Jump to content

Recommended Posts

Hello Tenkuru and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Hi Kevin, thanks for the reply.

Running the scan with Scan for Rootkits enabled causes my laptop to blue screen with the stop code PAGE_FAULT_IN_NONPAGED_AREA (MBAMBSwissArmy.sys). I am able to run the scan normally with Scan for Rootkits disabled though.

AdwCleaner detected no threats. Here's the log:

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-04-2019
# Duration: 00:00:08
# OS:       Windows 10 Home
# Scanned:  35815
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2091 octets] - [04/08/2019 00:04:35]
AdwCleaner[C00].txt - [2145 octets] - [04/08/2019 00:05:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-08-2019
Ran by Wei heng (administrator) on DESKTOP-SDD0J8L (Aftershock P95_96_97Ex,Rx) (04-08-2019 00:12:27)
Running from C:\My Files\Downloads
Loaded Profiles: Wei heng (Available Profiles: Wei heng)
Platform: Windows 10 Home Version 1903 18362.239 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_1.16.0.0_x64__6h6z29zh29qx0\FnKey\FnKey.exe
() [File not signed] C:\Windows\Temp\g419D.tmp.exe
(Code Sector -> Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_bdde3927d54cee46\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_bdde3927d54cee46\IntelCpHeciSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\Intel\iCLS Client\lib\SocketHeciServer.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kristjan Skutta -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lim\.vscode\extensions\ms-vscode.cpptools-0.24.1\bin\Microsoft.VSCode.CPP.Extension.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lim\.vscode\extensions\ms-vscode.cpptools-0.24.1\bin\Microsoft.VSCode.CPP.IntelliSense.Msvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\IME\SHARED\ImeBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\DriverStore\FileRepository\acpi0002.inf_amd64_6febf06bcb7a0df1\DCHUService.exe
(Microsoft Windows Hardware Compatibility Publisher -> CLEVO CO.) C:\Windows\System32\DriverStore\FileRepository\acpi0002.inf_amd64_6febf06bcb7a0df1\ComboKeyTray.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.) C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Oliver Schwendener) [File not signed] C:\Program Files (x86)\ueli\ueli.exe
(Oliver Schwendener) [File not signed] C:\Program Files (x86)\ueli\ueli.exe
(Oliver Schwendener) [File not signed] C:\Program Files (x86)\ueli\ueli.exe
(Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(pooi.moe) [File not signed] C:\Program Files\WindowsApps\21090PaddyXu.QuickLook_3.6.4.0_neutral__egxr34yet59cg\Package\QuickLook.exe
(PushBullet Inc -> Pushbullet Inc) C:\Users\Lim\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [834032 2019-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-01-03] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2240288 2019-02-04] (voidtools -> voidtools)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248312 2019-05-11] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [2128200 2017-02-21] (Palo Alto Networks -> Palo Alto Networks)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\Run: [electron.app.ueli] => C:\Program Files (x86)\ueli\ueli.exe [67920384 2019-02-09] (Oliver Schwendener) [File not signed]
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-07-17] (Valve -> Valve Corporation)
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc) [File not signed]
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [1776120 2019-05-10] (Kristjan Skutta -> )
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7606344 2019-05-06] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\Run: [Discord] => C:\Users\Lim\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {0225b349-72e8-11e9-be1b-38002561971a} - "D:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {968d215f-7416-11e9-be2b-38002561971a} - "D:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {e4d0d996-73d9-11e9-be24-38002561971a} - "V:\Setup.exe" 
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {e4d0d9e5-73d9-11e9-be24-38002561971a} - "V:\Setup.exe" 
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {e4d0dad8-73d9-11e9-be24-38002561971a} - "V:\AutorunMenu.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-10] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{25CA8579-1BD8-469c-B9FC-6AC45A161C18}] -> C:\Windows\system32\PanV2CredProv.dll [2017-02-21] (Palo Alto Networks -> )
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2019-05-11]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notion.lnk [2019-05-10]
ShortcutTarget: Notion.lnk -> C:\Users\Lim\AppData\Local\Programs\Notion\Notion.exe (Notion Labs, Inc. -> Notion Labs, Incorporated)
Startup: C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-05-10]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
Startup: C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2019-05-11]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E5E396-B4B6-4F6D-94C3-ACEB3B0AB57D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {14C58CC6-74B1-4118-8CDA-1ABF2053FB2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {180E641F-21F2-4019-AED0-9AFB53E4F294} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D0D01BF-8CE9-4DE4-8FC3-C3C78352E982} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849720 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4E31F179-CFDA-4E5F-80DF-2FB7A1EC9F97} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E2CE1FF-6C9C-4320-953D-9815FF99F972} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F2FD8D2-531D-4CF5-A99A-F708EA963055} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7A1283B1-215D-432F-BB93-C026AE4243C2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1633919597-1401767618-1652399544-1003 => C:\Users\Lim\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {8849267E-0221-4ABC-AB93-5BFCDA32AAB4} - System32\Tasks\JdwXjwGAXJTc => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\JdwXjwGAXJTc\JdwXjwGAXJTc.dll",JdwXjwGAXJTc <==== ATTENTION
Task: {9BFEC58A-AEB6-42F0-BBE7-37BCE2A360D2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2019-05-04] () [File not signed]
Task: {AE448866-AA63-47C4-8E44-B1986A64B492} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [591160 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C12B026A-72E0-4294-9787-56E1B5FC7635} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5E66453-A262-48DF-BCFC-E46BDD72F49A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D22DD1D2-88E1-4F54-A840-30ADED75A45A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1633919597-1401767618-1652399544-500 => C:\Users\Lim\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E38402E2-9EAC-4EAC-9FC0-4BA7919BF19B} - System32\Tasks\Everything (Voidtools) => C:\Program Files\Everything\Everything.exe [2240288 2019-02-04] (voidtools -> voidtools)
Task: {FADCCC90-E386-4C4C-8E70-0EDF82CBBFE7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849720 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.11
Tcpip\..\Interfaces\{bad129bb-9854-401e-a4ac-b475983996c3}: [DhcpNameServer] 192.168.1.11
Tcpip\..\Interfaces\{d4cc90dc-9c6b-46fc-b310-7252a0c50327}: [DhcpNameServer] 202.73.37.3 10.0.0.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-10] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-10] (Google Inc -> Google LLC)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mysearch.avg.com/?cid={9448E2E6-B1EA-49CA-9DBB-BA9CE2CCD493}&mid=7adba0a897c647d3960f6d3e716cd093-c58ddddd8fd06da6a1c6fb226ad198afb15d579b&lang=en&ds=AVG&pr=pr&d=2013-04-10 17:02:05&v=15.0.0.2&pid=safeguard&sg=2&sap=hp
CHR StartupUrls: Default -> "hxxps://www.youtube.com/","hxxps://www.nicovideo.jp/tag/%E3%81%AB%E3%81%98%E3%81%95%E3%82%93%E3%81%98","hxxps://twitter.com/","hxxps://www.reddit.com/"
CHR Profile: C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default [2019-08-04]
CHR Extension: (Slides) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-10]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2019-05-10]
CHR Extension: (Universal Bypass) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj [2019-07-29]
CHR Extension: (Pixiv Toolkit) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlcnbbeidbackfknkgknjefhmbngdnj [2019-07-15]
CHR Extension: (Docs) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-10]
CHR Extension: (Google Drive) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-10]
CHR Extension: (YouTube) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-10]
CHR Extension: (Tab Muter) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnclejfcblondkjliiblkojdeloomadd [2019-06-18]
CHR Extension: (Sad Panda) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2019-05-10]
CHR Extension: (Pushbullet) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2019-06-04]
CHR Extension: (uBlock Origin) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-26]
CHR Extension: (Tampermonkey) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-05-10]
CHR Extension: (Session Buddy) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2019-05-10]
CHR Extension: (Sheets) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-10]
CHR Extension: (GoodTwitter) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbanhionoclikdjnjlcmefiofgjimgca [2019-07-25]
CHR Extension: (rikaikun) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2019-05-10]
CHR Extension: (IPA furigana) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbgnfnncobhklficfkdnclohaklifi [2019-05-10]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-06-09]
CHR Extension: (Youtube Subscription(Collection) Manager) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmnjgijlmjgmimahnillepgcgeemffb [2019-07-22]
CHR Extension: (Notion Web Clipper) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\knheggckgoiihginacbkhaalnibhilkk [2019-06-15]
CHR Extension: (Reload All Tabs) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2019-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-10]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2019-06-13]
CHR Extension: (Speed Uploader for Google Drive) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmiihfmefkhkdidneofcjklgjebknda [2019-05-10]
CHR Extension: (Hover Zoom+) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2019-07-31]
CHR Extension: (Gmail) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR Profile: C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-12-20] (Intel(R) Software Development Products -> Intel Corporation)
R2 CCDCHUService; C:\Windows\System32\DriverStore\FileRepository\acpi0002.inf_amd64_6febf06bcb7a0df1\DCHUService.exe [75648 2019-01-03] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-05-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1899232 2018-11-08] (Intel Corporation -> Intel Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2240288 2019-02-04] (voidtools -> voidtools)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2019-04-30] (FUTUREMARK INC -> Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-05-06] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2019-05-06] (GOG Sp. z o.o. -> GOG.com)
