Vlahotic Posted August 5, 2019 ID:1327746 Share Posted August 5, 2019 Somehow I picked up a couple of things along the way. Thankfully malwarebytes was able to get rid of most of them but there is this Trojan DNS changer that keeps coming back for whatever reason. Tried Malwarebytes, Adwcleaner and a few other things but it seems to come back, and the action taken always says "replaced" The attached files are: Malwarebytes1 - the old scan with more than a few of these trojans, seemed clean Malwarebytes2 - new scan from last night that picked up a few new ones FRST Addition - from FRST Malarebytes1.txt Malwarebytes2.txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 6, 2019 ID:1327948 Share Posted August 6, 2019 Hello Vlahotic and welcome to Malwarebytes, Continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system....https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in your reply... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
Vlahotic Posted August 6, 2019 Author ID:1327997 Share Posted August 6, 2019 Hi Kevin and thanks for the reply Fixlog: Spoiler Fix result of Farbar Recovery Scan Tool (x64) Version: 05-08-2019 Ran by vanov (06-08-2019 15:29:47) Run:3 Running from C:\Users\vanov\Downloads Loaded Profiles: vanov (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: RemoveProxy: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08052019011716625\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08052019011717547\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Policies\Explorer: [] HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) Task: {F224D6F6-9FC2-4A9E-AB2C-9A96E9EBF35D} - System32\Tasks\AutoPico Daily Restart => C:\Users\vanov\Documents\KMSpico [Argument = 10.1.8.2 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]\KMSpico.10.1.8.2\KMSpico Portable\AutoPico.exe /silent] CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{2f55fa18-2513-449f-824b-c7f82b63783d}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [DhcpNameServer] 77.78.192.20 94.140.66.194 S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X] 2019-08-02 18:42 - 2019-08-02 18:42 - 000000000 ____D C:\Users\vanov\AppData\Roaming\lizrdhoadvaf 2019-08-02 18:38 - 2019-08-03 11:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Z95900079 2019-08-02 18:38 - 2019-08-02 18:39 - 000000000 ____D C:\Users\vanov\AppData\Local\Mail.Ru 2019-08-02 18:38 - 2019-08-02 18:38 - 000168040 _____ C:\Users\vanov\Documents\ark_survival_evolved_valguero-codex.torrent 018-08-05 21:22 - 2016-07-04 20:44 - 000036807 ___SH () C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXD 2018-08-05 21:22 - 2016-07-04 20:44 - 000936960 ___SH (AutoIt Team) C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXDHX.exe 2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) C:\Users\vanov\AppData\Roaming\nEIyYgIZeYama.exe 2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) C:\Users\vanov\AppData\Roaming\NqBBYwmMSiqYz.exe 2018-08-05 21:22 - 2016-07-04 20:44 - 000207376 ___SH () C:\Users\vanov\AppData\Roaming\TTeVfaiSJcgY 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\vanov\AppData\Roaming\ukym.exe AlternateDataStreams: C:\Users\vanov:Heroes & Generals [38] AlternateDataStreams: C:\ProgramData\TEMP:7FAE3E0D [146] AlternateDataStreams: C:\Users\Public\AppData:CSM [484] FirewallRules: [{73080303-34FD-4F00-9E1B-7EE6475C3F9A}] => (Allow) LPort=8090 FirewallRules: [{C6BA6BFC-86AD-4895-ADE9-F41106D5A58D}] => (Allow) LPort=20443 FirewallRules: [{70C22CF6-F78B-426B-826E-61F01213A9FD}] => (Allow) LPort=33333 FirewallRules: [{75578217-692E-4F72-A7E7-9F9198FB2ED7}] => (Allow) LPort=6881 FirewallRules: [{9178C41A-9111-40A9-A402-02EACAB848D8}] => (Allow) LPort=27022 FirewallRules: [{85C76471-3256-4DC2-8A8D-7A84F0DB57BA}] => (Allow) LPort=7853 FirewallRules: [{50F242CD-6ABE-40F0-8956-8653467B1D2B}] => (Allow) LPort=7852 FirewallRules: [{1722B15B-57FD-4053-A5C7-6BB55C07CADF}] => (Allow) LPort=7850 FirewallRules: [{E1A75FFC-CF26-481F-8B85-CB0F4C10D6D6}] => (Allow) LPort=3478 FirewallRules: [{A2210CD9-51BF-4B4E-A05C-753EA59EC131}] => (Allow) LPort=20010 FirewallRules: [{E6BC36A6-167D-484F-89F7-7E53CDBADBC1}] => (Allow) LPort=443 FirewallRules: [{28737E4A-BB50-4F07-8435-46C2E60109B8}] => (Allow) LPort=80 FirewallRules: [{5C054E11-96F4-48F9-BD6A-81C5E092402B}] => (Allow) LPort=12292 FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 File: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat Hosts: CMD: winmgmt /verifyrepository CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => not found HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08052019011716625\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry. "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => not found HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08052019011717547\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry. "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => not found "HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F224D6F6-9FC2-4A9E-AB2C-9A96E9EBF35D}" => not found "C:\WINDOWS\System32\Tasks\AutoPico Daily Restart" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => not found HKLM\SOFTWARE\Policies\Google => not found HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\SOFTWARE\Policies\Google => not found "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => not found "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2f55fa18-2513-449f-824b-c7f82b63783d}\\DhcpNameServer" => not found "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}\\DhcpNameServer" => not found "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}\\DhcpNameServer" => not found amsdk => service not found. "C:\Users\vanov\AppData\Roaming\lizrdhoadvaf" => not found "C:\Users\vanov\AppData\Roaming\Z95900079" => not found "C:\Users\vanov\AppData\Local\Mail.Ru" => not found "C:\Users\vanov\Documents\ark_survival_evolved_valguero-codex.torrent" => not found 018-08-05 21:22 - 2016-07-04 20:44 - 000036807 ___SH () C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXD => Error: No automatic fix found for this entry. "C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXDHX.exe" => not found "C:\Users\vanov\AppData\Roaming\nEIyYgIZeYama.exe" => not found "C:\Users\vanov\AppData\Roaming\NqBBYwmMSiqYz.exe" => not found "C:\Users\vanov\AppData\Roaming\TTeVfaiSJcgY" => not found "C:\Users\vanov\AppData\Roaming\ukym.exe" => not found "C:\Users\vanov" => ":Heroes & Generals" ADS not found. "C:\ProgramData\TEMP" => ":7FAE3E0D" ADS not found. "C:\Users\Public\AppData" => ":CSM" ADS not found. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73080303-34FD-4F00-9E1B-7EE6475C3F9A}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6BA6BFC-86AD-4895-ADE9-F41106D5A58D}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70C22CF6-F78B-426B-826E-61F01213A9FD}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75578217-692E-4F72-A7E7-9F9198FB2ED7}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9178C41A-9111-40A9-A402-02EACAB848D8}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85C76471-3256-4DC2-8A8D-7A84F0DB57BA}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50F242CD-6ABE-40F0-8956-8653467B1D2B}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1722B15B-57FD-4053-A5C7-6BB55C07CADF}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1A75FFC-CF26-481F-8B85-CB0F4C10D6D6}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2210CD9-51BF-4B4E-A05C-753EA59EC131}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6BC36A6-167D-484F-89F7-7E53CDBADBC1}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28737E4A-BB50-4F07-8435-46C2E60109B8}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C054E11-96F4-48F9-BD6A-81C5E092402B}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0" => not found ========================= File: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat ======================== C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat File not signed MD5: 5C5A797761421CF9B72087F3BC8A5259 Creation and modification date: 2019-08-05 01:17 - 2019-08-05 01:17 Size: 000000180 Attributes: ----A Company Name: Internal Name: Original Name: Product: Description: File Version: Product Version: Copyright: VirusTotal: 0 ====== End of File: ====== C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= winmgmt /verifyrepository ========= WMI repository is consistent ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 12083200 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 0 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 20886 B Edge => 0 B Chrome => 0 B Firefox => 136219150 B Opera => 20118958 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 1083 B LocalService => 2418 B LocalService => 0 B NetworkService => 5260 B NetworkService => 0 B defaultuser0 => 0 B vanov => 259123132 B SQLTELEMETRY => 0 B MSSQLSERVER => 0 B RecycleBin => 0 B EmptyTemp: => 407.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:32:42 ==== Malwarebytes log: Spoiler Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/6/19 Scan Time: 3:40 PM Log File: d24b6db8-b84f-11e9-a566-2c600ced4dad.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11880 License: Trial -System Information- OS: Windows 10 (Build 17134.885) CPU: x64 File System: NTFS User: DESKTOP-ME49L6T\vanov -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 469416 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 32 min, 13 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Misplaced.Legit.BatBitRst, C:\USERS\VANOV\APPDATA\ROAMING\ICFB.EXE, Quarantined, [10838], [632791],1.0.11880 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) AdwCleaner log: Spoiler # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-08-05.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 08-06-2019 # Duration: 00:01:06 # OS: Windows 10 Pro # Scanned: 35860 # Detected: 4 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.DriverBooster C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (VANOV) ***** [ Registry ] ***** PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7912BE27-F5E8-4834-83EE-7EE061EBAC80} PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7912BE27-F5E8-4834-83EE-7EE061EBAC80} PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (VANOV) ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [5239 octets] - [23/06/2018 21:29:01] AdwCleaner[C00].txt - [4861 octets] - [23/06/2018 21:30:25] AdwCleaner[S01].txt - [1363 octets] - [09/07/2018 20:50:38] AdwCleaner[C01].txt - [1549 octets] - [09/07/2018 20:51:02] AdwCleaner[S02].txt - [1485 octets] - [23/07/2018 20:38:13] AdwCleaner[C02].txt - [1671 octets] - [23/07/2018 21:01:32] AdwCleaner[S03].txt - [6706 octets] - [02/08/2019 19:03:03] AdwCleaner[C03].txt - [6126 octets] - [02/08/2019 19:04:10] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ########## MSRT log: Spoiler --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3) Started On Tue Aug 6 16:34:15 2019 Engine: 1.1.16000.6 Signatures: 1.295.1362.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 6 16:54:55 2019 Return code: 0 (0x0) FRST log: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-08-2019 Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (06-08-2019 16:55:16) Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (WinGuard Inc.) [File not signed] C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed] HKLM-x32\...\Run: [WGP] => [X] HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-08-06] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13] ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited) Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-05-03] (Microsoft Corporation -> ) Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed] Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {F864E56C-BEAD-4736-A904-468DAE9859D4} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-07-24] (Opera Software AS -> Opera Software) Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}: [NameServer] ,116.203.6.218 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}: [NameServer] ,116.203.6.218 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [NameServer] ,116.203.6.218 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085 FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-06] FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 4 FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26] FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json] FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02] FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06] FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe Opera: ======= OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15] OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02] OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02] OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02] OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> ) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH) S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm)) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-06] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-06] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-06] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-06] (Malwarebytes Corporation -> Malwarebytes) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation) R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation) NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-06 16:55 - 2019-08-06 16:58 - 000034274 _____ C:\Users\vanov\Downloads\FRST.txt 2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe 2019-08-06 16:30 - 2019-08-06 16:30 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-06 16:30 - 2019-08-06 16:30 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-08-06 16:29 - 2019-08-06 16:29 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-06 16:29 - 2019-08-06 16:29 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-06 16:29 - 2019-08-06 16:29 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-06 16:28 - 2019-08-06 16:29 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt 2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog.txt 2019-08-06 15:20 - 2019-08-06 15:20 - 002096640 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe 2019-08-06 15:20 - 2019-08-06 15:20 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion 2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf 2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games 2019-08-06 13:42 - 2019-08-06 13:42 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects 2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine 2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk 2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt 2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt 2019-08-05 11:08 - 2019-08-06 16:55 - 000000000 ____D C:\FRST 2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt 2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt 2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url 2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk 2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe 2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk 2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe 2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe 2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg 2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe 2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner 2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt 2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe 2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK 2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana 2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe 2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip 2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe 2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray 2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-03 10:51 - 2019-08-03 10:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-03 10:42 - 2019-08-03 10:46 - 000000000 ____D C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0 2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip 2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data 2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset 2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso 2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther 2019-08-02 19:00 - 2019-08-02 19:00 - 000000000 ____D C:\ProgramData\TmpLoog 2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe 2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe 2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_ 2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3 2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive 2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf 2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe 2019-07-30 15:00 - 2019-07-30 15:00 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487 2019-07-30 15:00 - 2019-07-30 15:00 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com 2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp 2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf 2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf 2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf 2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt 2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt 2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order 2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games 2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe 2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm 2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe 2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt 2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe 2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe 2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-07-11 01:36 - 2019-07-11 01:36 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001 2019-07-11 01:36 - 2019-07-11 01:36 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-10 16:47 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-07-10 16:47 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-07-10 16:47 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-07-10 16:47 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-07-10 16:47 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-07-10 16:47 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-07-10 16:47 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-07-10 16:47 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-07-10 16:47 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-07-10 16:47 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-07-10 16:47 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-07-10 16:47 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-07-10 16:47 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-07-10 16:47 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-07-10 16:47 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2019-07-10 16:47 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-07-10 16:47 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-07-10 16:47 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-07-10 16:47 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-07-10 16:47 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2019-07-10 16:46 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-07-10 16:46 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-07-10 16:46 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-07-10 16:46 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-07-10 16:46 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-07-10 16:46 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-07-10 16:46 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2019-07-10 16:46 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-07-10 16:46 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000343496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:27 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys 2019-07-10 16:46 - 2019-07-04 06:26 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe 2019-07-10 16:46 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-07-10 16:46 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-07-10 16:46 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-07-10 16:46 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-07-10 16:46 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-07-10 16:46 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-07-10 16:46 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-07-10 16:46 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-07-10 16:46 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-07-10 16:46 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-07-10 16:46 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-07-10 16:46 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-07-10 16:46 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-07-10 16:46 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2019-07-10 16:46 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-07-10 16:46 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2019-07-10 16:46 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2019-07-10 16:46 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-07-10 16:46 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2019-07-10 16:46 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2019-07-10 16:46 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2019-07-10 16:46 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-07-10 16:46 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-07-10 16:46 