-05-02 17:30 - 000285184 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbport.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000259584 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbhub.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000076288 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000046592 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbehci.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000024576 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 11:25 - 2018-05-02 17:30 - 000020480 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbohci.sys
2018-07-11 11:25 - 2018-05-02 17:29 - 000006016 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\usbd.sys
2018-07-11 11:25 - 2018-04-26 15:05 - 000918296 _____ (Microsoft Corporation) Z:\Windows\system32\ucrtbase.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000065880 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000021848 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000018776 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000017240 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000015704 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000015192 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000013656 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000013152 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000012120 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011608 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 15:05 - 000011096 _____ (Microsoft Corporation) Z:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 11:25 - 2018-04-25 17:54 - 000088576 _____ (Microsoft Corporation) Z:\Windows\system32\wkssvc.dll
2018-07-11 11:25 - 2018-04-25 17:17 - 000088576 _____ (Microsoft Corporation) Z:\Windows\system32\Drivers\dfsc.sys
2018-07-11 11:24 - 2018-06-13 19:59 - 000122560 _____ (Microsoft Corporation) Z:\Windows\system32\CompatTelRunner.exe
2018-07-11 11:24 - 2018-06-13 17:53 - 000554496 _____ (Microsoft Corporation) Z:\Windows\system32\aeinv.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 002703872 _____ (Microsoft Corporation) Z:\Windows\system32\aitstatic.exe
2018-07-11 11:24 - 2018-06-08 15:05 - 001359360 _____ (Microsoft Corporation) Z:\Windows\system32\appraiser.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000619520 _____ (Microsoft Corporation) Z:\Windows\system32\generaltel.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000517120 _____ (Microsoft Corporation) Z:\Windows\system32\devinv.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000358912 _____ (Microsoft Corporation) Z:\Windows\system32\invagent.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000353792 _____ (Microsoft Corporation) Z:\Windows\system32\centel.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000246272 _____ (Microsoft Corporation) Z:\Windows\system32\acmigration.dll
2018-07-11 11:24 - 2018-06-08 15:05 - 000202752 _____ (Microsoft Corporation) Z:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-09 22:22 - 2009-07-14 06:34 - 000026080 ____H Z:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-09 22:22 - 2009-07-14 06:34 - 000026080 ____H Z:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-09 20:02 - 2015-01-23 00:16 - 000000000 ____D Z:\Program Files\SpeedFan
2018-08-09 19:27 - 2010-11-20 23:01 - 000781790 _____ Z:\Windows\system32\PerfStringBackup.INI
2018-08-09 19:27 - 2009-07-14 04:37 - 000000000 ____D Z:\Windows\inf
2018-08-09 19:20 - 2015-01-22 23:38 - 000000000 ____D Z:\ProgramData\NVIDIA
2018-08-09 19:20 - 2009-07-14 06:53 - 000000006 ____H Z:\Windows\Tasks\SA.DAT
2018-08-09 19:11 - 2015-01-19 15:25 - 000000000 ____D Z:\ProgramData\Zoom Player
2018-08-09 19:08 - 2018-04-20 22:08 - 000000000 ____D Z:\Users\User\AppData\Local\Mixxx
2018-08-09 19:00 - 2015-01-23 02:37 - 000000000 ____D Z:\Users\User\AppData\Roaming\uTorrent
2018-08-09 18:58 - 2018-01-26 17:08 - 000000000 ____D Z:\Users\User\AppData\Roaming\MediaMonkey
2018-08-09 14:32 - 2018-02-13 14:35 - 000000000 ____D Z:\Users\User\Desktop\mix
2018-08-01 19:30 - 2009-07-14 04:37 - 000000000 ____D Z:\Windows\system32\NDF
2018-07-30 16:04 - 2015-03-02 12:38 - 000000000 ____D Z:\Program Files\CCleaner
2018-07-30 15:39 - 2018-05-16 21:05 - 000075456 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\kldisk.sys
2018-07-30 15:38 - 2018-02-17 02:50 - 000137016 _____ (AO Kaspersky Lab) Z:\Windows\system32\Drivers\klwtp.sys
2018-07-29 17:15 - 2016-04-02 22:04 - 000000000 ____D Z:\Windows\Minidump
2018-07-25 20:18 - 2015-09-14 00:46 - 000007680 ___SH Z:\Users\User\Thumbs.db
2018-07-25 19:17 - 2015-07-01 16:27 - 000000000 ____D Z:\ProgramData\AVAST Software
2018-07-25 18:54 - 2017-12-18 17:57 - 000000000 ____D Z:\Program Files\Bitdefender Agent
2018-07-24 21:08 - 2015-07-01 16:25 - 000000000 ____D Z:\ProgramData\Malwarebytes
2018-07-24 20:27 - 2016-06-14 20:40 - 000002186 _____ Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-24 20:27 - 2016-06-14 20:40 - 000002139 _____ Z:\Users\Public\Desktop\Google Chrome.lnk