R2 HKClipSvc; C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe [421728 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [530208 2019-01-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Windows\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2019-02-20] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Windows\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2019-02-20] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Windows\System32\jhi_service.exe [648184 2019-02-20] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LMS; C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [552848 2019-02-20] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2019-01-23] (Intel Corporation -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-07-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [3325768 2017-02-21] (Palo Alto Networks -> Palo Alto Networks)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [834032 2019-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248312 2019-05-11] (SoftEther Corporation -> SoftEther VPN Project at University of Tsukuba, Japan.)
S3 sshd; C:\Windows\System32\OpenSSH\sshd.exe [974848 2019-03-01] (Microsoft Windows -> )
S3 SshdBroker; C:\Windows\System32\SshdBroker.dll [290816 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
R2 UWPService; C:\Windows\SysWOW64\Creative.UWPRPCService.exe [363968 2019-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-05-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-05-10] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Windows\SysWOW64\XtuService.exe [28376 2019-01-17] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4107360 2019-01-23] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiBridge; C:\Windows\System32\drivers\AcpiBridge.sys [48720 2018-12-12] (WDKTestCert stone.cheng,131352419880621518 -> Insyde Software Corporation)
R3 ANXUcmCxCD; C:\Windows\System32\drivers\ANXUcmCxCD.sys [92736 2018-12-26] (Analogix semiconductor, Inc. -> )
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [87568 2018-11-08] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [83984 2018-11-08] (Intel Corporation -> Intel Corporation)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [33592 2015-05-24] (DEV47 APPS -> Dev47Apps)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [410144 2018-11-08] (Intel Corporation -> Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\DriverStore\FileRepository\hideventfilter.inf_amd64_1ed78f101bc29129\HidEventFilter.sys [84104 2018-11-21] (Intel(R) Software -> Intel Corporation)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [47416 2018-12-12] (WDKTestCert stone.cheng,131710889793483852 -> Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [46208 2018-12-12] (WDKTestCert stone.cheng,131710889912565784 -> Insyde Software Corp.)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [131744 2018-10-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [1016288 2019-01-03] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [2758432 2019-01-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [43456 2019-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [37824 2019-05-11] (SoftEther Corporation -> SoftEther Corporation)
S3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8723968 2019-03-19] (Microsoft Windows -> Intel Corporation)
R3 Netwtw08; C:\Windows\System32\drivers\Netwtw08.sys [9037088 2019-01-18] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvcvi.inf_amd64_d0e3c0f71e349b3d\nvlddmkm.sys [20747520 2019-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [36352 2017-02-21] (Microsoft Windows Hardware Compatibility Publisher -> Palo Alto Networks)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1122224 2018-10-23] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSPER; C:\Windows\System32\drivers\RtsPer.sys [928728 2018-11-01] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50624 2019-05-11] (SoftEther Corporation -> SoftEther Corporation)
R3 UcmCxUcsiNvppc; C:\Windows\System32\drivers\UcmCxUcsiNvppc.sys [452544 2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344544 2019-05-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60896 2019-05-10] (Microsoft Windows -> Microsoft Corporation)
R3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [34288 2019-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [54512 2019-01-17] (Intel Corporation -> Intel Corporation)
R3 XTUComponent; C:\Windows\System32\drivers\iocbios2.sys [39680 2019-01-17] (Intel(R) Extreme Tuning Utility -> Intel Corporation)
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-04 00:12 - 2019-08-04 00:12 - 000000000 ____D C:\FRST
2019-08-04 00:08 - 2019-08-04 00:08 - 001238212 _____ C:\Windows\Minidump\080419-12390-01.dmp
2019-08-04 00:07 - 2019-08-04 00:10 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-08-04 00:04 - 2019-08-04 00:05 - 000000000 ____D C:\AdwCleaner
2019-08-04 00:01 - 2019-08-04 00:08 - 981438274 _____ C:\Windows\MEMORY.DMP
2019-08-04 00:01 - 2019-08-04 00:01 - 001250348 _____ C:\Windows\Minidump\080419-12296-01.dmp
2019-08-03 22:11 - 2019-08-03 22:11 - 000000000 ____D C:\ProgramData\MB2Migration
2019-08-03 21:36 - 2019-08-03 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-08-03 21:36 - 2019-08-03 21:36 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-08-03 21:36 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2019-08-03 21:36 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-08-03 21:36 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-08-03 19:08 - 2019-08-03 21:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-03 19:08 - 2019-08-03 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-03 19:08 - 2019-08-03 19:08 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-03 19:08 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-08-03 19:08 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-29 02:22 - 2019-07-29 02:22 - 000000000 ____D C:\Users\Lim\AppData\LocalLow\illusion_Koikatu
2019-07-26 23:50 - 2019-07-26 23:50 - 000000000 ____D C:\Users\Lim\AppData\LocalLow\illusion__Koikatu
2019-07-19 18:46 - 2019-07-19 18:46 - 000000000 ____D C:\Users\Lim\AppData\Roaming\EasyAntiCheat
2019-07-19 18:46 - 2019-07-19 18:46 - 000000000 ____D C:\ProgramData\Electronic Arts
2019-07-19 18:41 - 2019-07-19 18:46 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2019-07-19 18:41 - 2019-07-19 18:41 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2019-07-19 18:36 - 2019-08-01 18:44 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-07-19 18:35 - 2019-07-23 16:54 - 000000000 ____D C:\Program Files (x86)\Origin
2019-07-19 18:32 - 2019-08-01 18:44 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Origin
2019-07-19 18:32 - 2019-08-01 18:44 - 000000000 ____D C:\ProgramData\Origin
2019-07-19 18:32 - 2019-07-19 18:46 - 000000000 ____D C:\Users\Lim\AppData\Local\Origin
2019-07-19 18:32 - 2019-07-19 18:32 - 000000000 ____D C:\Users\Lim\.QtWebEngineProcess
2019-07-19 18:32 - 2019-07-19 18:32 - 000000000 ____D C:\Users\Lim\.Origin
2019-07-15 21:32 - 2019-07-15 21:32 - 000000000 ____D C:\Users\Lim\.android
2019-07-15 21:30 - 2019-07-15 21:30 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WO Mic Client
2019-07-15 21:30 - 2019-07-15 21:30 - 000000000 ____D C:\Program Files (x86)\WOMic
2019-07-15 21:20 - 2019-07-27 19:35 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Discord
2019-07-15 21:20 - 2019-07-15 21:20 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-07-15 21:20 - 2019-07-15 21:20 - 000000000 ____D C:\Users\Lim\AppData\Local\SquirrelTemp
2019-07-15 21:20 - 2019-07-15 21:20 - 000000000 ____D C:\Users\Lim\AppData\Local\Discord
2019-07-15 21:10 - 2019-07-15 21:27 - 000000033 _____ C:\ProgramData\droidcam-settings
2019-07-15 21:09 - 2019-07-15 21:09 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2019-07-15 21:09 - 2019-07-15 21:09 - 000000000 ____D C:\Program Files (x86)\DroidCam
2019-07-10 19:32 - 2019-07-10 19:32 - 025902080 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 025444864 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 022625280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 019849216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 019811328 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 018017792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 017786368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 014816256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 009917752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 008011776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 007887440 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 007758336 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 007636616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 007242312 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 007175168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 007008768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 006534712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 006224296 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 006218752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 006068840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 005919744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 005745504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004863488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004578816 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004562920 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 004552336 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 004481536 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004470784 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004348408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004306432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004129416 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004012032 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 004008960 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Service.