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-07-10 16:46 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2019-07-10 16:46 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2019-07-10 16:46 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-07-10 16:46 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2019-07-10 16:46 - 2019-06-13 08:58 - 002300528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe 2019-07-10 16:46 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-07-10 16:46 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-07-10 16:46 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-07-10 16:46 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-07-10 16:46 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-07-10 16:46 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-07-10 16:46 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2019-07-10 16:46 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-07-10 16:46 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-07-10 01:40 - 2019-07-10 01:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6 2019-07-08 16:12 - 2019-07-08 16:12 - 000001149 _____ C:\Users\Public\Desktop\Opera Browser.lnk ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-06 16:54 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-06 16:32 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla 2019-08-06 16:30 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles 2019-08-06 16:29 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2019-08-06 16:28 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-06 16:28 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-06 16:27 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-06 16:17 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER 2019-08-06 16:17 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-08-06 15:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp 2019-08-06 15:18 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031} 2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent 2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord 2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine 2019-08-06 13:40 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2019-08-06 09:54 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games 2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR 2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games 2019-08-04 19:53 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl 2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify 2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify 2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher 2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic 2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype 2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java 2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java 2019-08-03 13:36 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer 2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin 2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk 2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin 2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++ 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++ 2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders 2019-08-03 13:05 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera 2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC 2019-08-03 12:53 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite 2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-03 11:29 - 2018-08-05 21:23 - 000000000 ____D C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B 2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-02 19:30 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov 2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit 2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu 2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games 2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games 2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages 2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee 2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-25 18:26 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc 2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache 2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android 2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games 2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects 2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V 2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-07-11 01:36 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive 2019-07-10 16:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-07-10 16:46 - 2016-10-13 16:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-10 16:25 - 2016-10-13 16:00 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-07-09 20:52 - 2018-05-23 16:38 - 000004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-07-09 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-07-09 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-07-09 19:52 - 2018-05-23 16:38 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier ==================== Files in the root of some directories ================ 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\EOdEHTIio.exe 2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat 2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile 2018-08-05 21:22 - 2015-03-21 23:48 - 181614692 ___SH (Random Alex ) C:\Users\vanov\AppData\Roaming\Cracked Steam V4.exe 2018-08-05 21:22 - 2016-07-04 20:44 - 000036807 ___SH () C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXD 2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp 2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg 2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat 2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini 2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log 2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel 2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\vanov\AppData\Local\RhyHbetXu.exe 2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml 2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log 2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml 2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition log: Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2019 Ran by vanov (06-08-2019 17:00:32) Running from C:\Users\vanov\Downloads Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled) ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled) DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled) vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden .NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation) Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation) Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation) Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1100.314 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.99 (HKLM-x32\...\Opera 62.0.3331.99) (Version: 62.0.3331.99 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear) TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - ) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.586 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream) MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02] CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ==================== Loaded Modules (Whitelisted) ============== 2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll 2016-09-24 08:53 - 2016-09-24 08:53 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll 2018-01-11 18:39 - 2008-05-23 00:25 - 000043520 ____N (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll 2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL 2019-01-19 22:21 - 2019-01-19 22:21 - 000030720 _____ (WinGuard Inc.) [File not signed] C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-06 15:31 - 2019-08-06 16:17 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2018-08-04 16:06 - 2019-08-06 16:29 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 0 4 14 29 44 406 37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 77.78.192.20 - 94.140.66.194 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Idvsoft" HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{FA92DF2E-5413-4A71-9FEB-A88C6BC85620}] => (Allow) \crime.exe No File FirewallRules: [{93B1D858-48BF-4365-A31B-2A746418DA9E}] => (Allow) \crime.exe No File FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{829032A2-3D4E-4625-A6AC-C5472A4CAD8F}] => (Allow) C:\Users\vanov\AppData\Roaming\ukym.exe No File FirewallRules: [{8F41725E-00E7-441B-AB63-B4098150BFD2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CAD307C7-4AB9-4568-9202-9A96F13EE5A0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F8658AA4-659E-4738-A8F3-10D5B21C9014}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2B135BAA-8782-4576-8B09-A3A5104E674B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CBE67B0D-E3A2-47A0-9D9C-4A96A71123F7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{88A5690A-4C1A-4009-A517-E46CDD71C61D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9B5D35D8-B815-41CC-AB80-E96CDB7A076C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5909ED89-D4A8-472A-B9FB-64E52AF40D69}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{023A9C49-90ED-46DA-B31B-927D498C82DF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31A12E40-94D8-4EBE-918A-F038F68F4143}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8923168C-1CCB-432D-A201-56DAFE047329}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B8832F38-4A2A-466B-8C61-2CEC1E0C6D21}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{BF9A9DBE-706D-4041-828B-3FEAD09AA806}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AB25BC94-93E5-4FA2-8DA8-CD14037FF5F1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C8DC3BA-784B-472F-862E-FBC63D80A7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CA7AD008-CD98-4D99-B60D-22C430D2E199}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{1AB20D79-1A14-40B6-AB43-3C8574EBD662}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{65A105B5-724F-4E3E-87D8-46EED707E4EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C6E37AA3-AE2D-43ED-85F1-58FCB47F6002}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{26DC9510-C1DB-421A-93B5-33D62B61C2EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{36C86FB1-BD71-40AD-91A0-949C16507152}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5EB85F8F-EB0B-4754-89FC-0E731AB75186}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{542253F9-2267-4C60-B0EC-8B09E0D8CD27}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D29C4F92-4A08-455B-9EDD-2481F589F20A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EAB63EC6-840F-474A-BF7E-A4CAC240D5E7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B513C4A7-5DA5-4D37-837D-416F3145E4CC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3777AF3C-8C7A-4F4A-9EBF-DDB8992B26D9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CB5270C0-F3CC-4A9D-8875-4F221116BF31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{968872DC-7035-47B7-9714-D5307F4770BA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{4605227E-5E82-44AC-AC14-00BC224964A2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{89B42E9F-CAF9-4BA2-9425-F70309632F8D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B98B9A63-6919-4992-B7E1-85D3EC917DD5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AAA7915C-7E16-4740-8A9E-E28C59A0A782}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7985DF1A-A135-4EBD-816E-EE4C335A89B7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{702C9838-7148-43F2-B5E4-E473B0E87464}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{56F7A137-B4B7-4678-A9B6-E35A25B5FDEB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3879BDEE-BD20-48F4-BD90-E1223C44477A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B57B19B7-8702-4EFE-A84C-01A5E7A6B7EC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D36DD5EA-15C4-4353-8385-033486803E98}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D7E562D2-7670-4B4D-8F28-39A4D1727B40}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8E810D29-4DBD-4E61-B3A1-CAC0F8464A33}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{FB5070B5-AD19-46DB-95DA-ECE01A8BC1FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{83FD4894-C1ED-432E-B1A9-1D7F57E5C9B6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{27F6044F-5F0D-49DF-B8D1-765988DFD7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{21C4E138-427E-43A4-95A4-6D7525E2947E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDC07F9D-3F72-4DAA-9930-12F203F91B31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2A720802-A63D-40B2-89C7-7D74B2DD45CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C27E3A0D-09F2-45A1-931C-4B404A8111C7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7B008662-8837-4CD8-9370-6CAD29667880}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B080A7D6-F3B2-462D-B9FD-BF0693AB1046}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{6AB0C2A9-BB92-4032-BEB5-13F5A1871F4F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{50F0B228-5B58-4A85-B5EF-46A34A0145C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{E54DD5BA-8479-4E4F-98EC-EF0D104C8A96}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EB7A11A3-928E-49F1-BE54-A9F3FA1C1073}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{99D43725-0653-470B-AF94-6C441CC69138}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5EF2CAF-721A-4C5C-8483-13D41F39F802}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31AAE78E-B827-4FE2-BDF1-D07BBC3C53C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C2AA84A-A775-424F-BE76-D7A7E64B8913}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDDF1BBF-1FBA-4951-BD5D-8E78DE9B94AF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{69DE4C1C-9948-43DA-8117-0638D675C92C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{518CEBF9-BD72-4D06-846B-6A2BA17B0A2F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{16998AA0-65E4-458F-B1DE-0AD7B27E4BA4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{296AD0B4-485D-4513-A0BC-5DBCF5BFCBB1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{29A0BA6B-C71A-4EA4-9B1E-E0F787CB4E42}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3FC15D18-2693-44AD-9DC6-DA9169DAB414}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D8E7C227-A2AE-475D-A0EC-CB2DB344F288}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D60513CC-338F-44D1-8138-77B44746F206}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75FEBAE7-9B61-4C2E-B4DF-976C354F6674}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{85EA759A-A7D3-448C-BEF1-C50701ABD759}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F771026E-8F29-4837-A239-A7F5148E8E83}] => (Allow) C:\Users\vanov\AppData\Local\RhyHbetXu.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{877999C0-5833-46B7-AF54-9C2AFF0F0CB7}] => (Allow) C:\WINDOWS\SysWOW64\DUXfVAre.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EEB021AA-D67E-4EB2-821C-6A34926401CF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5FD1AEB-DE14-4230-AAC7-693393F5D5FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C0CB0CD2-7539-4833-9D34-0AE0D849B9CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{41B8465E-21B0-4E05-88A5-D5DA0D3ECE1A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75BF73FF-6F83-4AE8-A387-9882BF970F59}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CEE562A7-6AC2-4FCE-A804-C24004963502}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{09D1AD8A-947B-4D15-9DF9-EF7052004060}] => (Allow) C:\Program Files (x86)\EOdEHTIio.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{04E92B50-4438-490F-AD0A-8A8D4690BB9A}] => (Allow) C:\Users\vanov\AppData\Roaming\IcfB.exe No File FirewallRules: [{0847666D-7803-48B0-A179-929EB14949CB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{23F21C00-3FCE-4B69-A614-B10A530429F3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8D4D8A90-06AA-4EDE-BA9E-030C90620E9F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9A53C3C1-7D91-41C5-BF51-9EEE8BF63AA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F977589F-264D-4EBD-AA20-B43EB4D31C2D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{0A7E9429-DF43-4CE9-8FAA-88A43C8F9F4E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8453B096-46C7-43E7-B521-7A92F2770575}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{393E2F76-0185-44CA-9A7E-26BDD6E4EE6D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DEDF9721-C8FC-44B3-930F-886149770F0E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B1C9116F-5C4A-4D06-91FA-58DF1B4602F8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24C43D6E-DCAF-455D-B2E9-2960D29E2EC2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DBF655DC-C5FA-4DD3-B36B-5E14D88D5886}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B5D37EB1-173D-44F8-B9CC-E051924FAC26}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D339B50B-6443-433D-9DD9-6AE3BF9B60CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24E2D0B2-BF34-4E85-AAB1-BDB5A1323141}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [TCP Query User{FE4E9A3A-457F-4621-9441-7F63D069E3B8}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{951AEC0B-8193-40FC-B42A-7DEAB8C2B3E5}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{839CE403-EFDC-4DBF-8E4B-5CBECE74F5EB}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.72\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 ==================== Restore Points ========================= 04-08-2019 19:51:14 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2019 04:54:44 PM) (Source: Perflib) (EventID: 1017) (User: ) Description: Disabled performance counter data collection from the "ASP.NET_1.1.4322" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service. Error: (08/06/2019 04:54:44 PM) (Source: Perflib) (EventID: 1021) (User: ) Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_1.1.4322 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe. Error: (08/06/2019 04:54:43 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (08/06/2019 04:33:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/06/2019 04:33:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/06/2019 04:33:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/06/2019 04:21:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/06/2019 04:21:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (08/06/2019 04:33:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/06/2019 04:33:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/06/2019 04:30:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/06/2019 04:30:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (08/06/2019 04:29:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/06/2019 04:29:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SQL Server CEIP service (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/06/2019 04:29:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SQLTELEMETRY service to connect. Error: (08/06/2019 04:29:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TunnelBearMaintenance service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Windows Defender: =================================== Date: 2019-08-03 11:26:37.257 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-28 20:29:32.996 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-27 15:24:11.683 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B051F21A-7CA7-4CEB-B17E-C232F8D55836} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 18:26:15.579 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {E3880AC6-1B50-4637-B3CD-9BA75F3BC358} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 10:30:38.256 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {DC3ED97C-0FD0-4B75-B285-8294087F653B} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:04:51.511 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 10:48:53.266 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-02 21:50:23.754 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:34:43.457 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:16:13.596 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-08-03 11:42:32.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:42:31.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 32% Total physical RAM: 12203.32 MB Available physical RAM: 8273.99 MB Total Virtual: 13611.32 MB Available Virtual: 9701.96 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:465.21 GB) (Free:68.85 GB) NTFS \\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ That's all of them Link to post Share on other sites More sharing options...
kevinf80 Posted August 6, 2019 ID:1328006 Share Posted August 6, 2019 Thanks for those logs, unfortunately the dns changer is still present. I note that you ran the fix three (3) times, any reason for that..? Continue: Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Next, Reset your router, instructons available at the following link:http://setuprouter.com/networking/how-to-reset-your-router/ Follow those instructions very carefully. Next, Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary. Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run. rom the left hand pane select "Flush DNS" From the main interface select the dropdown under "Choose a DNS Server" From the list select either "Google Public DNS" or "Open DNS" From the left hand pane select "Apply DNS" When done re-boot your system.... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in your reply... Thank you, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2019 ID:1328583 Share Posted August 9, 2019 Any progress....? Link to post Share on other sites More sharing options...