2018-07-24 20:27 - 2014-11-15 01:03 - 000001052 _____ Z:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-24 20:19 - 2015-02-01 11:48 - 000000000 ____D Z:\Program Files\uniSaLeos
2018-07-24 00:56 - 2009-07-14 04:37 - 000000000 ____D Z:\Windows\rescache
2018-07-23 02:29 - 2016-10-02 23:50 - 000000000 ____D Z:\Users\User\AppData\Roaming\FlashIntegro
2018-07-22 22:18 - 2014-11-15 01:52 - 000000000 ____D Z:\ProgramData\Package Cache
2018-07-22 22:17 - 2016-10-02 23:46 - 000000000 ____D Z:\Program Files\Common Files\FlashIntegro
2018-07-21 17:29 - 2017-07-21 12:59 - 000000404 _____ Z:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-07-13 10:55 - 2018-06-13 10:41 - 000469360 _____ Z:\Windows\system32\FNTCACHE.DAT
2018-07-13 10:52 - 2014-12-17 00:41 - 000000000 ____D Z:\Windows\system32\appraiser
2018-07-12 03:14 - 2014-12-01 06:11 - 000000000 ___RD Z:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-07-12 03:07 - 2009-07-14 04:37 - 000000000 ____D Z:\Program Files\Common Files\microsoft shared
2018-07-11 11:13 - 2009-07-14 04:04 - 000000478 _____ Z:\Windows\win.ini
2018-07-10 21:33 - 2015-01-23 03:29 - 000842240 _____ (Adobe Systems Incorporated) Z:\Windows\system32\FlashPlayerApp.exe
2018-07-10 21:33 - 2015-01-23 03:29 - 000175104 _____ (Adobe Systems Incorporated) Z:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-10 21:33 - 2015-01-23 03:28 - 000000000 ____D Z:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2015-03-06 23:31 - 2015-03-06 23:31 - 001923888 _____ () Z:\Users\User\Adaware_Installer.exe
2015-03-06 23:29 - 2015-03-06 23:28 - 004800936 _____ (AVG Technologies) Z:\Users\User\avg_free_stb_all_5751p1_177.exe
2015-03-02 12:38 - 2015-03-02 12:38 - 005325696 _____ (Piriform Ltd) Z:\Users\User\ccsetup503.exe
2015-03-28 04:07 - 2015-03-28 04:07 - 002238600 _____ (Microsoft Corporation) Z:\Users\User\DefaultPack.EXE
2015-03-28 04:12 - 2015-03-28 04:12 - 000292184 _____ (Microsoft Corporation) Z:\Users\User\dxwebsetup.exe
2015-04-30 17:50 - 2015-04-30 17:50 - 002503365 _____ (http://www.didsoft.com                                      ) Z:\Users\User\EPS_setup.exe
2015-02-16 03:15 - 2015-02-16 03:15 - 000639912 _____ (Oracle Corporation) Z:\Users\User\jxpiinstall.exe
2017-01-17 00:06 - 2017-01-17 00:06 - 000527423 _____ (                                                            ) Z:\Users\User\Lame_v3.99.3_for_Windows.exe
2015-02-10 09:13 - 2015-02-10 09:13 - 032588028 _____ (Igor Pavlov) Z:\Users\User\renpy-6.18.3-sdk.7z.exe
2015-02-06 09:10 - 2015-02-06 09:10 - 001142128 _____ () Z:\Users\User\SteamSetup.exe
2015-02-28 10:27 - 2015-02-28 10:27 - 001088905 _____ (pendrivelinux.com) Z:\Users\User\Universal-USB-Installer-1.9.5.9.exe
2016-07-02 14:34 - 2016-07-02 14:34 - 000213904 _____ (Microsoft Corporation) Z:\Users\User\vs_community_ENU.exe
2015-03-28 03:27 - 2015-03-28 03:27 - 000061064 _____ () Z:\Users\User\winxpvirtualcdcontrolpanel_21.exe
2016-08-12 20:54 - 2016-08-12 20:54 - 000004608 _____ () Z:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-13 12:21 - 2015-12-13 12:21 - 000000218 _____ () Z:\Users\User\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-08-09 20:04 - 2018-06-08 17:57 - 001310488 _____ (Microsoft Corporation) Z:\Users\User\AppData\Local\Temp\dllnt_dump.dll
2018-08-08 21:36 - 2018-08-08 21:36 - 007338040 _____ () Z:\Users\User\AppData\Local\Temp\paint.net.4.0.21.install.exe
2018-05-31 20:51 - 2018-08-09 20:02 - 000192512 _____ () Z:\Users\User\AppData\Local\Temp\sfamcc00001.dll
2018-07-30 20:40 - 2018-07-30 20:40 - 000192512 _____ () Z:\Users\User\AppData\Local\Temp\sfamcc00002.dll
2018-08-09 20:02 - 2018-08-09 20:02 - 000158720 _____ () Z:\Users\User\AppData\Local\Temp\sfareca00001.dll
2018-07-30 20:40 - 2018-07-30 20:40 - 000158720 _____ () Z:\Users\User\AppData\Local\Temp\sfareca00002.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

Z:\Windows\explorer.exe => File is digitally signed
Z:\Windows\system32\winlogon.exe => File is digitally signed
Z:\Windows\system32\wininit.exe => File is digitally signed
Z:\Windows\system32\svchost.exe => File is digitally signed
Z:\Windows\system32\services.exe => File is digitally signed
Z:\Windows\system32\User32.dll => File is digitally signed
Z:\Windows\system32\userinit.exe => File is digitally signed
Z:\Windows\system32\rpcss.dll => File is digitally signed
Z:\Windows\system32\dnsapi.dll => File is digitally signed
Z:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-11 11:44

==================== End of FRST.txt ============================

Edited by random3986xo, 09 August 2018 - 04:29 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 10 August 2018 - 06:51 AM

Hi,

Glad that the problem as been solved.

Personnally I would delete all the entries listed in the RogueKiller that start with

[PUP..... etc

Like this...
[PUP.Gen1][Folder] Z:\Users\User\AppData\Roaming\Easeware -> Found

You decide if you want to keep them.

PUP mease Potentially Unwanted Program.

Regards.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users