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003914480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 003837440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003748864 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003725312 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 003698176 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003654656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003590968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 003550720 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003525592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003487232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003372952 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003327256 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003263488 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003261440 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003243080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003106304 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 003084800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002990608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 002956984 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002876416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002871824 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 002870784 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002798592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 002771008 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002763552 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-07-10 19:32 - 2019-07-10 19:32 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-07-10 19:32 - 2019-07-10 19:32 - 002725376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 002697728 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002656768 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002587328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002561536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002550584 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002494232 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002490712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002449456 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002443264 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002398208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002306048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002281984 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002258336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002235936 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002232960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002216448 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002117160 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002081976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 002072152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001999440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001979392 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001954960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001945600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001918976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001884672 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001866064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\ConstraintIndex.Search.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001815040 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001781248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001761792 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001754232 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-07-10 19:32 - 2019-07-10 19:32 - 001745920 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001743672 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001721344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001721144 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001717560 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001697280 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001690624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001687552 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001651848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001647280 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001635328 _____ (Microsoft Corporation) C:\Windows\system32\TaskFlowDataEngine.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001633648 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001608704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001608192 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001555688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001539584 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001535288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001509936 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001480704 _____ (Microsoft Corporation) C:\Windows\system32\rdpsharercom.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001458176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001437184 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001393960 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001391416 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001375232 _____ (Microsoft Corporation) C:\Windows\system32\APMon.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001366528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001366128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-07-10 19:32 - 2019-07-10 19:32 - 001362432 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001345024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001337656 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001304888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001273344 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001273176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001262864 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001261568 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001260032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpsharercom.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001250432 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001214976 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001192096 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001182232 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001149928 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001146880 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001124864 _____ (Microsoft Corporation) C:\Windows\system32\CBDHSvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001092096 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001071928 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 001067008 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001063944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001042944 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2019-07-10 19:32 - 2019-07-10 19:32 - 001040896 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001012792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001007104 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001006592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 001000960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000986112 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000984376 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000947200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000928776 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000919040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000912896 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000910272 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000892696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000889656 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000879792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2019-07-10 19:32 - 2019-07-10 19:32 - 000876856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000862720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000858112 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000843776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000833536 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000830976 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000829544 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000821696 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000818656 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000813568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000810512 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000801592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000782120 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000774152 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000772656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000771584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000769336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000751256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000743424 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000740664 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000735232 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000706544 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000705536 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000702464 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntime.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000700928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000680760 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000679368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntimewindows.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000674816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000674072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000673152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000673080 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000667272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000645632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000642008 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000637968 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000611328 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000602432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000589592 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000588464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000586552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000568336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000531976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2019-07-10 19:32 - 2019-07-10 19:32 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000531464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000523912 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000516752 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000513336 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000511288 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000510768 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-07-10 19:32 - 2019-07-10 19:32 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000481592 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000477496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-07-10 19:32 - 2019-07-10 19:32 - 000474112 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000472576 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000467968 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2019-07-10 19:32 - 2019-07-10 19:32 - 000464696 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000460288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000443904 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000435000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000425264 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-07-10 19:32 - 2019-07-10 19:32 - 000415800 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000415544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\DispBroker.Desktop.