Vlahotic Posted August 9, 2019 Author ID:1328588 Share Posted August 9, 2019 Sorry for not responding immediately I wasn't home. I ran the fix three times because the first two it just stopped working and crashed when it got to cleaning mozilla (it wasn't running in the background) and I ran it as admin (windows gave me the prompt every time), the third time it finished properly. I have ran the DNS fixer, and I have reset my router These are the logs FRST before DNS: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02 Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (09-08-2019 10:30:43) Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed] HKLM-x32\...\Run: [WGP] => [X] HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-08-06] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13] ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited) Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> ) Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software) Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed] Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [NameServer] 116.203.6.218 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085 FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-09] FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 4 FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26] FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json] FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02] FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06] FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe Opera: ======= OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15] OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02] OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02] OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02] OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> ) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH) S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm)) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-07] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-07] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-07] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-07] (Malwarebytes Corporation -> Malwarebytes) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation) R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation) NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper 2019-08-09 10:30 - 2019-08-09 10:33 - 000034860 _____ C:\Users\vanov\Downloads\FRST.txt 2019-08-09 10:30 - 2019-08-09 10:30 - 002096640 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe 2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip 2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487 2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-08-07 12:08 - 2019-08-07 12:08 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-07 12:08 - 2019-08-07 12:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-08-07 12:07 - 2019-08-07 12:07 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-07 12:07 - 2019-08-07 12:07 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-07 12:06 - 2019-08-07 12:06 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-07 12:06 - 2019-08-07 12:06 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc 2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool 2019-08-06 17:42 - 2019-08-09 10:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-06 17:00 - 2019-08-06 17:06 - 000105806 _____ C:\Users\vanov\Downloads\Addition2.txt 2019-08-06 16:55 - 2019-08-06 17:06 - 000088273 _____ C:\Users\vanov\Downloads\FRST2.txt 2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe 2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt 2019-08-06 15:20 - 2019-08-09 10:30 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion 2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog.txt 2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf 2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games 2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects 2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine 2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk 2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt 2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt 2019-08-05 11:08 - 2019-08-09 10:30 - 000000000 ____D C:\FRST 2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt 2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt 2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url 2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk 2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe 2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk 2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe 2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe 2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg 2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe 2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner 2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt 2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe 2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK 2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana 2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe 2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip 2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe 2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray 2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-03 10:51 - 2019-08-03 10:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-03 10:42 - 2019-08-03 10:46 - 000000000 ____D C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0 2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip 2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data 2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset 2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso 2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther 2019-08-02 19:00 - 2019-08-02 19:00 - 000000000 ____D C:\ProgramData\TmpLoog 2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe 2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe 2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_ 2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3 2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive 2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf 2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com 2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp 2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf 2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf 2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf 2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt 2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt 2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order 2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games 2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe 2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm 2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe 2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt 2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe 2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe 2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-07-11 01:36 - 2019-07-11 01:36 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001 2019-07-11 01:36 - 2019-07-11 01:36 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-10 16:47 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-07-10 16:47 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-07-10 16:47 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-07-10 16:47 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-07-10 16:47 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-07-10 16:47 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-07-10 16:47 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-07-10 16:47 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-07-10 16:47 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-07-10 16:47 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-07-10 16:47 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-07-10 16:47 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-07-10 16:47 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-07-10 16:47 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-07-10 16:47 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2019-07-10 16:47 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-07-10 16:47 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-07-10 16:47 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-07-10 16:47 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-07-10 16:47 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2019-07-10 16:46 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-07-10 16:46 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-07-10 16:46 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-07-10 16:46 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-07-10 16:46 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-07-10 16:46 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-07-10 16:46 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2019-07-10 16:46 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-07-10 16:46 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000343496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:27 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys 2019-07-10 16:46 - 2019-07-04 06:26 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe 2019-07-10 16:46 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-07-10 16:46 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-07-10 16:46 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-07-10 16:46 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-07-10 16:46 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-07-10 16:46 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-07-10 16:46 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-07-10 16:46 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-07-10 16:46 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-07-10 16:46 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-07-10 16:46 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-07-10 16:46 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-07-10 16:46 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-07-10 16:46 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2019-07-10 16:46 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-07-10 16:46 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2019-07-10 16:46 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2019-07-10 16:46 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-07-10 16:46 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2019-07-10 16:46 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2019-07-10 16:46 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2019-07-10 16:46 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-07-10 16:46 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-07-10 16:46 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-07-10 16:46 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2019-07-10 16:46 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2019-07-10 16:46 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-07-10 16:46 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2019-07-10 16:46 - 2019-06-13 08:58 - 002300528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe 2019-07-10 16:46 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-07-10 16:46 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-07-10 16:46 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-07-10 16:46 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-07-10 16:46 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-07-10 16:46 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-07-10 16:46 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2019-07-10 16:46 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-07-10 16:46 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-07-10 01:40 - 2019-07-10 01:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6 ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-09 10:28 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-09 10:28 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla 2019-08-09 04:17 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031} 2019-08-08 23:28 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-08 23:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-08 22:17 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer 2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera 2019-08-07 12:08 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles 2019-08-07 12:07 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2019-08-07 12:06 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-07 12:05 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-07 12:04 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-06 20:01 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc 2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup 2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet 2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet 2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-06 16:17 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER 2019-08-06 16:17 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp 2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent 2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord 2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine 2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games 2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR 2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games 2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl 2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify 2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify 2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher 2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic 2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype 2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java 2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java 2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin 2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk 2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin 2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++ 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++ 2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders 2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC 2019-08-03 12:53 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite 2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-03 11:29 - 2018-08-05 21:23 - 000000000 ____D C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B 2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-02 19:30 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov 2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit 2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu 2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games 2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games 2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages 2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee 2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache 2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android 2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games 2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects 2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V 2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-07-11 01:36 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive 2019-07-10 16:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-07-10 16:46 - 2016-10-13 16:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-10 16:25 - 2016-10-13 16:00 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ================ 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\EOdEHTIio.exe 2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat 2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile 2018-08-05 21:22 - 2015-03-21 23:48 - 181614692 ___SH (Random Alex ) C:\Users\vanov\AppData\Roaming\Cracked Steam V4.exe 2018-08-05 21:22 - 2016-07-04 20:44 - 000036807 ___SH () C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXD 2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp 2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg 2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat 2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini 2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log 2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel 2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\vanov\AppData\Local\RhyHbetXu.exe 2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml 2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log 2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml 2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition before DNS: Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02 Ran by vanov (09-08-2019 10:35:32) Running from C:\Users\vanov\Downloads Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled) ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled) DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled) vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden .NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation) Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation) Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation) Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear) TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - ) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream) MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02] CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ==================== Loaded Modules (Whitelisted) ============== 2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll 2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-06 15:31 - 2019-08-06 16:17 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2018-08-04 16:06 - 2019-08-07 12:07 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 1 5 10 7 13 54 37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 77.78.192.20 - 94.140.66.194 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Idvsoft" HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{FA92DF2E-5413-4A71-9FEB-A88C6BC85620}] => (Allow) \crime.exe No File FirewallRules: [{93B1D858-48BF-4365-A31B-2A746418DA9E}] => (Allow) \crime.exe No File FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{829032A2-3D4E-4625-A6AC-C5472A4CAD8F}] => (Allow) C:\Users\vanov\AppData\Roaming\ukym.exe No File FirewallRules: [{8F41725E-00E7-441B-AB63-B4098150BFD2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CAD307C7-4AB9-4568-9202-9A96F13EE5A0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F8658AA4-659E-4738-A8F3-10D5B21C9014}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2B135BAA-8782-4576-8B09-A3A5104E674B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CBE67B0D-E3A2-47A0-9D9C-4A96A71123F7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{88A5690A-4C1A-4009-A517-E46CDD71C61D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9B5D35D8-B815-41CC-AB80-E96CDB7A076C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5909ED89-D4A8-472A-B9FB-64E52AF40D69}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{023A9C49-90ED-46DA-B31B-927D498C82DF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31A12E40-94D8-4EBE-918A-F038F68F4143}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8923168C-1CCB-432D-A201-56DAFE047329}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B8832F38-4A2A-466B-8C61-2CEC1E0C6D21}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{BF9A9DBE-706D-4041-828B-3FEAD09AA806}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AB25BC94-93E5-4FA2-8DA8-CD14037FF5F1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C8DC3BA-784B-472F-862E-FBC63D80A7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CA7AD008-CD98-4D99-B60D-22C430D2E199}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{1AB20D79-1A14-40B6-AB43-3C8574EBD662}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{65A105B5-724F-4E3E-87D8-46EED707E4EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C6E37AA3-AE2D-43ED-85F1-58FCB47F6002}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{26DC9510-C1DB-421A-93B5-33D62B61C2EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{36C86FB1-BD71-40AD-91A0-949C16507152}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5EB85F8F-EB0B-4754-89FC-0E731AB75186}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{542253F9-2267-4C60-B0EC-8B09E0D8CD27}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D29C4F92-4A08-455B-9EDD-2481F589F20A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EAB63EC6-840F-474A-BF7E-A4CAC240D5E7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B513C4A7-5DA5-4D37-837D-416F3145E4CC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3777AF3C-8C7A-4F4A-9EBF-DDB8992B26D9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CB5270C0-F3CC-4A9D-8875-4F221116BF31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{968872DC-7035-47B7-9714-D5307F4770BA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{4605227E-5E82-44AC-AC14-00BC224964A2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{89B42E9F-CAF9-4BA2-9425-F70309632F8D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B98B9A63-6919-4992-B7E1-85D3EC917DD5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AAA7915C-7E16-4740-8A9E-E28C59A0A782}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7985DF1A-A135-4EBD-816E-EE4C335A89B7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{702C9838-7148-43F2-B5E4-E473B0E87464}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{56F7A137-B4B7-4678-A9B6-E35A25B5FDEB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3879BDEE-BD20-48F4-BD90-E1223C44477A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B57B19B7-8702-4EFE-A84C-01A5E7A6B7EC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D36DD5EA-15C4-4353-8385-033486803E98}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D7E562D2-7670-4B4D-8F28-39A4D1727B40}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8E810D29-4DBD-4E61-B3A1-CAC0F8464A33}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{FB5070B5-AD19-46DB-95DA-ECE01A8BC1FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{83FD4894-C1ED-432E-B1A9-1D7F57E5C9B6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{27F6044F-5F0D-49DF-B8D1-765988DFD7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{21C4E138-427E-43A4-95A4-6D7525E2947E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDC07F9D-3F72-4DAA-9930-12F203F91B31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2A720802-A63D-40B2-89C7-7D74B2DD45CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C27E3A0D-09F2-45A1-931C-4B404A8111C7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7B008662-8837-4CD8-9370-6CAD29667880}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B080A7D6-F3B2-462D-B9FD-BF0693AB1046}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{6AB0C2A9-BB92-4032-BEB5-13F5A1871F4F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{50F0B228-5B58-4A85-B5EF-46A34A0145C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{E54DD5BA-8479-4E4F-98EC-EF0D104C8A96}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EB7A11A3-928E-49F1-BE54-A9F3FA1C1073}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{99D43725-0653-470B-AF94-6C441CC69138}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5EF2CAF-721A-4C5C-8483-13D41F39F802}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31AAE78E-B827-4FE2-BDF1-D07BBC3C53C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C2AA84A-A775-424F-BE76-D7A7E64B8913}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDDF1BBF-1FBA-4951-BD5D-8E78DE9B94AF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{69DE4C1C-9948-43DA-8117-0638D675C92C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{518CEBF9-BD72-4D06-846B-6A2BA17B0A2F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{16998AA0-65E4-458F-B1DE-0AD7B27E4BA4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{296AD0B4-485D-4513-A0BC-5DBCF5BFCBB1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{29A0BA6B-C71A-4EA4-9B1E-E0F787CB4E42}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3FC15D18-2693-44AD-9DC6-DA9169DAB414}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D8E7C227-A2AE-475D-A0EC-CB2DB344F288}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D60513CC-338F-44D1-8138-77B44746F206}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75FEBAE7-9B61-4C2E-B4DF-976C354F6674}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{85EA759A-A7D3-448C-BEF1-C50701ABD759}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F771026E-8F29-4837-A239-A7F5148E8E83}] => (Allow) C:\Users\vanov\AppData\Local\RhyHbetXu.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{877999C0-5833-46B7-AF54-9C2AFF0F0CB7}] => (Allow) C:\WINDOWS\SysWOW64\DUXfVAre.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EEB021AA-D67E-4EB2-821C-6A34926401CF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5FD1AEB-DE14-4230-AAC7-693393F5D5FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C0CB0CD2-7539-4833-9D34-0AE0D849B9CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{41B8465E-21B0-4E05-88A5-D5DA0D3ECE1A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75BF73FF-6F83-4AE8-A387-9882BF970F59}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CEE562A7-6AC2-4FCE-A804-C24004963502}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{09D1AD8A-947B-4D15-9DF9-EF7052004060}] => (Allow) C:\Program Files (x86)\EOdEHTIio.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{04E92B50-4438-490F-AD0A-8A8D4690BB9A}] => (Allow) C:\Users\vanov\AppData\Roaming\IcfB.exe No File FirewallRules: [{0847666D-7803-48B0-A179-929EB14949CB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{23F21C00-3FCE-4B69-A614-B10A530429F3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8D4D8A90-06AA-4EDE-BA9E-030C90620E9F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9A53C3C1-7D91-41C5-BF51-9EEE8BF63AA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F977589F-264D-4EBD-AA20-B43EB4D31C2D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{0A7E9429-DF43-4CE9-8FAA-88A43C8F9F4E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8453B096-46C7-43E7-B521-7A92F2770575}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{393E2F76-0185-44CA-9A7E-26BDD6E4EE6D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DEDF9721-C8FC-44B3-930F-886149770F0E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B1C9116F-5C4A-4D06-91FA-58DF1B4602F8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24C43D6E-DCAF-455D-B2E9-2960D29E2EC2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DBF655DC-C5FA-4DD3-B36B-5E14D88D5886}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B5D37EB1-173D-44F8-B9CC-E051924FAC26}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D339B50B-6443-433D-9DD9-6AE3BF9B60CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24E2D0B2-BF34-4E85-AAB1-BDB5A1323141}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [TCP Query User{FE4E9A3A-457F-4621-9441-7F63D069E3B8}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{951AEC0B-8193-40FC-B42A-7DEAB8C2B3E5}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software) ==================== Restore Points ========================= 07-08-2019 15:45:54 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/08/2019 11:08:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/08/2019 11:08:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/08/2019 11:08:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/07/2019 11:08:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/07/2019 12:08:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/07/2019 12:08:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/07/2019 12:08:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/07/2019 12:04:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Smite.exe version 1.0.10897.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2174 Start Time: 01d54d0723f5ad07 Termination Time: 14 Application Path: C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\Smite.exe Report Id: 4d66b4dc-9bba-445f-baf5-6c6e21effb17 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/09/2019 03:00:28 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2019 03:00:01 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2019 02:57:16 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (08/07/2019 12:11:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/07/2019 12:10:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/07/2019 12:10:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/07/2019 12:07:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/07/2019 12:07:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Windows Defender: =================================== Date: 2019-08-03 11:26:37.257 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-28 20:29:32.996 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-27 15:24:11.683 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B051F21A-7CA7-4CEB-B17E-C232F8D55836} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 18:26:15.579 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {E3880AC6-1B50-4637-B3CD-9BA75F3BC358} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 10:30:38.256 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {DC3ED97C-0FD0-4B75-B285-8294087F653B} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:04:51.511 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 10:48:53.266 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-02 21:50:23.754 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:34:43.457 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:16:13.596 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-08-03 11:42:32.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:42:31.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 44% Total physical RAM: 12203.32 MB Available physical RAM: 6778.72 MB Total Virtual: 13483.32 MB Available Virtual: 8197.68 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:465.21 GB) (Free:71.3 GB) NTFS \\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ FRST after DNS: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02 Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (09-08-2019 10:51:24) Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER & (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TunnelBear, Inc. -> ) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe (WinGuard Inc.) [File not signed] C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed] HKLM-x32\...\Run: [WGP] => [X] HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104543103\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603150\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-08-06] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-08-06] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-08-06] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104548009\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104607119\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13] ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited) Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> ) Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software) Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed] Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [NameServer] 116.203.6.218 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085 FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-09] FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 4 FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26] FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json] FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02] FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06] FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe Opera: ======= OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15] OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02] OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02] OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02] OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> ) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH) R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm)) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation) R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation) NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-09 10:51 - 2019-08-09 10:55 - 000039136 _____ C:\Users\vanov\Downloads\FRST.txt 2019-08-09 10:48 - 2019-08-09 10:48 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-09 10:48 - 2019-08-09 10:48 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-09 10:48 - 2019-08-09 10:48 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-09 10:45 - 2019-08-09 10:45 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-09 10:45 - 2019-08-09 10:45 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-08-09 10:44 - 2019-08-09 10:45 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-08-09 10:35 - 2019-08-09 10:40 - 000107856 _____ C:\Users\vanov\Downloads\Addition3.txt 2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper 2019-08-09 10:30 - 2019-08-09 10:40 - 000089720 _____ C:\Users\vanov\Downloads\FRST3.txt 2019-08-09 10:30 - 2019-08-09 10:30 - 002096640 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe 2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip 2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487 2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc 2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool 2019-08-06 17:42 - 2019-08-09 10:45 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-06 17:00 - 2019-08-06 17:06 - 000105806 _____ C:\Users\vanov\Downloads\Addition2.txt 2019-08-06 16:55 - 2019-08-06 17:06 - 000088273 _____ C:\Users\vanov\Downloads\FRST2.txt 2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe 2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt 2019-08-06 15:20 - 2019-08-09 10:30 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion 2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog.txt 2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf 2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games 2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects 2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine 2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk 2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt 2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt 2019-08-05 11:08 - 2019-08-09 10:51 - 000000000 ____D C:\FRST 2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt 2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt 2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url 2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk 2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe 2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk 2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe 2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe 2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg 2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe 2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner 2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt 2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe 2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK 2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana 2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe 2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip 2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe 2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray 2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-03 10:51 - 2019-08-03 10:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-03 10:42 - 2019-08-03 10:46 - 000000000 ____D C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0 2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip 2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data 2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset 2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso 2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther 2019-08-02 19:00 - 2019-08-02 19:00 - 000000000 ____D C:\ProgramData\TmpLoog 2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe 2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe 2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_ 2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3 2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive 2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf 2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com 2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp 2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf 2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf 2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf 2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt 2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt 2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order 2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games 2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe 2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm 2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe 2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt 2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe 2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe 2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-07-11 01:36 - 2019-07-11 01:36 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001 2019-07-11 01:36 - 2019-07-11 01:36 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-10 16:47 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-07-10 16:47 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-07-10 16:47 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-07-10 16:47 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-07-10 16:47 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-07-10 16:47 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-07-10 16:47 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-07-10 16:47 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-07-10 16:47 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-07-10 16:47 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-07-10 16:47 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-07-10 16:47 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-07-10 16:47 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-07-10 16:47 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-07-10 16:47 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2019-07-10 16:47 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-07-10 16:47 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-07-10 16:47 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-07-10 16:47 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-07-10 16:47 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2019-07-10 16:46 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-07-10 16:46 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-07-10 16:46 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-07-10 16:46 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-07-10 16:46 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-07-10 16:46 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-07-10 16:46 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2019-07-10 16:46 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-07-10 16:46 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000343496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:27 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys 2019-07-10 16:46 - 2019-07-04 06:26 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe 2019-07-10 16:46 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-07-10 16:46 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-07-10 16:46 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-07-10 16:46 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-07-10 16:46 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-07-10 16:46 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-07-10 16:46 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-07-10 16:46 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-07-10 16:46 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-07-10 16:46 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-07-10 16:46 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-07-10 16:46 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-07-10 16:46 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-07-10 16:46 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2019-07-10 16:46 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-07-10 16:46 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2019-07-10 16:46 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2019-07-10 16:46 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-07-10 16:46 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2019-07-10 16:46 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2019-07-10 16:46 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2019-07-10 16:46 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-07-10 16:46 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-07-10 16:46 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-07-10 16:46 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2019-07-10 16:46 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2019-07-10 16:46 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-07-10 16:46 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2019-07-10 16:46 - 2019-06-13 08:58 - 002300528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe 2019-07-10 16:46 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-07-10 16:46 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-07-10 16:46 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-07-10 16:46 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-07-10 16:46 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-07-10 16:46 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-07-10 16:46 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2019-07-10 16:46 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-07-10 16:46 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-07-10 01:40 - 2019-07-10 01:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6 ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-09 10:46 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2019-08-09 10:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-09 10:46 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-08-09 10:46 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles 2019-08-09 10:44 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-09 10:44 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-09 10:43 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-09 10:42 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla 2019-08-09 10:28 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-09 04:17 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031} 2019-08-08 23:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-08 22:17 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer 2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera 2019-08-06 20:01 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc 2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup 2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet 2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet 2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-06 16:17 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER 2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp 2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent 2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord 2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine 2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games 2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR 2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games 2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl 2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify 2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify 2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher 2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic 2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype 2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java 2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java 2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin 2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk 2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin 2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++ 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++ 2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders 2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC 2019-08-03 12:53 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite 2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-03 11:29 - 2018-08-05 21:23 - 000000000 ____D C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B 2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-02 19:30 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov 2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit 2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu 2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games 2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games 2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages 2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee 2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache 2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android 2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games 2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects 2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V 2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-07-11 01:36 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive 2019-07-10 16:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-07-10 16:46 - 2016-10-13 16:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-10 16:25 - 2016-10-13 16:00 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ================ 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\EOdEHTIio.exe 2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat 2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile 2018-08-05 21:22 - 2015-03-21 23:48 - 181614692 ___SH (Random Alex ) C:\Users\vanov\AppData\Roaming\Cracked Steam V4.exe 2018-08-05 21:22 - 2016-07-04 20:44 - 000036807 ___SH () C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXD 2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp 2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg 2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat 2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini 2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log 2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel 2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\vanov\AppData\Local\RhyHbetXu.exe 2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml 2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log 2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml 2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition aftere DNS: Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02 Ran by vanov (09-08-2019 10:57:14) Running from C:\Users\vanov\Downloads Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled) ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled) DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled) vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden .NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation) Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Akamai) (Version: - Akamai Technologies, Inc) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Discord) (Version: 0.0.305 - Discord Inc.) Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation) Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation) Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear) TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - ) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream) MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02] CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ==================== Loaded Modules (Whitelisted) ============== 2018-02-12 21:33 - 2018-02-12 21:33 - 000161792 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll 2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll 2016-09-24 08:53 - 2016-09-24 08:53 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll 2018-01-11 18:39 - 2008-05-23 00:25 - 000043520 ____N (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll 2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL 2019-01-19 22:21 - 2019-01-19 22:21 - 000030720 _____ (WinGuard Inc.) [File not signed] C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-06 15:31 - 2019-08-09 10:46 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2018-08-04 16:06 - 2019-08-09 10:46 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 3 7 8 46 27 384 37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104541213\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104600588\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104542119\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104602181\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104543103\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603150\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104548009\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104607119\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104549744\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104608525\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Idvsoft" HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{FA92DF2E-5413-4A71-9FEB-A88C6BC85620}] => (Allow) \crime.exe No File FirewallRules: [{93B1D858-48BF-4365-A31B-2A746418DA9E}] => (Allow) \crime.exe No File FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{829032A2-3D4E-4625-A6AC-C5472A4CAD8F}] => (Allow) C:\Users\vanov\AppData\Roaming\ukym.exe No File FirewallRules: [{8F41725E-00E7-441B-AB63-B4098150BFD2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CAD307C7-4AB9-4568-9202-9A96F13EE5A0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F8658AA4-659E-4738-A8F3-10D5B21C9014}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2B135BAA-8782-4576-8B09-A3A5104E674B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CBE67B0D-E3A2-47A0-9D9C-4A96A71123F7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{88A5690A-4C1A-4009-A517-E46CDD71C61D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9B5D35D8-B815-41CC-AB80-E96CDB7A076C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5909ED89-D4A8-472A-B9FB-64E52AF40D69}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{023A9C49-90ED-46DA-B31B-927D498C82DF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31A12E40-94D8-4EBE-918A-F038F68F4143}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8923168C-1CCB-432D-A201-56DAFE047329}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B8832F38-4A2A-466B-8C61-2CEC1E0C6D21}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{BF9A9DBE-706D-4041-828B-3FEAD09AA806}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AB25BC94-93E5-4FA2-8DA8-CD14037FF5F1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C8DC3BA-784B-472F-862E-FBC63D80A7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CA7AD008-CD98-4D99-B60D-22C430D2E199}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{1AB20D79-1A14-40B6-AB43-3C8574EBD662}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{65A105B5-724F-4E3E-87D8-46EED707E4EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C6E37AA3-AE2D-43ED-85F1-58FCB47F6002}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{26DC9510-C1DB-421A-93B5-33D62B61C2EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{36C86FB1-BD71-40AD-91A0-949C16507152}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5EB85F8F-EB0B-4754-89FC-0E731AB75186}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{542253F9-2267-4C60-B0EC-8B09E0D8CD27}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D29C4F92-4A08-455B-9EDD-2481F589F20A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EAB63EC6-840F-474A-BF7E-A4CAC240D5E7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B513C4A7-5DA5-4D37-837D-416F3145E4CC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3777AF3C-8C7A-4F4A-9EBF-DDB8992B26D9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CB5270C0-F3CC-4A9D-8875-4F221116BF31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{968872DC-7035-47B7-9714-D5307F4770BA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{4605227E-5E82-44AC-AC14-00BC224964A2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{89B42E9F-CAF9-4BA2-9425-F70309632F8D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B98B9A63-6919-4992-B7E1-85D3EC917DD5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AAA7915C-7E16-4740-8A9E-E28C59A0A782}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7985DF1A-A135-4EBD-816E-EE4C335A89B7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{702C9838-7148-43F2-B5E4-E473B0E87464}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{56F7A137-B4B7-4678-A9B6-E35A25B5FDEB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3879BDEE-BD20-48F4-BD90-E1223C44477A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B57B19B7-8702-4EFE-A84C-01A5E7A6B7EC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D36DD5EA-15C4-4353-8385-033486803E98}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D7E562D2-7670-4B4D-8F28-39A4D1727B40}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8E810D29-4DBD-4E61-B3A1-CAC0F8464A33}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{FB5070B5-AD19-46DB-95DA-ECE01A8BC1FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{83FD4894-C1ED-432E-B1A9-1D7F57E5C9B6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{27F6044F-5F0D-49DF-B8D1-765988DFD7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{21C4E138-427E-43A4-95A4-6D7525E2947E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDC07F9D-3F72-4DAA-9930-12F203F91B31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2A720802-A63D-40B2-89C7-7D74B2DD45CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C27E3A0D-09F2-45A1-931C-4B404A8111C7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7B008662-8837-4CD8-9370-6CAD29667880}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B080A7D6-F3B2-462D-B9FD-BF0693AB1046}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{6AB0C2A9-BB92-4032-BEB5-13F5A1871F4F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{50F0B228-5B58-4A85-B5EF-46A34A0145C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{E54DD5BA-8479-4E4F-98EC-EF0D104C8A96}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EB7A11A3-928E-49F1-BE54-A9F3FA1C1073}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{99D43725-0653-470B-AF94-6C441CC69138}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5EF2CAF-721A-4C5C-8483-13D41F39F802}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31AAE78E-B827-4FE2-BDF1-D07BBC3C53C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C2AA84A-A775-424F-BE76-D7A7E64B8913}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDDF1BBF-1FBA-4951-BD5D-8E78DE9B94AF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{69DE4C1C-9948-43DA-8117-0638D675C92C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{518CEBF9-BD72-4D06-846B-6A2BA17B0A2F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{16998AA0-65E4-458F-B1DE-0AD7B27E4BA4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{296AD0B4-485D-4513-A0BC-5DBCF5BFCBB1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{29A0BA6B-C71A-4EA4-9B1E-E0F787CB4E42}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3FC15D18-2693-44AD-9DC6-DA9169DAB414}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D8E7C227-A2AE-475D-A0EC-CB2DB344F288}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D60513CC-338F-44D1-8138-77B44746F206}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75FEBAE7-9B61-4C2E-B4DF-976C354F6674}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{85EA759A-A7D3-448C-BEF1-C50701ABD759}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F771026E-8F29-4837-A239-A7F5148E8E83}] => (Allow) C:\Users\vanov\AppData\Local\RhyHbetXu.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{877999C0-5833-46B7-AF54-9C2AFF0F0CB7}] => (Allow) C:\WINDOWS\SysWOW64\DUXfVAre.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EEB021AA-D67E-4EB2-821C-6A34926401CF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5FD1AEB-DE14-4230-AAC7-693393F5D5FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C0CB0CD2-7539-4833-9D34-0AE0D849B9CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{41B8465E-21B0-4E05-88A5-D5DA0D3ECE1A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75BF73FF-6F83-4AE8-A387-9882BF970F59}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CEE562A7-6AC2-4FCE-A804-C24004963502}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{09D1AD8A-947B-4D15-9DF9-EF7052004060}] => (Allow) C:\Program Files (x86)\EOdEHTIio.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{04E92B50-4438-490F-AD0A-8A8D4690BB9A}] => (Allow) C:\Users\vanov\AppData\Roaming\IcfB.exe No File FirewallRules: [{0847666D-7803-48B0-A179-929EB14949CB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{23F21C00-3FCE-4B69-A614-B10A530429F3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8D4D8A90-06AA-4EDE-BA9E-030C90620E9F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9A53C3C1-7D91-41C5-BF51-9EEE8BF63AA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F977589F-264D-4EBD-AA20-B43EB4D31C2D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{0A7E9429-DF43-4CE9-8FAA-88A43C8F9F4E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8453B096-46C7-43E7-B521-7A92F2770575}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{393E2F76-0185-44CA-9A7E-26BDD6E4EE6D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DEDF9721-C8FC-44B3-930F-886149770F0E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B1C9116F-5C4A-4D06-91FA-58DF1B4602F8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24C43D6E-DCAF-455D-B2E9-2960D29E2EC2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DBF655DC-C5FA-4DD3-B36B-5E14D88D5886}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B5D37EB1-173D-44F8-B9CC-E051924FAC26}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D339B50B-6443-433D-9DD9-6AE3BF9B60CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24E2D0B2-BF34-4E85-AAB1-BDB5A1323141}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [TCP Query User{FE4E9A3A-457F-4621-9441-7F63D069E3B8}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{951AEC0B-8193-40FC-B42A-7DEAB8C2B3E5}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software) ==================== Restore Points ========================= 07-08-2019 15:45:54 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/09/2019 10:49:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/09/2019 10:49:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/09/2019 10:49:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/08/2019 11:08:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/08/2019 11:08:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/08/2019 11:08:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/07/2019 11:08:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/07/2019 12:08:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (08/09/2019 10:49:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/09/2019 10:49:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/09/2019 10:45:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/09/2019 10:45:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (08/09/2019 10:45:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SQLTELEMETRY service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/09/2019 10:45:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SQLTELEMETRY service to connect. Error: (08/09/2019 10:44:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/09/2019 10:44:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Windows Defender: =================================== Date: 2019-08-03 11:26:37.257 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-28 20:29:32.996 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-27 15:24:11.683 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B051F21A-7CA7-4CEB-B17E-C232F8D55836} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 18:26:15.579 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {E3880AC6-1B50-4637-B3CD-9BA75F3BC358} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 10:30:38.256 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {DC3ED97C-0FD0-4B75-B285-8294087F653B} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:04:51.511 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 10:48:53.266 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-02 21:50:23.754 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:34:43.457 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:16:13.596 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-08-03 11:42:32.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:42:31.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 32% Total physical RAM: 12203.32 MB Available physical RAM: 8176.38 MB Total Virtual: 13419.32 MB Available Virtual: 9526.93 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:465.21 GB) (Free:71.72 GB) NTFS \\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ I did manually flush dns when I first started having this problem and released/renewed through ipconfig in cmd, it didn't do anything (probably because the trojan kept coming back). Once again thank you for your help Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2019 ID:1328590 Share Posted August 9, 2019 mmm, just noticed a possible cause... Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Link to post Share on other sites More sharing options...