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000390456 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000388608 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000387584 _____ (Microsoft Corporation) C:\Windows\system32\provplatformdesktop.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000386016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000368128 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000366184 _____ (Microsoft Corporation) C:\Windows\system32\mfsensorgroup.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000357376 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000353960 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.BlueLightReduction.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000339520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000336928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000336752 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000324624 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000317952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000316216 _____ (Microsoft Corporation) C:\Windows\system32\computestorage.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000300184 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000296976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AnalogShell.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000280576 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000271872 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000268216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000267528 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000257536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provplatformdesktop.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbaudio2.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000248088 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerCsp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000220680 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000214032 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000210440 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000204800 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000202040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000199176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000193848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000193800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000187920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\AarSvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000183808 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngOnline.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000182072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000180536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000180024 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000164152 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BitLockerCsp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000149512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000146920 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000142544 _____ (Microsoft Corporation) C:\Windows\system32\LicensingUI.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000142136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000132096 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000129848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000127296 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000123912 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinAUG.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000120352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000117048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000115120 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000114176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000102216 _____ (Microsoft Corporation) C:\Windows\system32\changepk.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000099712 _____ (Microsoft Corporation) C:\Windows\system32\FsIso.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000093496 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000093312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000089544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000088560 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000084280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\CustomInstallExec.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\efsext.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000071720 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000065064 _____ (Microsoft Corporation) C:\Windows\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000058825 _____ C:\Windows\system32\srms.dat
2019-07-10 19:32 - 2019-07-10 19:32 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efsext.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000047000 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\UpgradeResultsUI.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000042296 _____ (Microsoft Corporation) C:\Windows\system32\SysResetErr.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\KNetPwrDepBroker.sys
2019-07-10 19:32 - 2019-07-10 19:32 - 000028936 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\autopilotdiag.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000021304 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\bindflt.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.exe
2019-07-10 19:32 - 2019-07-10 19:32 - 000003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCertResources.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\TpmCertResources.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-07-10 19:32 - 2019-07-10 19:32 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-04 00:10 - 2019-05-10 20:04 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Code
2019-08-04 00:09 - 2019-05-11 17:10 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2019-08-04 00:09 - 2019-05-11 01:12 - 000000000 ____D C:\Users\Lim\AppData\Local\Pushbullet
2019-08-04 00:08 - 2019-05-11 17:25 - 000000242 __RSH C:\ProgramData\ntuser.pol
2019-08-04 00:08 - 2019-05-10 13:55 - 000000000 ____D C:\Users\Lim
2019-08-04 00:08 - 2019-04-29 15:06 - 000000000 ____D C:\Windows\minidump
2019-08-04 00:08 - 2019-04-29 13:31 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-04 00:08 - 2019-04-29 13:10 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-04 00:08 - 2019-04-29 13:10 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-08-04 00:07 - 2019-05-10 18:53 - 000000000 ____D C:\Users\Lim\AppData\Local\CrashDumps
2019-08-04 00:06 - 2019-05-10 18:33 - 000000000 ____D C:\Users\Lim\AppData\Roaming\ueli
2019-08-04 00:05 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-08-04 00:05 - 2019-03-19 12:37 - 000786432 _____ C:\Windows\system32\config\BBI
2019-08-04 00:01 - 2019-05-28 09:56 - 000000000 ___HD C:\Windows\msdownld.tmp
2019-08-04 00:01 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\LiveKernelReports
2019-08-03 22:54 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\AppReadiness
2019-08-03 22:53 - 2019-03-19 12:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-03 21:48 - 2019-05-10 23:02 - 000000000 ____D C:\Users\Lim\AppData\Local\Everything
2019-08-03 21:48 - 2019-05-10 19:23 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Everything
2019-08-03 19:16 - 2019-03-19 12:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-03 19:08 - 2019-03-19 12:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-08-03 19:00 - 2019-05-10 17:11 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-08-03 18:36 - 2019-05-10 19:23 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-29 21:28 - 2019-05-10 20:42 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-07-29 19:05 - 2019-05-10 22:33 - 000000000 ____D C:\Users\Lim\AppData\Roaming\obs-studio
2019-07-28 17:28 - 2019-05-10 19:18 - 000002179 _____ C:\Users\Lim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notion.lnk
2019-07-28 17:28 - 2019-05-10 19:18 - 000000000 ____D C:\Users\Lim\AppData\Roaming\Notion
2019-07-27 19:31 - 2019-05-19 21:16 - 000419672 _____ C:\Windows\system32\prfh0804.dat
2019-07-27 19:31 - 2019-05-19 21:16 - 000133764 _____ C:\Windows\system32\prfc0804.dat
2019-07-27 19:31 - 2019-05-10 21:07 - 000485446 _____ C:\Windows\system32\perfh011.dat
2019-07-27 19:31 - 2019-05-10 21:07 - 000134028 _____ C:\Windows\system32\perfc011.dat
2019-07-27 19:31 - 2019-04-29 13:16 - 002006696 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-27 19:31 - 2019-03-19 12:50 - 000000000 ____D C:\Windows\INF
2019-07-27 17:39 - 2019-05-10 23:54 - 000000000 ____D C:\Users\Lim\AppData\Roaming\ImageGlass
2019-07-27 02:59 - 2019-05-10 13:57 - 000000000 ____D C:\Users\Lim\AppData\Local\D3DSCache
2019-07-26 04:11 - 2019-05-10 20:11 - 000000000 ____D C:\Users\Lim\AppData\Roaming\qBittorrent
2019-07-20 22:10 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\system32\NDF
2019-07-15 00:28 - 2019-05-10 19:26 - 000000000 ____D C:\Users\Lim\AppData\Roaming\TeraCopy
2019-07-11 16:09 - 2019-05-10 13:56 - 000000000 ___RD C:\Users\Lim\3D Objects
2019-07-11 16:09 - 2019-04-29 13:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-11 16:08 - 2019-04-29 13:10 - 000539288 _____ C:\Windows\system32\FNTCACHE.DAT
2019-07-11 02:40 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\SystemResources
2019-07-11 02:40 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\system32\oobe
2019-07-11 02:40 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\system32\migwiz
2019-07-11 02:40 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\system32\appraiser
2019-07-11 02:40 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\ShellExperiences
2019-07-11 02:40 - 2019-03-19 12:52 - 000000000 ____D C:\Windows\bcastdvr
2019-07-10 19:36 - 2019-05-10 17:12 - 000000000 ____D C:\Windows\system32\MRT
2019-07-10 19:36 - 2019-03-19 12:37 - 000000000 ____D C:\Windows\CbsTemp
2019-07-10 19:34 - 2019-05-10 17:12 - 136618864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-07-10 01:12 - 2019-05-13 17:25 - 000000000 ____D C:\My Programs