Vlahotic Posted August 9, 2019 Author ID:1328594 Share Posted August 9, 2019 Here you go https://www.virustotal.com/gui/file/44f129de312409d8a2df55f655695e1d48d0db6f20c5c7803eb0032d8e6b53d0/detection Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2019 ID:1328595 Share Posted August 9, 2019 Even though VT has returned a clean analysis on that file i`m still suspicious. I`ve not seen that file in that name before or running from its entry point. Are you aware of that file, did you install that file or any components/applications related to that file..? Link to post Share on other sites More sharing options...
Vlahotic Posted August 9, 2019 Author ID:1328598 Share Posted August 9, 2019 Well, uhh the original creation date is almost a year ago, so I can't exactly remember what happened then, and I wouldn't know what program is related to it. Last time it was edited was on 03.08, so 6 days ago which is when this started happening. Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2019 ID:1328603 Share Posted August 9, 2019 Ok, continue with the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" fixlist.txt Link to post Share on other sites More sharing options...
Vlahotic Posted August 9, 2019 Author ID:1328611 Share Posted August 9, 2019 Fixlog: Spoiler Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02 Ran by vanov (09-08-2019 15:08:14) Run:4 Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER & (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: RemoveProxy: HKLM-x32\...\Run: [WGP] => [X] HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104543103\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603150\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\vanov\AppData\Local\RhyHbetXu.exe 2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\EOdEHTIio.exe HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 2018-08-05 21:22 - 2015-03-21 23:48 - 181614692 ___SH (Random Alex ) C:\Users\vanov\AppData\Roaming\Cracked Steam V4.exe 2018-08-05 21:22 - 2016-07-04 20:44 - 000036807 ___SH () C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXD FirewallRules: [{FA92DF2E-5413-4A71-9FEB-A88C6BC85620}] => (Allow) \crime.exe No File FirewallRules: [{93B1D858-48BF-4365-A31B-2A746418DA9E}] => (Allow) \crime.exe No File FirewallRules: [{829032A2-3D4E-4625-A6AC-C5472A4CAD8F}] => (Allow) C:\Users\vanov\AppData\Roaming\ukym.exe No File FirewallRules: [{8F41725E-00E7-441B-AB63-B4098150BFD2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CAD307C7-4AB9-4568-9202-9A96F13EE5A0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F8658AA4-659E-4738-A8F3-10D5B21C9014}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2B135BAA-8782-4576-8B09-A3A5104E674B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CBE67B0D-E3A2-47A0-9D9C-4A96A71123F7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{88A5690A-4C1A-4009-A517-E46CDD71C61D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9B5D35D8-B815-41CC-AB80-E96CDB7A076C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5909ED89-D4A8-472A-B9FB-64E52AF40D69}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{023A9C49-90ED-46DA-B31B-927D498C82DF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31A12E40-94D8-4EBE-918A-F038F68F4143}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8923168C-1CCB-432D-A201-56DAFE047329}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B8832F38-4A2A-466B-8C61-2CEC1E0C6D21}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{BF9A9DBE-706D-4041-828B-3FEAD09AA806}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AB25BC94-93E5-4FA2-8DA8-CD14037FF5F1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C8DC3BA-784B-472F-862E-FBC63D80A7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CA7AD008-CD98-4D99-B60D-22C430D2E199}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{1AB20D79-1A14-40B6-AB43-3C8574EBD662}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{65A105B5-724F-4E3E-87D8-46EED707E4EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C6E37AA3-AE2D-43ED-85F1-58FCB47F6002}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{26DC9510-C1DB-421A-93B5-33D62B61C2EE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{36C86FB1-BD71-40AD-91A0-949C16507152}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{5EB85F8F-EB0B-4754-89FC-0E731AB75186}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{542253F9-2267-4C60-B0EC-8B09E0D8CD27}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D29C4F92-4A08-455B-9EDD-2481F589F20A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EAB63EC6-840F-474A-BF7E-A4CAC240D5E7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B513C4A7-5DA5-4D37-837D-416F3145E4CC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3777AF3C-8C7A-4F4A-9EBF-DDB8992B26D9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CB5270C0-F3CC-4A9D-8875-4F221116BF31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{968872DC-7035-47B7-9714-D5307F4770BA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{4605227E-5E82-44AC-AC14-00BC224964A2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{89B42E9F-CAF9-4BA2-9425-F70309632F8D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B98B9A63-6919-4992-B7E1-85D3EC917DD5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{AAA7915C-7E16-4740-8A9E-E28C59A0A782}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7985DF1A-A135-4EBD-816E-EE4C335A89B7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{702C9838-7148-43F2-B5E4-E473B0E87464}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{56F7A137-B4B7-4678-A9B6-E35A25B5FDEB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3879BDEE-BD20-48F4-BD90-E1223C44477A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B57B19B7-8702-4EFE-A84C-01A5E7A6B7EC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D36DD5EA-15C4-4353-8385-033486803E98}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D7E562D2-7670-4B4D-8F28-39A4D1727B40}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8E810D29-4DBD-4E61-B3A1-CAC0F8464A33}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{FB5070B5-AD19-46DB-95DA-ECE01A8BC1FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{83FD4894-C1ED-432E-B1A9-1D7F57E5C9B6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{27F6044F-5F0D-49DF-B8D1-765988DFD7C2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{21C4E138-427E-43A4-95A4-6D7525E2947E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDC07F9D-3F72-4DAA-9930-12F203F91B31}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2A720802-A63D-40B2-89C7-7D74B2DD45CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C27E3A0D-09F2-45A1-931C-4B404A8111C7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{7B008662-8837-4CD8-9370-6CAD29667880}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B080A7D6-F3B2-462D-B9FD-BF0693AB1046}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{6AB0C2A9-BB92-4032-BEB5-13F5A1871F4F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{50F0B228-5B58-4A85-B5EF-46A34A0145C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{E54DD5BA-8479-4E4F-98EC-EF0D104C8A96}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EB7A11A3-928E-49F1-BE54-A9F3FA1C1073}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{99D43725-0653-470B-AF94-6C441CC69138}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5EF2CAF-721A-4C5C-8483-13D41F39F802}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{31AAE78E-B827-4FE2-BDF1-D07BBC3C53C0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2C2AA84A-A775-424F-BE76-D7A7E64B8913}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DDDF1BBF-1FBA-4951-BD5D-8E78DE9B94AF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{69DE4C1C-9948-43DA-8117-0638D675C92C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{518CEBF9-BD72-4D06-846B-6A2BA17B0A2F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{16998AA0-65E4-458F-B1DE-0AD7B27E4BA4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{296AD0B4-485D-4513-A0BC-5DBCF5BFCBB1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{29A0BA6B-C71A-4EA4-9B1E-E0F787CB4E42}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{3FC15D18-2693-44AD-9DC6-DA9169DAB414}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D8E7C227-A2AE-475D-A0EC-CB2DB344F288}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D60513CC-338F-44D1-8138-77B44746F206}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75FEBAE7-9B61-4C2E-B4DF-976C354F6674}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{85EA759A-A7D3-448C-BEF1-C50701ABD759}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F771026E-8F29-4837-A239-A7F5148E8E83}] => (Allow) C:\Users\vanov\AppData\Local\RhyHbetXu.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{877999C0-5833-46B7-AF54-9C2AFF0F0CB7}] => (Allow) C:\WINDOWS\SysWOW64\DUXfVAre.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EEB021AA-D67E-4EB2-821C-6A34926401CF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D5FD1AEB-DE14-4230-AAC7-693393F5D5FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{C0CB0CD2-7539-4833-9D34-0AE0D849B9CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{41B8465E-21B0-4E05-88A5-D5DA0D3ECE1A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{75BF73FF-6F83-4AE8-A387-9882BF970F59}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{CEE562A7-6AC2-4FCE-A804-C24004963502}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{09D1AD8A-947B-4D15-9DF9-EF7052004060}] => (Allow) C:\Program Files (x86)\EOdEHTIio.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{04E92B50-4438-490F-AD0A-8A8D4690BB9A}] => (Allow) C:\Users\vanov\AppData\Roaming\IcfB.exe No File FirewallRules: [{0847666D-7803-48B0-A179-929EB14949CB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{23F21C00-3FCE-4B69-A614-B10A530429F3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8D4D8A90-06AA-4EDE-BA9E-030C90620E9F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{9A53C3C1-7D91-41C5-BF51-9EEE8BF63AA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{F977589F-264D-4EBD-AA20-B43EB4D31C2D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{0A7E9429-DF43-4CE9-8FAA-88A43C8F9F4E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{8453B096-46C7-43E7-B521-7A92F2770575}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{393E2F76-0185-44CA-9A7E-26BDD6E4EE6D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DEDF9721-C8FC-44B3-930F-886149770F0E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B1C9116F-5C4A-4D06-91FA-58DF1B4602F8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24C43D6E-DCAF-455D-B2E9-2960D29E2EC2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{DBF655DC-C5FA-4DD3-B36B-5E14D88D5886}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{B5D37EB1-173D-44F8-B9CC-E051924FAC26}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{D339B50B-6443-433D-9DD9-6AE3BF9B60CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{24E2D0B2-BF34-4E85-AAB1-BDB5A1323141}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [TCP Query User{FE4E9A3A-457F-4621-9441-7F63D069E3B8}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{951AEC0B-8193-40FC-B42A-7DEAB8C2B3E5}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 Hosts: CMD: winmgmt /verifyrepository CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104543103\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104543103\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603150\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603150\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WGP" => removed successfully HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104543103\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry. HKU\S-1-5-21-3387545514-2906784231-2682514228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603150\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry. C:\Users\vanov\AppData\Local\RhyHbetXu.exe => moved successfully C:\Program Files (x86)\EOdEHTIio.exe => moved successfully HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104544634\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry. C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe => moved successfully HKU\S-1-5-21-3387545514-2906784231-2682514228-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08092019104603791\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe [53248 2018-05-22] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}\\DhcpNameServer" => removed successfully C:\Users\vanov\AppData\Roaming\Cracked Steam V4.exe => moved successfully C:\Users\vanov\AppData\Roaming\KcFPPOhZCXFZcOiHKXD => moved successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA92DF2E-5413-4A71-9FEB-A88C6BC85620}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93B1D858-48BF-4365-A31B-2A746418DA9E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{829032A2-3D4E-4625-A6AC-C5472A4CAD8F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F41725E-00E7-441B-AB63-B4098150BFD2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAD307C7-4AB9-4568-9202-9A96F13EE5A0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8658AA4-659E-4738-A8F3-10D5B21C9014}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B135BAA-8782-4576-8B09-A3A5104E674B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBE67B0D-E3A2-47A0-9D9C-4A96A71123F7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88A5690A-4C1A-4009-A517-E46CDD71C61D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B5D35D8-B815-41CC-AB80-E96CDB7A076C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5909ED89-D4A8-472A-B9FB-64E52AF40D69}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{023A9C49-90ED-46DA-B31B-927D498C82DF}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31A12E40-94D8-4EBE-918A-F038F68F4143}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8923168C-1CCB-432D-A201-56DAFE047329}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8832F38-4A2A-466B-8C61-2CEC1E0C6D21}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF9A9DBE-706D-4041-828B-3FEAD09AA806}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB25BC94-93E5-4FA2-8DA8-CD14037FF5F1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C8DC3BA-784B-472F-862E-FBC63D80A7C2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA7AD008-CD98-4D99-B60D-22C430D2E199}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AB20D79-1A14-40B6-AB43-3C8574EBD662}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65A105B5-724F-4E3E-87D8-46EED707E4EE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6E37AA3-AE2D-43ED-85F1-58FCB47F6002}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26DC9510-C1DB-421A-93B5-33D62B61C2EE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36C86FB1-BD71-40AD-91A0-949C16507152}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EB85F8F-EB0B-4754-89FC-0E731AB75186}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{542253F9-2267-4C60-B0EC-8B09E0D8CD27}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D29C4F92-4A08-455B-9EDD-2481F589F20A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAB63EC6-840F-474A-BF7E-A4CAC240D5E7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B513C4A7-5DA5-4D37-837D-416F3145E4CC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3777AF3C-8C7A-4F4A-9EBF-DDB8992B26D9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB5270C0-F3CC-4A9D-8875-4F221116BF31}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{968872DC-7035-47B7-9714-D5307F4770BA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4605227E-5E82-44AC-AC14-00BC224964A2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89B42E9F-CAF9-4BA2-9425-F70309632F8D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B98B9A63-6919-4992-B7E1-85D3EC917DD5}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AAA7915C-7E16-4740-8A9E-E28C59A0A782}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7985DF1A-A135-4EBD-816E-EE4C335A89B7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{702C9838-7148-43F2-B5E4-E473B0E87464}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56F7A137-B4B7-4678-A9B6-E35A25B5FDEB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3879BDEE-BD20-48F4-BD90-E1223C44477A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B57B19B7-8702-4EFE-A84C-01A5E7A6B7EC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D36DD5EA-15C4-4353-8385-033486803E98}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7E562D2-7670-4B4D-8F28-39A4D1727B40}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E810D29-4DBD-4E61-B3A1-CAC0F8464A33}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB5070B5-AD19-46DB-95DA-ECE01A8BC1FB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83FD4894-C1ED-432E-B1A9-1D7F57E5C9B6}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27F6044F-5F0D-49DF-B8D1-765988DFD7C2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21C4E138-427E-43A4-95A4-6D7525E2947E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDC07F9D-3F72-4DAA-9930-12F203F91B31}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A720802-A63D-40B2-89C7-7D74B2DD45CA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C27E3A0D-09F2-45A1-931C-4B404A8111C7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B008662-8837-4CD8-9370-6CAD29667880}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B080A7D6-F3B2-462D-B9FD-BF0693AB1046}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AB0C2A9-BB92-4032-BEB5-13F5A1871F4F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50F0B228-5B58-4A85-B5EF-46A34A0145C0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E54DD5BA-8479-4E4F-98EC-EF0D104C8A96}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB7A11A3-928E-49F1-BE54-A9F3FA1C1073}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99D43725-0653-470B-AF94-6C441CC69138}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5EF2CAF-721A-4C5C-8483-13D41F39F802}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31AAE78E-B827-4FE2-BDF1-D07BBC3C53C0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C2AA84A-A775-424F-BE76-D7A7E64B8913}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDDF1BBF-1FBA-4951-BD5D-8E78DE9B94AF}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69DE4C1C-9948-43DA-8117-0638D675C92C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{518CEBF9-BD72-4D06-846B-6A2BA17B0A2F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16998AA0-65E4-458F-B1DE-0AD7B27E4BA4}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{296AD0B4-485D-4513-A0BC-5DBCF5BFCBB1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29A0BA6B-C71A-4EA4-9B1E-E0F787CB4E42}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FC15D18-2693-44AD-9DC6-DA9169DAB414}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8E7C227-A2AE-475D-A0EC-CB2DB344F288}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D60513CC-338F-44D1-8138-77B44746F206}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75FEBAE7-9B61-4C2E-B4DF-976C354F6674}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85EA759A-A7D3-448C-BEF1-C50701ABD759}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F771026E-8F29-4837-A239-A7F5148E8E83}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{877999C0-5833-46B7-AF54-9C2AFF0F0CB7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEB021AA-D67E-4EB2-821C-6A34926401CF}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5FD1AEB-DE14-4230-AAC7-693393F5D5FB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0CB0CD2-7539-4833-9D34-0AE0D849B9CA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41B8465E-21B0-4E05-88A5-D5DA0D3ECE1A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75BF73FF-6F83-4AE8-A387-9882BF970F59}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CEE562A7-6AC2-4FCE-A804-C24004963502}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09D1AD8A-947B-4D15-9DF9-EF7052004060}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04E92B50-4438-490F-AD0A-8A8D4690BB9A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0847666D-7803-48B0-A179-929EB14949CB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23F21C00-3FCE-4B69-A614-B10A530429F3}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D4D8A90-06AA-4EDE-BA9E-030C90620E9F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A53C3C1-7D91-41C5-BF51-9EEE8BF63AA9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F977589F-264D-4EBD-AA20-B43EB4D31C2D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A7E9429-DF43-4CE9-8FAA-88A43C8F9F4E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8453B096-46C7-43E7-B521-7A92F2770575}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{393E2F76-0185-44CA-9A7E-26BDD6E4EE6D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DEDF9721-C8FC-44B3-930F-886149770F0E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1C9116F-5C4A-4D06-91FA-58DF1B4602F8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24C43D6E-DCAF-455D-B2E9-2960D29E2EC2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBF655DC-C5FA-4DD3-B36B-5E14D88D5886}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5D37EB1-173D-44F8-B9CC-E051924FAC26}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D339B50B-6443-433D-9DD9-6AE3BF9B60CA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24E2D0B2-BF34-4E85-AAB1-BDB5A1323141}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FE4E9A3A-457F-4621-9441-7F63D069E3B8}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{951AEC0B-8193-40FC-B42A-7DEAB8C2B3E5}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0" => removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= winmgmt /verifyrepository ========= WMI repository is consistent ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 12083200 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17218602 B Java, Flash, Steam htmlcache => 91984512 B Windows/system/drivers => 41151639 B Edge => 0 B Chrome => 0 B Firefox => 1094795512 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 1083 B LocalService => 2854 B LocalService => 0 B NetworkService => 12664 B NetworkService => 0 B defaultuser0 => 0 B vanov => 407725187 B SQLTELEMETRY => 0 B MSSQLSERVER => 0 B RecycleBin => 200 B EmptyTemp: => 1.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:14:58 ==== FRST after fix: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02 Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (09-08-2019 15:23:15) Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TunnelBear, Inc. -> ) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe (WinGuard Inc.) [File not signed] C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed] HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-08-06] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13] ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited) Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> ) Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software) Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed] Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [NameServer] 116.203.6.218 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085 FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-09] FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 4 FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26] FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json] FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02] FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06] FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe Opera: ======= OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15] OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02] OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02] OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02] OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> ) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH) R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm)) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-09] (Malwarebytes Corporation -> Malwarebytes) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation) R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation) NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-09 15:23 - 2019-08-09 15:26 - 000034029 _____ C:\Users\vanov\Downloads\FRST.txt 2019-08-09 15:20 - 2019-08-09 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-08-09 15:19 - 2019-08-09 15:19 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-09 15:19 - 2019-08-09 15:19 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-09 15:19 - 2019-08-09 15:19 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-09 15:18 - 2019-08-09 15:18 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-09 15:18 - 2019-08-09 15:18 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-08-09 15:08 - 2019-08-09 15:14 - 000039960 _____ C:\Users\vanov\Downloads\Fixlog.txt 2019-08-09 10:57 - 2019-08-09 11:04 - 000116729 _____ C:\Users\vanov\Downloads\Addition5.txt 2019-08-09 10:51 - 2019-08-09 11:04 - 000094180 _____ C:\Users\vanov\Downloads\FRST4.txt 2019-08-09 10:35 - 2019-08-09 10:40 - 000107856 _____ C:\Users\vanov\Downloads\Addition3.txt 2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper 2019-08-09 10:30 - 2019-08-09 10:40 - 000089720 _____ C:\Users\vanov\Downloads\FRST3.txt 2019-08-09 10:30 - 2019-08-09 10:30 - 002096640 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe 2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip 2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487 2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc 2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool 2019-08-06 17:42 - 2019-08-09 15:28 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-06 17:00 - 2019-08-06 17:06 - 000105806 _____ C:\Users\vanov\Downloads\Addition2.txt 2019-08-06 16:55 - 2019-08-06 17:06 - 000088273 _____ C:\Users\vanov\Downloads\FRST2.txt 2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe 2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt 2019-08-06 15:20 - 2019-08-09 10:30 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion 2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog1.txt 2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf 2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games 2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects 2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine 2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk 2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt 2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt 2019-08-05 11:08 - 2019-08-09 15:23 - 000000000 ____D C:\FRST 2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt 2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt 2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url 2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk 2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe 2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk 2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe 2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe 2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg 2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe 2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner 2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt 2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe 2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK 2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana 2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe 2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip 2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe 2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray 2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-03 10:51 - 2019-08-03 10:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-03 10:42 - 2019-08-03 10:46 - 000000000 ____D C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0 2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip 2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data 2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset 2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso 2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther 2019-08-02 19:00 - 2019-08-02 19:00 - 000000000 ____D C:\ProgramData\TmpLoog 2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe 2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe 2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_ 2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3 2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive 2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf 2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com 2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp 2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf 2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf 2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf 2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt 2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt 2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order 2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games 2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe 2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm 2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe 2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt 2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe 2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe 2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-07-11 01:36 - 2019-07-11 01:36 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001 2019-07-11 01:36 - 2019-07-11 01:36 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-10 16:47 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-07-10 16:47 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-07-10 16:47 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-07-10 16:47 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-07-10 16:47 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-07-10 16:47 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-07-10 16:47 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-07-10 16:47 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-07-10 16:47 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-07-10 16:47 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-07-10 16:47 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-07-10 16:47 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-07-10 16:47 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-07-10 16:47 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-07-10 16:47 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-07-10 16:47 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-07-10 16:47 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-07-10 16:47 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-07-10 16:47 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-07-10 16:47 - 2019-06-13 12:11 - 001539896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2019-07-10 16:47 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-07-10 16:47 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-07-10 16:47 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-07-10 16:47 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-07-10 16:47 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2019-07-10 16:46 - 2019-07-04 11:45 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2019-07-10 16:46 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-07-10 16:46 - 2019-07-04 11:41 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys 2019-07-10 16:46 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2019-07-10 16:46 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-07-10 16:46 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2019-07-10 16:46 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-07-10 16:46 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2019-07-10 16:46 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-07-10 16:46 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-07-10 16:46 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2019-07-10 16:46 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-07-10 16:46 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-07-10 16:46 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-07-10 16:46 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-07-10 16:46 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-07-10 16:46 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-07-10 16:46 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-07-10 16:46 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000343496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll 2019-07-10 16:46 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2019-07-10 16:46 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2019-07-10 16:46 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-07-10 16:46 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-07-10 16:46 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2019-07-10 16:46 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-07-10 16:46 - 2019-07-04 06:27 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys 2019-07-10 16:46 - 2019-07-04 06:26 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe 2019-07-10 16:46 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2019-07-10 16:46 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2019-07-10 16:46 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2019-07-10 16:46 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-07-10 16:46 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2019-07-10 16:46 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-07-10 16:46 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2019-07-10 16:46 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-07-10 16:46 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-07-10 16:46 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2019-07-10 16:46 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2019-07-10 16:46 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-07-10 16:46 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-07-10 16:46 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-07-10 16:46 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-07-10 16:46 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-07-10 16:46 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-07-10 16:46 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-07-10 16:46 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-07-10 16:46 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-07-10 16:46 - 2019-06-13 13:43 - 001427984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2019-07-10 16:46 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 002266936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2019-07-10 16:46 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2019-07-10 16:46 - 2019-06-13 13:41 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll 2019-07-10 16:46 - 2019-06-13 13:41 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-07-10 16:46 - 2019-06-13 13:40 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll 2019-07-10 16:46 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2019-07-10 16:46 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2019-07-10 16:46 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-07-10 16:46 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2019-07-10 16:46 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2019-07-10 16:46 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2019-07-10 16:46 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2019-07-10 16:46 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe 2019-07-10 16:46 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2019-07-10 16:46 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2019-07-10 16:46 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2019-07-10 16:46 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2019-07-10 16:46 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-07-10 16:46 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-07-10 16:46 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2019-07-10 16:46 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-07-10 16:46 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2019-07-10 16:46 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-07-10 16:46 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2019-07-10 16:46 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2019-07-10 16:46 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-07-10 16:46 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-07-10 16:46 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2019-07-10 16:46 - 2019-06-13 08:58 - 002300528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe 2019-07-10 16:46 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-07-10 16:46 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-07-10 16:46 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-07-10 16:46 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-07-10 16:46 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-07-10 16:46 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-07-10 16:46 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2019-07-10 16:46 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-07-10 16:46 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2019-07-10 16:46 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2019-07-10 16:46 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-07-10 16:46 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-07-10 16:46 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-07-10 16:46 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2019-07-10 16:46 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2019-07-10 16:46 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-07-10 16:46 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-07-10 16:46 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-07-10 16:46 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2019-07-10 16:46 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-07-10 16:46 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2019-07-10 16:46 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2019-07-10 16:46 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2019-07-10 16:46 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-07-10 01:40 - 2019-07-10 01:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6 ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-09 15:20 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles 2019-08-09 15:19 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2019-08-09 15:19 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-08-09 15:18 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-09 15:17 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-09 15:16 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-09 15:08 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla 2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc 2019-08-09 13:14 - 2018-08-05 21:23 - 000000000 ___RD C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B 2019-08-09 12:27 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2019-08-09 12:11 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-09 10:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-09 04:17 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031} 2019-08-08 23:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer 2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera 2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup 2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet 2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet 2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-06 16:17 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER 2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp 2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent 2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord 2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine 2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games 2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR 2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games 2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl 2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify 2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify 2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher 2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic 2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype 2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java 2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java 2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin 2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk 2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin 2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++ 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++ 2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders 2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC 2019-08-03 12:53 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite 2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-02 19:30 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov 2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit 2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu 2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games 2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games 2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages 2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee 2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache 2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android 2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games 2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects 2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V 2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-07-11 01:36 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive 2019-07-10 16:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-07-10 16:46 - 2016-10-13 16:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-10 16:25 - 2016-10-13 16:00 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ================ 2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat 2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile 2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp 2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg 2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat 2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini 2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log 2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel 2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml 2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log 2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml 2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition after fix: Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02 Ran by vanov (09-08-2019 15:29:10) Running from C:\Users\vanov\Downloads Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled) ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled) DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled) vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden .NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation) Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation) Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation) Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear) TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - ) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream) MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02] CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ==================== Loaded Modules (Whitelisted) ============== 2018-02-12 21:33 - 2018-02-12 21:33 - 000161792 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll 2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll 2016-09-24 08:53 - 2016-09-24 08:53 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll 2018-01-11 18:39 - 2008-05-23 00:25 - 000043520 ____N (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll 2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL 2019-01-19 22:21 - 2019-01-19 22:21 - 000030720 _____ (WinGuard Inc.) [File not signed] C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-09 15:09 - 2019-08-09 15:19 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2018-08-04 16:06 - 2019-08-09 15:19 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 3 7 13 19 20 305 37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Idvsoft" HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 ==================== Restore Points ========================= 07-08-2019 15:45:54 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/09/2019 03:22:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/09/2019 03:20:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/09/2019 03:19:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/09/2019 03:10:35 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/09/2019 03:08:15 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2eee4e10-9503-4c8b-b4ef-7dd713153052} Error: (08/09/2019 02:25:55 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2019 11:38:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/09/2019 11:38:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (08/09/2019 03:22:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/09/2019 03:22:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/09/2019 03:20:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/09/2019 03:18:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SQL Server CEIP service (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/09/2019 03:18:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SQLTELEMETRY service to connect. Error: (08/09/2019 03:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/09/2019 03:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (08/09/2019 03:18:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IntelHaxm service failed to start due to the following error: A device attached to the system is not functioning. Windows Defender: =================================== Date: 2019-08-03 11:26:37.257 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-28 20:29:32.996 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-27 15:24:11.683 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B051F21A-7CA7-4CEB-B17E-C232F8D55836} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 18:26:15.579 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {E3880AC6-1B50-4637-B3CD-9BA75F3BC358} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-25 10:30:38.256 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {DC3ED97C-0FD0-4B75-B285-8294087F653B} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:04:51.511 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 10:48:53.266 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-02 21:50:23.754 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:34:43.457 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:16:13.596 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-08-03 11:42:32.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:42:31.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 25% Total physical RAM: 12203.32 MB Available physical RAM: 9031.76 MB Total Virtual: 13419.32 MB Available Virtual: 10285.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.21 GB) (Free:73.14 GB) NTFS \\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2019 ID:1328615 Share Posted August 9, 2019 mmmm... all removed entries have came straight back in after reboot.... We are just not finding the loader... Try this please: Please read carefully and follow these steps. Download TDSSKiller from here http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. Doubleclick on to run the application. The "Ready to scan" window will open, Click on "Change parameters" Ensure all entries are Checkmarked under Additionl Options, Ensure all entries are Checkmarked under Objects to scan When Loaded Modules is checkmarked a re-boot will be offered, allow that to happen... Continue after reboot select "Change Parameters" make sure entries are checkmarked and then Select "Start Scan" If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Link to post Share on other sites More sharing options...
Vlahotic Posted August 9, 2019 Author ID:1328622 Share Posted August 9, 2019 No reboot required only one "suspicious" thing found but it's for a program I know is secure. The report is attached in the .txt file because I can't post it any other way TDSS Report.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2019 ID:1328623 Share Posted August 9, 2019 Thanks for that log, no headway again... Try this please: Download PowerTool and save to your Desktop, ensure to get the correct version: PowerTool for 64-bit systems >> https://malwarebytes.box.com/s/vnp2jdko58ww33bxabbm8zu9764u0tlh PowerTool for 32-bit systems >> https://malwarebytes.box.com/s/f0bsa1nuzjv994neyzbtrti1au0s98yx Please follow the instructions below: Right click on PowerTool, Select "Run as Administrator" Windows 8/8.1/10 users may see the following, if so select "More Info" In the next Window select "Run Anyway" Initially click on sq image to enlarge window to full screen (As shown in the image below) Now click on Kernel tab (No. 1 on the image below) Then click on Kernel Notify Routine (No. 2 on the image below) Also click on Path so you sort the list by name (No. 3 on the image below) Right click anywhere on listed items under path (No. 4 on the image above) and select Export. Save exported file to your Desktop, zip up that file and attach to your reply.... Thank you, Kevin...... Link to post Share on other sites More sharing options...