==================== Files in the root of some directories ================

2019-05-11 02:23 - 2019-05-11 02:23 - 000001547 _____ () C:\Users\Lim\AppData\Local\recently-used.xbel
2019-05-10 18:26 - 2019-05-23 22:15 - 000007601 _____ () C:\Users\Lim\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

And finally, I have attached Addition.txt below. 

Addition.txt

Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Hey Kevin, after running the fix the malware seems to be gone judging from the Malwarebytes scans. Here are the logs:

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 3-08-2019
Ran by Wei heng (04-08-2019 01:21:59) Run:1
Running from C:\My Files\Downloads
Loaded Profiles: Wei heng (Available Profiles: Wei heng)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Windows\Temp\g419D.tmp.exe
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {0225b349-72e8-11e9-be1b-38002561971a} - "D:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {968d215f-7416-11e9-be2b-38002561971a} - "D:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {e4d0d996-73d9-11e9-be24-38002561971a} - "V:\Setup.exe" 
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {e4d0d9e5-73d9-11e9-be24-38002561971a} - "V:\Setup.exe" 
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\MountPoints2: {e4d0dad8-73d9-11e9-be24-38002561971a} - "V:\AutorunMenu.exe" 
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {8849267E-0221-4ABC-AB93-5BFCDA32AAB4} - System32\Tasks\JdwXjwGAXJTc => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\JdwXjwGAXJTc\JdwXjwGAXJTc.dll",JdwXjwGAXJTc <==== ATTENTION
C:\Program Files (x86)\JdwXjwGAXJTc
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\StartupApproved\Run: => "68512"
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\...\StartupApproved\Run: => "n6ep8HN1cg.exe"
Hosts:
CMD: winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\Temp\g419D.tmp.exe => moved successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0225b349-72e8-11e9-be1b-38002561971a} => removed successfully
HKLM\Software\Classes\CLSID\{0225b349-72e8-11e9-be1b-38002561971a} => not found
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{968d215f-7416-11e9-be2b-38002561971a} => removed successfully
HKLM\Software\Classes\CLSID\{968d215f-7416-11e9-be2b-38002561971a} => not found
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4d0d996-73d9-11e9-be24-38002561971a} => removed successfully
HKLM\Software\Classes\CLSID\{e4d0d996-73d9-11e9-be24-38002561971a} => not found
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4d0d9e5-73d9-11e9-be24-38002561971a} => removed successfully
HKLM\Software\Classes\CLSID\{e4d0d9e5-73d9-11e9-be24-38002561971a} => not found
HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4d0dad8-73d9-11e9-be24-38002561971a} => removed successfully
HKLM\Software\Classes\CLSID\{e4d0dad8-73d9-11e9-be24-38002561971a} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8849267E-0221-4ABC-AB93-5BFCDA32AAB4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8849267E-0221-4ABC-AB93-5BFCDA32AAB4}" => removed successfully
C:\Windows\System32\Tasks\JdwXjwGAXJTc => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JdwXjwGAXJTc" => removed successfully
C:\Program Files (x86)\JdwXjwGAXJTc => moved successfully
HKLM\System\CurrentControlSet\Services\cpuz148 => removed successfully
cpuz148 => service removed successfully
HKLM\System\CurrentControlSet\Services\GPUZ => removed successfully
GPUZ => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvhci => removed successfully
nvvhci => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
"HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\68512" => removed successfully
"HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\68512" => removed successfully
"HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\n6ep8HN1cg.exe" => removed successfully
"HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\n6ep8HN1cg.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= winmgmt /verifyrepository =========

WMI repository is consistent

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 150629344 B
Java, Flash, Steam htmlcache => 365156202 B
Windows/system/drivers => 19290799 B
Edge => 2400340 B
Chrome => 379042317 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 482640 B
systemprofile32 => 0 B
LocalService => 8244 B
LocalService => 0 B
NetworkService => 2372614 B
NetworkService => 0 B
Lim => 131664642 B

RecycleBin => 19173 B
EmptyTemp: => 1012.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:23:03 ====

Malwarebytes scan log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/4/19
Scan Time: 1:29 AM
Log File: 35358a50-b614-11e9-9e1e-80fa5b69fb2f.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11846
License: Free

-System Information-
OS: Windows 10 (Build 18362.239)
CPU: x64
File System: NTFS
User: DESKTOP-SDD0J8L\Wei heng

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 279714
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

However, the Malicious Software Removal Tool's quick scan seem to be stuck while scanning the tcpip.sys driver. Is that something that I should be worrying about?

Link to post
Share on other sites

No, those IP addresses do not seem familiar to me. Viewqwest is an ISP in my area but I am not under them. 

Quote

MSRT in quick mode does not normally take more than 60 minutes..

Alright, I'll let it run for another 30 minutes or so and see if there's any progress.

Link to post
Share on other sites

Cancel the scan, then do this:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 3-08-2019
Ran by Wei heng (04-08-2019 02:46:57) Run:2
Running from C:\My Files\Downloads
Loaded Profiles: Wei heng (Available Profiles: Wei heng)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{d4cc90dc-9c6b-46fc-b310-7252a0c50327}: [DhcpNameServer] 202.73.37.3 10.0.0.1

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4cc90dc-9c6b-46fc-b310-7252a0c50327}\\DhcpNameServer" => removed successfully


The system needed a reboot.

==== End of Fixlog 02:47:08 ====

 

Link to post
Share on other sites

Ok, cancel the scan. I want you to run another scan, this one will take several hours so can be left running overnight..

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs
Link to post
Share on other sites

Downloaded Sophos and left it running overnight. It detected a threat which I then cleaned up. Here is the log:

2019-08-04 08:08:01.991	Sophos Virus Removal Tool version 2.7.0
2019-08-04 08:08:01.991	Copyright (c) 2009-2018 Sophos Limited. All rights reserved.