Vlahotic Posted August 9, 2019 Author ID:1328625 Share Posted August 9, 2019 Thanks for all the extensive help Kevin Here is the file notify.rar Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2019 ID:1328634 Share Posted August 9, 2019 Continue please: Please download Malwarebytes Anti-Rootkit from here Right click on the tool (select "Run as Administrator) to start the extraction to a convenient location. (Desktop is preferable) Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
Vlahotic Posted August 10, 2019 Author ID:1328780 Share Posted August 10, 2019 So I ran the first scan yesterday and it finished and I'll attach the logs. Today I decided to run the second scan, but during (or near the end of) the scan a BSOD happened, the system-log file was still created but the mbar log as not. I am posting the first mbar an system logs, the second system log, and the custom xml list of the errors in hopes that it might be of help. mbar-log-2019-08-09 (18-01-28).txt system-log.txt system-log1.txt bsod.rar Link to post Share on other sites More sharing options...
kevinf80 Posted August 10, 2019 ID:1328800 Share Posted August 10, 2019 Thanks for those logs, unfortunately we still have not found the loader. I want fresh logs from FRST, after you post those logs I want you to set your system up for a clean boot. Let me know when you have the system in clean boot, i`ll give a new fix from FRST logs. Run that fix still in clean boot. When that is complete run FRST scan again, post fresh logs and see if DNS changer returns.... Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Next, Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135 Basically all none MS services are disabled, let me know when your system is in that mode and i`ll post a new fix. After you run the fix let me see that log plus fresh logs from FRST. I want to see if the DNS changer infection returns when all 3rd party services are disabled.... Link to post Share on other sites More sharing options...
Vlahotic Posted August 11, 2019 Author ID:1328832 Share Posted August 11, 2019 Fresh out of the oven FRST: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019 Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (11-08-2019 11:31:50) Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TunnelBear, Inc. -> ) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed] HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-10] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13] ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited) Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> ) Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software) Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed] Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [NameServer] 116.203.6.218 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Edge: ====== DownloadDir: C:\Users\vanov\Downloads FireFox: ======== FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085 FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-11] FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 4 FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26] FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json] FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02] FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06] FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe Opera: ======= OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15] OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02] OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02] OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02] OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> ) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH) R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 51D2828C; C:\WINDOWS\system32\drivers\51D2828C.sys [255928 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm)) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation) R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation) NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-11 11:31 - 2019-08-11 11:34 - 000035123 _____ C:\Users\vanov\Downloads\FRST.txt 2019-08-11 11:31 - 2019-08-11 11:31 - 002097664 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe 2019-08-11 11:31 - 2019-08-11 11:31 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion 2019-08-10 23:41 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\LionsShade 2019-08-10 23:40 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\Downloads\Cliff.Empire.v1.10 2019-08-10 20:49 - 2019-08-10 20:49 - 000000448 _____ C:\Users\vanov\Documents\bsod.rar 2019-08-10 20:42 - 2019-08-10 20:42 - 000001232 _____ C:\Users\vanov\Documents\bsod.xml 2019-08-10 20:28 - 2019-08-10 20:28 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-10 20:27 - 2019-08-10 20:27 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-10 20:27 - 2019-08-10 20:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-08-10 20:25 - 2019-08-10 20:25 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-08-10 20:24 - 2019-08-11 04:27 - 000000000 ____D C:\WINDOWS\Minidump 2019-08-10 19:41 - 2019-08-10 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51D2828C.sys 2019-08-10 19:37 - 2019-08-10 19:37 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-10 19:37 - 2019-08-10 19:37 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-10 02:02 - 2019-08-10 02:02 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001 2019-08-10 02:02 - 2019-08-10 02:02 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-09 22:04 - 2019-08-09 22:04 - 528928101 _____ C:\Users\vanov\Downloads\Cliff.Empire.v1.10.rar 2019-08-09 18:01 - 2019-08-09 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1238763A.sys 2019-08-09 18:00 - 2019-08-10 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-08-09 18:00 - 2019-08-10 19:41 - 000000000 ____D C:\Users\vanov\Desktop\mbar 2019-08-09 17:58 - 2019-08-09 17:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\vanov\Desktop\mbar-1.10.3.1001.exe 2019-08-09 17:32 - 2019-08-09 17:32 - 000000000 ____D C:\Users\vanov\AppData\Local\RSG 2019-08-09 17:30 - 2019-08-09 17:30 - 000004184 _____ C:\Users\vanov\Desktop\notify.csv 2019-08-09 17:30 - 2019-08-09 17:30 - 000000786 _____ C:\Users\vanov\Desktop\notify.rar 2019-08-09 17:29 - 2019-08-09 17:29 - 000177816 _____ (PowerTool) C:\Users\vanov\Desktop\kEvP64.sys 2019-08-09 17:28 - 2019-08-09 17:28 - 009440768 _____ C:\Users\vanov\Desktop\PowerTool64.exe 2019-08-09 16:50 - 2019-08-09 16:51 - 000519347 _____ C:\Users\vanov\Desktop\TDSS Report.txt 2019-08-09 16:31 - 2019-08-09 16:40 - 001038716 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.31.54_log.txt 2019-08-09 16:27 - 2019-08-09 16:28 - 000006126 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.27.31_log.txt 2019-08-09 15:29 - 2019-08-09 15:35 - 000091634 _____ C:\Users\vanov\Downloads\Addition5.txt 2019-08-09 15:23 - 2019-08-09 15:35 - 000088832 _____ C:\Users\vanov\Downloads\FRST5.txt 2019-08-09 15:08 - 2019-08-09 15:14 - 000039960 _____ C:\Users\vanov\Downloads\Fixlog2.txt 2019-08-09 10:57 - 2019-08-09 11:04 - 000116729 _____ C:\Users\vanov\Downloads\Addition4.txt 2019-08-09 10:51 - 2019-08-09 11:04 - 000094180 _____ C:\Users\vanov\Downloads\FRST4.txt 2019-08-09 10:35 - 2019-08-09 10:40 - 000107856 _____ C:\Users\vanov\Downloads\Addition3.txt 2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper 2019-08-09 10:30 - 2019-08-09 10:40 - 000089720 _____ C:\Users\vanov\Downloads\FRST3.txt 2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip 2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487 2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc 2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool 2019-08-06 17:42 - 2019-08-11 11:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-06 17:00 - 2019-08-06 17:06 - 000105806 _____ C:\Users\vanov\Downloads\Addition2.txt 2019-08-06 16:55 - 2019-08-06 17:06 - 000088273 _____ C:\Users\vanov\Downloads\FRST2.txt 2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe 2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt 2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog1.txt 2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf 2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games 2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects 2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine 2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk 2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt 2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt 2019-08-05 11:08 - 2019-08-11 11:31 - 000000000 ____D C:\FRST 2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt 2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt 2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url 2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk 2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe 2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk 2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe 2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe 2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg 2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe 2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner 2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt 2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe 2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK 2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana 2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe 2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip 2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe 2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray 2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-03 10:51 - 2019-08-09 18:01 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip 2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data 2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset 2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso 2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther 2019-08-02 19:00 - 2019-08-09 18:38 - 000000000 ____D C:\ProgramData\TmpLoog 2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe 2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe 2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_ 2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3 2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive 2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf 2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com 2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp 2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf 2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf 2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf 2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt 2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt 2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order 2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games 2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe 2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm 2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe 2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt 2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe 2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe 2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-11 11:32 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla 2019-08-11 11:26 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2019-08-11 11:26 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-11 06:58 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031} 2019-08-10 20:27 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2019-08-10 20:27 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-08-10 20:27 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles 2019-08-10 20:26 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov 2019-08-10 20:25 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER 2019-08-10 20:25 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-10 20:24 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-10 19:34 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-10 02:02 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive 2019-08-09 16:25 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite 2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc 2019-08-09 13:14 - 2018-08-05 21:23 - 000000000 ___RD C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B 2019-08-09 10:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-08 23:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer 2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera 2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup 2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet 2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet 2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp 2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent 2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord 2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine 2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games 2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR 2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games 2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl 2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify 2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify 2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher 2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic 2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype 2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java 2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java 2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin 2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk 2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin 2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++ 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++ 2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders 2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC 2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit 2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu 2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games 2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games 2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages 2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee 2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache 2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android 2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games 2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects 2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V 2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr ==================== Files in the root of some directories ================ 2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat 2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile 2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp 2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg 2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat 2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini 2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log 2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel 2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml 2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log 2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml 2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition: Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019 Ran by vanov (11-08-2019 11:36:03) Running from C:\Users\vanov\Downloads Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled) ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled) DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled) vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden .NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation) Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation) Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation) Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation) Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear) TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - ) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream) MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02] CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ==================== Loaded Modules (Whitelisted) ============== 2018-02-12 21:33 - 2018-02-12 21:33 - 000161792 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll 2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll 2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73235831.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73235831.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-09 15:09 - 2019-08-10 20:27 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2018-08-04 16:06 - 2019-08-10 20:27 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 4 8 18 27 58 581 37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Idvsoft" HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 ==================== Restore Points ========================= 07-08-2019 15:45:54 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2019 11:27:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/11/2019 11:26:58 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/10/2019 11:27:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/10/2019 08:31:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry Error: (08/10/2019 08:31:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/10/2019 08:30:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/10/2019 08:30:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/10/2019 07:41:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (08/11/2019 11:26:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/11/2019 11:26:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/11/2019 11:26:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (08/11/2019 03:10:24 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (08/11/2019 02:49:54 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (08/10/2019 08:50:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ME49L6T) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-ME49L6T\vanov SID (S-1-5-21-3387545514-2906784231-2682514228-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/10/2019 08:50:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/10/2019 08:50:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Windows Defender: =================================== Date: 2019-08-09 19:19:55.512 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {8EC7E7A5-0A16-4814-A79A-D893EE57A550} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-09 18:36:44.306 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bluteal!rfn&threatid=2147724737&enterprise=0 Name: Trojan:Win32/Bluteal!rfn ID: 2147724737 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\TmpLoog\tmplog.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\vanov\Desktop\mbar\mbar.exe Signature Version: AV: 1.299.1628.0, AS: 1.299.1628.0, NIS: 1.299.1628.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-09 18:31:31.354 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {893C92A0-B4D9-4175-ABC4-2F47639C2A25} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:26:37.257 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-28 20:29:32.996 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:04:51.511 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 10:48:53.266 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-02 21:50:23.754 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:34:43.457 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:16:13.596 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-08-03 11:42:32.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:42:31.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 33% Total physical RAM: 12203.32 MB Available physical RAM: 8058.89 MB Total Virtual: 13355.32 MB Available Virtual: 9416.93 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:465.21 GB) (Free:69.25 GB) NTFS \\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ I can set up the clean boot whenever you post the fixlog Link to post Share on other sites More sharing options...
kevinf80 Posted August 11, 2019 ID:1328834 Share Posted August 11, 2019 Thanks for those logs, I want you to set up for clean boot, when in that mode run FRST fix. System should reboot back to clean boot mode. Run FRST scan in clean boot and post fresh logs... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Next, Copy this folder to your desktop, then zip and attach to your reply: C:\WINDOWS\Minidump Thanks, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
Vlahotic Posted August 11, 2019 Author ID:1328846 Share Posted August 11, 2019 So, the minidump folder is empty completely ( I have the show hidden files option enabled and nothing is there), so I guess no need of uploading it. Here are the logs prior to fix FRST: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019 Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (11-08-2019 15:44:21) Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed] HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-10] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13] ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited) Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> ) Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software) Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed] Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [NameServer] 116.203.6.218 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Edge: ====== DownloadDir: C:\Users\vanov\Downloads FireFox: ======== FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085 FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-11] FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 4 FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26] FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json] FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02] FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06] FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe Opera: ======= OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15] OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02] OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02] OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02] OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> ) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation) S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S4 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH) S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 51D2828C; C:\WINDOWS\system32\drivers\51D2828C.sys [255928 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm)) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation) R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation) NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-11 15:44 - 2019-08-11 15:47 - 000032879 _____ C:\Users\vanov\Downloads\FRST.txt 2019-08-11 15:43 - 2019-08-11 15:43 - 000001720 _____ C:\Users\vanov\Downloads\fixlist.txt 2019-08-11 15:40 - 2019-08-11 15:40 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-11 15:40 - 2019-08-11 15:40 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-11 15:40 - 2019-08-11 15:40 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-11 15:39 - 2019-08-11 15:39 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-11 15:39 - 2019-08-11 15:39 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-08-11 11:36 - 2019-08-11 11:40 - 000092507 _____ C:\Users\vanov\Downloads\Addition6.txt 2019-08-11 11:31 - 2019-08-11 11:40 - 000060698 _____ C:\Users\vanov\Downloads\FRST6.txt 2019-08-11 11:31 - 2019-08-11 11:31 - 002097664 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe 2019-08-11 11:31 - 2019-08-11 11:31 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion 2019-08-10 23:41 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\LionsShade 2019-08-10 23:40 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\Downloads\Cliff.Empire.v1.10 2019-08-10 20:49 - 2019-08-10 20:49 - 000000448 _____ C:\Users\vanov\Documents\bsod.rar 2019-08-10 20:42 - 2019-08-10 20:42 - 000001232 _____ C:\Users\vanov\Documents\bsod.xml 2019-08-10 20:27 - 2019-08-10 20:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-08-10 20:24 - 2019-08-11 04:27 - 000000000 ____D C:\WINDOWS\Minidump 2019-08-10 19:41 - 2019-08-10 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51D2828C.sys 2019-08-10 02:02 - 2019-08-10 02:02 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001 2019-08-10 02:02 - 2019-08-10 02:02 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-09 22:04 - 2019-08-09 22:04 - 528928101 _____ C:\Users\vanov\Downloads\Cliff.Empire.v1.10.rar 2019-08-09 18:01 - 2019-08-09 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1238763A.sys 2019-08-09 18:00 - 2019-08-10 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-08-09 18:00 - 2019-08-10 19:41 - 000000000 ____D C:\Users\vanov\Desktop\mbar 2019-08-09 17:58 - 2019-08-09 17:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\vanov\Desktop\mbar-1.10.3.1001.exe 2019-08-09 17:32 - 2019-08-09 17:32 - 000000000 ____D C:\Users\vanov\AppData\Local\RSG 2019-08-09 17:30 - 2019-08-09 17:30 - 000004184 _____ C:\Users\vanov\Desktop\notify.csv 2019-08-09 17:30 - 2019-08-09 17:30 - 000000786 _____ C:\Users\vanov\Desktop\notify.rar 2019-08-09 17:29 - 2019-08-09 17:29 - 000177816 _____ (PowerTool) C:\Users\vanov\Desktop\kEvP64.sys 2019-08-09 17:28 - 2019-08-09 17:28 - 009440768 _____ C:\Users\vanov\Desktop\PowerTool64.exe 2019-08-09 16:50 - 2019-08-09 16:51 - 000519347 _____ C:\Users\vanov\Desktop\TDSS Report.txt 2019-08-09 16:31 - 2019-08-09 16:40 - 001038716 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.31.54_log.txt 2019-08-09 16:27 - 2019-08-09 16:28 - 000006126 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.27.31_log.txt 2019-08-09 15:29 - 2019-08-09 15:35 - 000091634 _____ C:\Users\vanov\Downloads\Addition5.txt 2019-08-09 15:23 - 2019-08-09 15:35 - 000088832 _____ C:\Users\vanov\Downloads\FRST5.txt 2019-08-09 15:08 - 2019-08-09 15:14 - 000039960 _____ C:\Users\vanov\Downloads\Fixlog2.txt 2019-08-09 10:57 - 2019-08-09 11:04 - 000116729 _____ C:\Users\vanov\Downloads\Addition4.txt 2019-08-09 10:51 - 2019-08-09 11:04 - 000094180 _____ C:\Users\vanov\Downloads\FRST4.txt 2019-08-09 10:35 - 2019-08-09 10:40 - 000107856 _____ C:\Users\vanov\Downloads\Addition3.txt 2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper 2019-08-09 10:30 - 2019-08-09 10:40 - 000089720 _____ C:\Users\vanov\Downloads\FRST3.txt 2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip 2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487 2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc 2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool 2019-08-06 17:42 - 2019-08-11 15:49 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-06 17:00 - 2019-08-06 17:06 - 000105806 _____ C:\Users\vanov\Downloads\Addition2.txt 2019-08-06 16:55 - 2019-08-06 17:06 - 000088273 _____ C:\Users\vanov\Downloads\FRST2.txt 2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe 2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt 2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog1.txt 2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf 2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games 2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects 2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine 2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk 2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt 2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt 2019-08-05 11:08 - 2019-08-11 15:44 - 000000000 ____D C:\FRST 2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt 2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt 2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url 2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk 2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe 2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk 2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe 2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe 2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg 2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe 2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner 2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt 2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe 2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK 2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana 2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe 2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip 2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe 2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray 2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-03 