2019-08-04 08:08:01.991	This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2019-08-04 08:08:01.991	Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2019-08-04 08:08:01.991	Checking for updates...
2019-08-04 08:08:01.997	Update progress: proxy server not available
2019-08-04 08:08:10.491	Option all = no
2019-08-04 08:08:10.491	Option recurse = yes
2019-08-04 08:08:10.493	Option archive = no
2019-08-04 08:08:10.493	Option service = yes
2019-08-04 08:08:10.493	Option confirm = yes
2019-08-04 08:08:10.493	Option sxl = yes
2019-08-04 08:08:10.493	Option max-data-age = 35
2019-08-04 08:08:10.493	Option vdl-logging = yes
2019-08-04 08:08:10.496	Customer ID:	094260ca9b3af99f9d4a3909fc47a743
2019-08-04 08:08:10.496	Machine ID:	8e8df933dac947d19fb6ef5247d0f48b
2019-08-04 08:08:10.512	Component SVRTcli.exe version 2.7.0
2019-08-04 08:08:10.512	Component control.dll version 2.7.0
2019-08-04 08:08:10.512	Component SVRTservice.exe version 2.7.0
2019-08-04 08:08:10.512	Component engine\osdp.dll version 1.44.1.2451
2019-08-04 08:08:10.512	Component engine\veex.dll version 3.76.0.2451
2019-08-04 08:08:10.512	Component engine\savi.dll version 9.0.14.2451
2019-08-04 08:08:10.526	Component rkdisk.dll version 1.5.33.1
2019-08-04 08:08:10.526	Version info:	Product version	2.7.0
2019-08-04 08:08:10.526	Version info:	Detection engine	3.76.0
2019-08-04 08:08:10.526	Version info:	Detection data	5.64
2019-08-04 08:08:10.526	Version info:	Build date	2019/06/03
2019-08-04 08:08:10.526	Version info:	Data files added	273
2019-08-04 08:08:10.526	Version info:	Last successful update	(not yet updated)
2019-08-04 08:08:34.843	Downloading updates...
2019-08-04 08:08:34.846	Update progress: [I96736] sdds.svrt_v1.12: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2019-08-04 08:08:34.846	Update progress: [I95020] sdds.svrt_v1.12: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-08-04 08:08:34.846	Update progress: [I22529] sdds.svrt_v1.12: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-08-04 08:08:34.846	Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS
2019-08-04 08:08:34.846	Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2019-08-04 08:08:34.846	Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2019-08-04 08:08:34.846	Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 47 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0acddb9ee5b5487e5020815433693eacx000.xml: 4897 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0acddb9ee5b5487e5020815433693eacx000.xml: 31 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 733e7ca877ce3fc42b3ae02a70e3f885x000.xml: 8673 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 733e7ca877ce3fc42b3ae02a70e3f885x000.xml: 16 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE569/1e879d0da87b17d6842b8f7f1b48a49ax000.xml: 590 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE569/1e879d0da87b17d6842b8f7f1b48a49ax000.xml: 16 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 547 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE560/0167d8cf884d717c1779abc52d17cb71x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE560/0167d8cf884d717c1779abc52d17cb71x000.xml: 281 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE557/13239828b0b1bf83de4692d775629148x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE557/13239828b0b1bf83de4692d775629148x000.xml: 297 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 594 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE565/1ce171d7f5b9565065bf17a44774f0a1x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE565/1ce171d7f5b9565065bf17a44774f0a1x000.xml: 531 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 297 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 297 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE558/3a1dfb2d23615d09497b1db3305e32dax000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE558/3a1dfb2d23615d09497b1db3305e32dax000.xml: 281 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 547 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 547 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE561/6c1dd3a5196572a9bb41e9156eb30577x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE561/6c1dd3a5196572a9bb41e9156eb30577x000.xml: 547 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE567/7b23de79c99d2127137bb3a2e2e9ab95x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE567/7b23de79c99d2127137bb3a2e2e9ab95x000.xml: 15 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 297 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE559/bf3b91a4649162f3b240ef9f3d9d7c65x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE559/bf3b91a4649162f3b240ef9f3d9d7c65x000.xml: 547 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE563/cc18c9c4f72ead6c0bb51284002291cax000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE563/cc18c9c4f72ead6c0bb51284002291cax000.xml: 297 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE556/cd085cdff0109eb84b9c16d718521445x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE556/cd085cdff0109eb84b9c16d718521445x000.xml: 531 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE566/d051415c7c83e949b41461e8db404aedx000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE566/d051415c7c83e949b41461e8db404aedx000.xml: 31 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE562/d7da1c8549bd88228f71a41e440c4772x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE562/d7da1c8549bd88228f71a41e440c4772x000.xml: 32 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE564/fc86ecada014384667e0ec752820eec7x000.xml: 601 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE564/fc86ecada014384667e0ec752820eec7x000.xml: 297 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE568/4c6cd0ff766f84a3ce84b038a65370bcx000.xml: 7448 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE568/4c6cd0ff766f84a3ce84b038a65370bcx000.xml: 31 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 02b74ebe963a45c350fdfcc2feea061cx000.xml: 615 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 02b74ebe963a45c350fdfcc2feea061cx000.xml: 15 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c328e9ffae39972d76b744ddde1825c8x000.xml: 320 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c328e9ffae39972d76b744ddde1825c8x000.xml: 32 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 547 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes
2019-08-04 08:08:34.846	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 531 ms
2019-08-04 08:08:34.846	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c518d5be60608ac6bd5325ef02b8a7ex000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c518d5be60608ac6bd5325ef02b8a7ex000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 211a9b2ae569945c9fe3e1ca74a2c644x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 211a9b2ae569945c9fe3e1ca74a2c644x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 24be0fc59a0372038b7fbb3af3e19d21x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 24be0fc59a0372038b7fbb3af3e19d21x000.xml: 282 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4ccc0244dafdc3a404f8bb420c2a165x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4ccc0244dafdc3a404f8bb420c2a165x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 532 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 44df079c17c27192400c73a86d16785fx000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 44df079c17c27192400c73a86d16785fx000.xml: 547 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 32f2c03993b8d3414be5d9d714792de3x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 32f2c03993b8d3414be5d9d714792de3x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 13ff2225063d88f220fa6841f37c8371x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 13ff2225063d88f220fa6841f37c8371x000.xml: 547 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9e72c50dc4507dfba988367b178eda4ax000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9e72c50dc4507dfba988367b178eda4ax000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 297 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 297 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 46e9b0f78df0d20502af43f391ffc506x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 46e9b0f78df0d20502af43f391ffc506x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7fe1eebcf235024389043a634ef20366x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7fe1eebcf235024389043a634ef20366x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9ec625dcb3a242e1fece93286451a352x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9ec625dcb3a242e1fece93286451a352x000.xml: 31 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: eaba289b0a9e187ed96137c42bf85645x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: eaba289b0a9e187ed96137c42bf85645x000.xml: 579 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4e261308128b5b42bf54c232030ea27x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4e261308128b5b42bf54c232030ea27x000.xml: 515 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 563 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: da92f17acb85d0a5bdb85ace75b37afcx000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: da92f17acb85d0a5bdb85ace75b37afcx000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d2bd1911114961b92c55d33d6faa1a9ax000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d2bd1911114961b92c55d33d6faa1a9ax000.xml: 297 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 78c5bd6e43890df1ecf3457a9b5a5dd1x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 78c5bd6e43890df1ecf3457a9b5a5dd1x000.xml: 31 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2302ad75630d4b58cca278062b8b5de4x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2302ad75630d4b58cca278062b8b5de4x000.xml: 32 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 65b7509646b00610cf1732a01f49a46fx000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 65b7509646b00610cf1732a01f49a46fx000.xml: 296 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f6ec5061dd7e77923111541727311aa2x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f6ec5061dd7e77923111541727311aa2x000.xml: 532 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4f4a648042a613c869eddf17703b772ax000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4f4a648042a613c869eddf17703b772ax000.xml: 297 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d86540a0b23bc7236508f5b443729232x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d86540a0b23bc7236508f5b443729232x000.xml: 296 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 20d640fb5ddff12944b1b5c3e34a4ca7x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 20d640fb5ddff12944b1b5c3e34a4ca7x000.xml: 547 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2ee4a92ec19fb16304c745c83ce570dbx000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2ee4a92ec19fb16304c745c83ce570dbx000.xml: 32 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ace8e7b646829af68be5b32bbcc82570x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ace8e7b646829af68be5b32bbcc82570x000.xml: 547 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f22440c76fa98b33be36804ffa922b99x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f22440c76fa98b33be36804ffa922b99x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 677c6984b6b0fcb32a84bb4f05a2e35ax000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 677c6984b6b0fcb32a84bb4f05a2e35ax000.xml: 547 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7a3833618c1adde4d2e20d2de6f3fa16x000.xml: 1027 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7a3833618c1adde4d2e20d2de6f3fa16x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9368403163321ca023d9919cfc51be64x000.xml: 338 bytes
2019-08-04 08:08:34.847	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9368403163321ca023d9919cfc51be64x000.xml: 531 ms
2019-08-04 08:08:34.847	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2c9f2b4a3bd9b8aa278af484075cffbbx000.xml: 1027 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2c9f2b4a3bd9b8aa278af484075cffbbx000.xml: 563 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 542303d59e10e8dcd6b025d5e810d68dx000.xml: 338 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 542303d59e10e8dcd6b025d5e810d68dx000.xml: 31 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3b398d9d567878e44028b17cedc93f9fx000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3b398d9d567878e44028b17cedc93f9fx000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e9dc91e44cc367711490670ea1665011x000.xml: 333 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e9dc91e44cc367711490670ea1665011x000.xml: 31 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6585fcf262a911bcfd7f32042f1b9d00x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6585fcf262a911bcfd7f32042f1b9d00x000.xml: 31 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5dfa9f6a0e6ebbfd5799c5ca67182fd9x000.xml: 333 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5dfa9f6a0e6ebbfd5799c5ca67182fd9x000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9d792492b832c41f3d65f4cd9e1bf4f7x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9d792492b832c41f3d65f4cd9e1bf4f7x000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6bec591c9316ba3190fd377b343c2abex000.xml: 333 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6bec591c9316ba3190fd377b343c2abex000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6ddabda366a3dc4a96c1cff0a8cfc127x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6ddabda366a3dc4a96c1cff0a8cfc127x000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f70e0292f3577e51c8d6a2c4d125151ex000.xml: 333 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f70e0292f3577e51c8d6a2c4d125151ex000.xml: 32 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a4f2d842f54af2526f06b524ac139164x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a4f2d842f54af2526f06b524ac139164x000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: be74fd39d589ff41602b9b8d8d06039fx000.xml: 333 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: be74fd39d589ff41602b9b8d8d06039fx000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4b8381f259a6f918dd58bc6f703dec5ex000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4b8381f259a6f918dd58bc6f703dec5ex000.xml: 31 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 06b9c2028b78108dc217f1ac33aacce9x000.xml: 333 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 06b9c2028b78108dc217f1ac33aacce9x000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 25f51b88ce555ff18eb69a9203aa3cefx000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 25f51b88ce555ff18eb69a9203aa3cefx000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 01b099883db5924e11670920f817abd2x000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 01b099883db5924e11670920f817abd2x000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4eddb50a17facb539b6a141dc3ce2ecx000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4eddb50a17facb539b6a141dc3ce2ecx000.xml: 31 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0fa1e42207dfcb41c03a112d74a829cex000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0fa1e42207dfcb41c03a112d74a829cex000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1986b3ccb00cbc4ed80afa5d0245d3d6x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1986b3ccb00cbc4ed80afa5d0245d3d6x000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5a2951c011ce1b6a96abafa766aa39fdx000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5a2951c011ce1b6a96abafa766aa39fdx000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 03958e0115ef3c060b28dab1eafbdbd4x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 03958e0115ef3c060b28dab1eafbdbd4x000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: da51f91c2d2391014b7ac94ddf54fd25x000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: da51f91c2d2391014b7ac94ddf54fd25x000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: cdbc762af9fc05f6851fc48560f4f006x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: cdbc762af9fc05f6851fc48560f4f006x000.xml: 32 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3ca28862f6f0a37d90ae70e13a4d240fx000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3ca28862f6f0a37d90ae70e13a4d240fx000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 09e1887f20ae7dd48b41a47ff3eef0eex000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 09e1887f20ae7dd48b41a47ff3eef0eex000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 82044a10659d84789ed389f8e327cbc8x000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 82044a10659d84789ed389f8e327cbc8x000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 95964076d3c1a5cd409cd6cebe58f8f3x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 95964076d3c1a5cd409cd6cebe58f8f3x000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: efc11c4954a1c26b3f0a67640930e045x000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: efc11c4954a1c26b3f0a67640930e045x000.xml: 31 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c334bed4534514216174d890e3815a82x000.xml: 877 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c334bed4534514216174d890e3815a82x000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b07484646789e8d224f0c8baf93f5982x000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b07484646789e8d224f0c8baf93f5982x000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2476b70e0a6ae77cca00cb544d1d0f67x000.xml: 1027 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2476b70e0a6ae77cca00cb544d1d0f67x000.xml: 15 ms
2019-08-04 08:08:34.848	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6783a827ef600eb3c6d2dcf1a8ae360ex000.xml: 335 bytes
2019-08-04 08:08:34.848	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6783a827ef600eb3c6d2dcf1a8ae360ex000.xml: 16 ms
2019-08-04 08:08:34.848	Update progress: [I49502] sdds.data0910.xml: found supplement IDE565 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2019-08-04 08:08:34.848	Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE565 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE565 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I49502] sdds.data0910.xml: found supplement IDE566 LATEST path= baseVersion= [included from product IDE565 LATEST path=]
2019-08-04 08:08:34.848	Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE566 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE566 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I49502] sdds.data0910.xml: found supplement IDE567 LATEST path= baseVersion= [included from product IDE566 LATEST path=]
2019-08-04 08:08:34.848	Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE567 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE567 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I49502] sdds.data0910.xml: found supplement IDE568 LATEST path= baseVersion= [included from product IDE567 LATEST path=]
2019-08-04 08:08:34.848	Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE568 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE568 LATEST path=
2019-08-04 08:08:34.848	Update progress: [I49502] sdds.data0910.xml: found supplement IDE569 LATEST path= baseVersion= [included from product IDE568 LATEST path=]
2019-08-04 08:08:34.849	Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE569 LATEST path=
2019-08-04 08:08:34.849	Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE569 LATEST path=
2019-08-04 08:08:34.849	Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-08-04 08:08:34.849	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b665a1ba9c5d6e1823ab41beaff42416x000.xml: 82628 bytes
2019-08-04 08:08:34.849	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b665a1ba9c5d6e1823ab41beaff42416x000.xml: 547 ms
2019-08-04 08:08:34.849	Update progress: [I19463] Product download size 223192755 bytes
2019-08-04 08:08:39.692	Update progress: [I19463] Syncing product IDE565 LATEST path=
2019-08-04 08:08:39.692	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 59511491e02f7189056be86f467170e2x000.xml: 26230 bytes
2019-08-04 08:08:39.692	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 59511491e02f7189056be86f467170e2x000.xml: 563 ms
2019-08-04 08:08:39.692	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c05f88366d29a8f6e07987397ffb433dx000.xml: 397 bytes
2019-08-04 08:08:39.692	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c05f88366d29a8f6e07987397ffb433dx000.xml: 15 ms
2019-08-04 08:08:39.692	Update progress: [I19463] Product download size 1853373 bytes
2019-08-04 08:08:40.116	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9b90dd70c76c1a13697c5a08147e1239x000.xml: 6240 bytes
2019-08-04 08:08:40.116	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9b90dd70c76c1a13697c5a08147e1239x000.xml: 32 ms
2019-08-04 08:08:40.679	Update progress: [I19463] Syncing product IDE566 LATEST path=
2019-08-04 08:08:40.679	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: df003e82bf7cfa530fbbb76547585383x000.xml: 27476 bytes
2019-08-04 08:08:40.679	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: df003e82bf7cfa530fbbb76547585383x000.xml: 547 ms
2019-08-04 08:08:40.679	Update progress: [I19463] Product download size 1645235 bytes
2019-08-04 08:08:41.319	Update progress: [I19463] Syncing product IDE567 LATEST path=
2019-08-04 08:08:41.319	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8fe8f6bfe9e7b646c6cc40a6068f6c54x000.xml: 27728 bytes
2019-08-04 08:08:41.319	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8fe8f6bfe9e7b646c6cc40a6068f6c54x000.xml: 172 ms
2019-08-04 08:08:41.319	Update progress: [I19463] Product download size 1766233 bytes
2019-08-04 08:08:54.075	Update progress: [I19463] Syncing product IDE568 LATEST path=
2019-08-04 08:08:54.075	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9bfb38a2bd257770fa68371f335c57f3x000.xml: 4612 bytes
2019-08-04 08:08:54.075	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9bfb38a2bd257770fa68371f335c57f3x000.xml: 16 ms
2019-08-04 08:08:54.076	Update progress: [I19463] Product download size 324203 bytes
2019-08-04 08:08:56.588	Update progress: [I19463] Syncing product IDE569 LATEST path=
2019-08-04 08:08:56.589	Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes
2019-08-04 08:08:56.589	Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 312 ms
2019-08-04 08:08:56.617	Installing updates...
2019-08-04 08:08:57.221	Error level 1
2019-08-04 08:09:02.437	Update successful
2019-08-04 08:09:10.561	Option all = no
2019-08-04 08:09:10.561	Option recurse = yes
2019-08-04 08:09:10.561	Option archive = no
2019-08-04 08:09:10.561	Option service = yes
2019-08-04 08:09:10.561	Option confirm = yes
2019-08-04 08:09:10.561	Option sxl = yes
2019-08-04 08:09:10.563	Option max-data-age = 35
2019-08-04 08:09:10.563	Option vdl-logging = yes
2019-08-04 08:09:10.566	Customer ID:	094260ca9b3af99f9d4a3909fc47a743
2019-08-04 08:09:10.566	Machine ID:	8e8df933dac947d19fb6ef5247d0f48b
2019-08-04 08:09:10.566	Component SVRTcli.exe version 2.7.0
2019-08-04 08:09:10.566	Component control.dll version 2.7.0
2019-08-04 08:09:10.566	Component SVRTservice.exe version 2.7.0
2019-08-04 08:09:10.566	Component engine\osdp.dll version 1.44.1.2451
2019-08-04 08:09:10.566	Component engine\veex.dll version 3.76.0.2451
2019-08-04 08:09:10.566	Component engine\savi.dll version 9.0.14.2451
2019-08-04 08:09:10.566	Component rkdisk.dll version 1.5.33.1
2019-08-04 08:09:10.566	Version info:	Product version	2.7.0
2019-08-04 08:09:10.566	Version info:	Detection engine	3.76.0
2019-08-04 08:09:10.567	Version info:	Detection data	5.64
2019-08-04 08:09:10.567	Version info:	Build date	2019/06/03
2019-08-04 08:09:10.567	Version info:	Data files added	344
2019-08-04 08:09:10.567	Version info:	Last successful update	2019/08/04 16:09:02

2019-08-04 08:39:02.095	Could not open C:\hiberfil.sys
2019-08-04 08:39:54.494	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2019-08-04 08:39:54.494	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2019-08-04 08:39:54.495	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2019-08-04 08:39:54.495	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2019-08-04 08:39:54.495	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2019-08-04 08:39:54.495	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2019-08-04 08:39:54.495	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2019-08-04 08:39:54.495	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2019-08-04 08:41:31.673	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2019-08-04 08:41:31.673	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2019-08-04 08:41:31.673	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2019-08-04 08:41:31.673	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2019-08-04 08:41:31.673	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2019-08-04 08:41:31.674	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2019-08-04 08:41:31.674	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2019-08-04 08:41:31.674	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2019-08-04 08:42:14.843	Could not open C:\pagefile.sys
2019-08-04 08:43:01.753	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2019-08-04 08:43:01.753	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2019-08-04 08:43:01.753	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2019-08-04 08:43:01.753	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2019-08-04 08:43:01.754	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2019-08-04 08:43:01.754	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2019-08-04 08:43:01.754	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2019-08-04 08:43:01.754	>>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1633919597-1401767618-1652399544-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2019-08-04 08:49:25.542	Could not open C:\swapfile.sys
2019-08-04 08:49:25.600	Could not open C:\System Volume Information\{252cbb51-b61f-11e9-be45-38002561971a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-04 08:49:25.600	Could not open C:\System Volume Information\{252cbda1-b61f-11e9-be45-38002561971a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-04 08:49:25.600	Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-04 08:49:25.600	Could not open C:\System Volume Information\{5d2ff9e5-b617-11e9-be44-38002561971a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-04 08:49:25.600	Could not open C:\System Volume Information\{99be6e94-a95c-11e9-be34-38002561971a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-04 08:49:25.600	Could not open C:\System Volume Information\{f310032f-b608-11e9-be42-38002561971a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-04 08:49:25.600	Could not open C:\System Volume Information\{f31006d5-b608-11e9-be42-38002561971a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-04 08:52:34.651	Could not open C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Current Session
2019-08-04 08:52:34.651	Could not open C:\Users\Lim\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2019-08-04 08:53:01.996	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
2019-08-04 08:53:01.996	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.7.exe
2019-08-04 08:53:01.997	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
2019-08-04 08:53:01.999	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2019-08-04 08:53:01.999	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2019-08-04 08:53:01.999	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\python.exe
2019-08-04 08:53:02.000	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\python3.7.exe
2019-08-04 08:53:02.000	Could not open C:\Users\Lim\AppData\Local\Microsoft\WindowsApps\python3.exe
2019-08-04 08:57:30.043	Could not open C:\Windows\System32\config\BBI
2019-08-04 08:57:30.053	Could not open C:\Windows\System32\config\DRIVERS
2019-08-04 09:06:01.178	The following items will be cleaned up:
2019-08-04 09:06:01.178	Mal/Generic-S

 

Link to post
Share on other sites

Hiya Tenkuru,

Good to hear your system is ok for you, continue to clean up...

Uninstall the following program:

Sophos AV

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Right click on FRST here: C:\Users\antho\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.