10:51 - 2019-08-09 18:01 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip 2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data 2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset 2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso 2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther 2019-08-02 19:00 - 2019-08-09 18:38 - 000000000 ____D C:\ProgramData\TmpLoog 2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe 2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe 2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_ 2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3 2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive 2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf 2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com 2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp 2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf 2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf 2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf 2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt 2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt 2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order 2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games 2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe 2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm 2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe 2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt 2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe 2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe 2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-11 15:44 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla 2019-08-11 15:39 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2019-08-11 15:38 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-11 15:37 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov 2019-08-11 15:37 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-11 15:32 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-11 13:33 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031} 2019-08-11 11:49 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2019-08-10 20:27 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-08-10 20:27 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles 2019-08-10 20:25 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER 2019-08-10 20:25 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-10 02:02 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive 2019-08-09 16:25 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite 2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc 2019-08-09 13:14 - 2018-08-05 21:23 - 000000000 ___RD C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B 2019-08-09 10:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-08 23:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer 2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera 2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup 2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet 2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet 2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp 2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent 2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord 2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine 2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games 2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR 2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games 2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl 2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify 2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify 2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher 2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic 2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype 2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java 2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java 2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin 2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk 2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin 2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++ 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++ 2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders 2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC 2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit 2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu 2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games 2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games 2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages 2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee 2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache 2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android 2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games 2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects 2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V 2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr ==================== Files in the root of some directories ================ 2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat 2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile 2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp 2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg 2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat 2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini 2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log 2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel 2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml 2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log 2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml 2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition: Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019 Ran by vanov (11-08-2019 15:49:57) Running from C:\Users\vanov\Downloads Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled) ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled) DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled) vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden .NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation) Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation) Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation) Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation) Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear) TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - ) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream) MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02] CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ==================== Loaded Modules (Whitelisted) ============== 2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll 2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73235831.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73235831.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-09 15:09 - 2019-08-10 20:27 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2018-08-04 16:06 - 2019-08-11 15:39 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 5 9 13 39 54 209 37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: EasyAntiCheat => 3 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MsMpiLaunchSvc => 3 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: PnkBstrA => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TunnelBearMaintenance => 2 HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Lightshot" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Idvsoft" HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}" HKLM\...\StartupApproved\Run32: => "wgpro" HKLM\...\StartupApproved\Run32: => "amd_dc_opt" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DOS Host" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 ==================== Restore Points ========================= 07-08-2019 15:45:54 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2019 03:43:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/11/2019 03:43:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/11/2019 03:43:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/11/2019 11:27:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/11/2019 11:26:58 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/10/2019 11:27:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/10/2019 08:31:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry Error: (08/10/2019 08:31:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (08/11/2019 03:43:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/11/2019 03:40:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/11/2019 03:39:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SQLTELEMETRY service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/11/2019 03:39:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SQLTELEMETRY service to connect. Error: (08/11/2019 03:38:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IntelHaxm service failed to start due to the following error: A device attached to the system is not functioning. Error: (08/11/2019 03:38:49 PM) (Source: IntelHaxm) (EventID: 3) (User: ) Description: HAXM Failed to init VMX Error: (08/11/2019 03:38:49 PM) (Source: IntelHaxm) (EventID: 6) (User: ) Description: HAXM can't work on system without VT support Error: (08/11/2019 03:38:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WMPNetworkSvc service depends on the WSearch service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Windows Defender: =================================== Date: 2019-08-09 19:19:55.512 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {8EC7E7A5-0A16-4814-A79A-D893EE57A550} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-09 18:36:44.306 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bluteal!rfn&threatid=2147724737&enterprise=0 Name: Trojan:Win32/Bluteal!rfn ID: 2147724737 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\TmpLoog\tmplog.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\vanov\Desktop\mbar\mbar.exe Signature Version: AV: 1.299.1628.0, AS: 1.299.1628.0, NIS: 1.299.1628.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-09 18:31:31.354 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {893C92A0-B4D9-4175-ABC4-2F47639C2A25} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:26:37.257 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-28 20:29:32.996 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:04:51.511 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 10:48:53.266 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-02 21:50:23.754 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:34:43.457 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:16:13.596 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-08-03 11:42:32.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:42:31.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 25% Total physical RAM: 12203.32 MB Available physical RAM: 9077.5 MB Total Virtual: 13355.32 MB Available Virtual: 10297.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.21 GB) (Free:69.48 GB) NTFS \\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Here is the Fixlog: Spoiler Fix result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019 Ran by vanov (11-08-2019 15:56:57) Run:5 Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DOS Host] => C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B\DOS Host\doshost.exe C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B Task: {81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION cpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}: [NameServer] 116.203.6.218 Tcpip\..\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}: [NameServer] 116.203.6.218 Hosts: EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DOS Host" => removed successfully C:\Users\vanov\AppData\Roaming\C25CFF0D-35D5-4B2A-B1AC-3146CEB4DC7B => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81668EB1-6E5D-40EE-BFFA-25B09CCF4FE1}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found cpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 => Error: No automatic fix found for this entry. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24b58f83-bf4d-40e4-a6b1-5f849b89db74}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84adbad7-bfc3-4947-b0cf-9c8738caccf9}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8c05adc3-f683-4b02-b575-0d3af10d2b6b}\\NameServer" => removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 12083200 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10774484 B Java, Flash, Steam htmlcache => 144461424 B Windows/system/drivers => 1116795 B Edge => 0 B Chrome => 0 B Firefox => 1022902487 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 722 B LocalService => 0 B LocalService => 0 B NetworkService => 12026 B NetworkService => 0 B defaultuser0 => 0 B vanov => 36701036 B SQLTELEMETRY => 0 B MSSQLSERVER => 0 B RecycleBin => 0 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:59:01 ==== Here are the logs post Fix FRST: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019 Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (11-08-2019 16:06:36) Running from C:\Users\vanov\Downloads Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER) Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed] HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-10] (Valve -> Valve Corporation) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13] ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe) Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd) Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited) Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> ) Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software) Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed] Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1 Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194 Internet Explorer: ================== SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation) Edge: ====== DownloadDir: C:\Users\vanov\Downloads FireFox: ======== FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085 FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-11] FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 4 FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26] FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json] FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26] FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02] FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06] FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN) StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe Opera: ======= OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15] OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02] OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02] OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02] OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> ) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation) S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S4 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts) S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH) S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> ) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 51D2828C; C:\WINDOWS\system32\drivers\51D2828C.sys [255928 2019-08-10] (Malwarebytes Corporation -> Malwarebytes) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd) S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm)) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-11] (Malwarebytes Corporation -> Malwarebytes) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA)) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation) R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation) NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-11 16:06 - 2019-08-11 16:10 - 000032779 _____ C:\Users\vanov\Downloads\FRST.txt 2019-08-11 16:03 - 2019-08-11 16:03 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-08-11 16:03 - 2019-08-11 16:03 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-08-11 16:03 - 2019-08-11 16:03 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-08-11 16:02 - 2019-08-11 16:02 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-08-11 16:02 - 2019-08-11 16:02 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16 2019-08-11 15:56 - 2019-08-11 15:59 - 000003532 _____ C:\Users\vanov\Downloads\Fixlog.txt 2019-08-11 15:49 - 2019-08-11 15:56 - 000092197 _____ C:\Users\vanov\Downloads\Addition7.txt 2019-08-11 15:44 - 2019-08-11 15:56 - 000058730 _____ C:\Users\vanov\Downloads\FRST7.txt 2019-08-11 11:36 - 2019-08-11 11:40 - 000092507 _____ C:\Users\vanov\Downloads\Addition6.txt 2019-08-11 11:31 - 2019-08-11 11:40 - 000060698 _____ C:\Users\vanov\Downloads\FRST6.txt 2019-08-11 11:31 - 2019-08-11 11:31 - 002097664 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe 2019-08-11 11:31 - 2019-08-11 11:31 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion 2019-08-10 23:41 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\LionsShade 2019-08-10 23:40 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\Downloads\Cliff.Empire.v1.10 2019-08-10 20:49 - 2019-08-10 20:49 - 000000448 _____ C:\Users\vanov\Documents\bsod.rar 2019-08-10 20:42 - 2019-08-10 20:42 - 000001232 _____ C:\Users\vanov\Documents\bsod.xml 2019-08-10 20:27 - 2019-08-10 20:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-08-10 20:24 - 2019-08-11 04:27 - 000000000 ____D C:\WINDOWS\Minidump 2019-08-10 19:41 - 2019-08-10 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51D2828C.sys 2019-08-10 02:02 - 2019-08-10 02:02 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001 2019-08-10 02:02 - 2019-08-10 02:02 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-08-09 22:04 - 2019-08-09 22:04 - 528928101 _____ C:\Users\vanov\Downloads\Cliff.Empire.v1.10.rar 2019-08-09 18:01 - 2019-08-09 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1238763A.sys 2019-08-09 18:00 - 2019-08-10 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-08-09 18:00 - 2019-08-10 19:41 - 000000000 ____D C:\Users\vanov\Desktop\mbar 2019-08-09 17:58 - 2019-08-09 17:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\vanov\Desktop\mbar-1.10.3.1001.exe 2019-08-09 17:32 - 2019-08-09 17:32 - 000000000 ____D C:\Users\vanov\AppData\Local\RSG 2019-08-09 17:30 - 2019-08-09 17:30 - 000004184 _____ C:\Users\vanov\Desktop\notify.csv 2019-08-09 17:30 - 2019-08-09 17:30 - 000000786 _____ C:\Users\vanov\Desktop\notify.rar 2019-08-09 17:29 - 2019-08-09 17:29 - 000177816 _____ (PowerTool) C:\Users\vanov\Desktop\kEvP64.sys 2019-08-09 17:28 - 2019-08-09 17:28 - 009440768 _____ C:\Users\vanov\Desktop\PowerTool64.exe 2019-08-09 16:50 - 2019-08-09 16:51 - 000519347 _____ C:\Users\vanov\Desktop\TDSS Report.txt 2019-08-09 16:31 - 2019-08-09 16:40 - 001038716 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.31.54_log.txt 2019-08-09 16:27 - 2019-08-09 16:28 - 000006126 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.27.31_log.txt 2019-08-09 15:29 - 2019-08-09 15:35 - 000091634 _____ C:\Users\vanov\Downloads\Addition5.txt 2019-08-09 15:23 - 2019-08-09 15:35 - 000088832 _____ C:\Users\vanov\Downloads\FRST5.txt 2019-08-09 15:08 - 2019-08-09 15:14 - 000039960 _____ C:\Users\vanov\Downloads\Fixlog2.txt 2019-08-09 10:57 - 2019-08-09 11:04 - 000116729 _____ C:\Users\vanov\Downloads\Addition4.txt 2019-08-09 10:51 - 2019-08-09 11:04 - 000094180 _____ C:\Users\vanov\Downloads\FRST4.txt 2019-08-09 10:35 - 2019-08-09 10:40 - 000107856 _____ C:\Users\vanov\Downloads\Addition3.txt 2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper 2019-08-09 10:30 - 2019-08-09 10:40 - 000089720 _____ C:\Users\vanov\Downloads\FRST3.txt 2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip 2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487 2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc 2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool 2019-08-06 17:42 - 2019-08-11 16:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-08-06 17:00 - 2019-08-06 17:06 - 000105806 _____ C:\Users\vanov\Downloads\Addition2.txt 2019-08-06 16:55 - 2019-08-06 17:06 - 000088273 _____ C:\Users\vanov\Downloads\FRST2.txt 2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe 2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt 2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog1.txt 2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf 2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games 2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects 2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine 2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk 2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt 2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt 2019-08-05 11:08 - 2019-08-11 16:06 - 000000000 ____D C:\FRST 2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt 2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt 2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url 2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk 2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe 2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk 2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe 2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe 2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace 2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg 2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe 2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner 2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt 2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe 2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK 2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana 2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe 2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip 2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe 2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray 2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-08-03 10:51 - 2019-08-09 18:01 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip 2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data 2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset 2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso 2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther 2019-08-02 19:00 - 2019-08-09 18:38 - 000000000 ____D C:\ProgramData\TmpLoog 2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe 2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System 2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe 2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_ 2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3 2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive 2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf 2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs 2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com 2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp 2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf 2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf 2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf 2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt 2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt 2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order 2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games 2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe 2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm 2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe 2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt 2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe 2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe 2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-11 16:03 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2019-08-11 16:01 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-08-11 16:00 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-08-11 15:44 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla 2019-08-11 15:37 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov 2019-08-11 15:32 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-08-11 13:33 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031} 2019-08-11 11:49 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam 2019-08-10 20:27 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2019-08-10 20:27 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles 2019-08-10 20:25 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER 2019-08-10 20:25 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-08-10 02:02 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive 2019-08-09 16:25 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite 2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc 2019-08-09 10:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-08-08 23:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer 2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera 2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup 2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet 2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet 2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache 2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp 2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent 2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord 2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine 2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games 2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR 2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games 2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl 2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify 2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify 2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher 2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic 2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype 2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java 2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java 2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin 2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity 2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk 2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin 2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++ 2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++ 2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders 2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC 2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google 2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google 2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit 2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition 2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu 2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games 2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games 2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games 2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages 2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee 2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache 2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android 2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games 2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects 2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V 2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr ==================== Files in the root of some directories ================ 2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat 2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile 2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp 2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg 2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat 2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini 2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log 2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel 2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg 2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml 2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log 2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml 2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition: Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019 Ran by vanov (11-08-2019 16:12:40) Running from C:\Users\vanov\Downloads Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled) ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled) DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled) vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden .NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation) µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation) Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team) Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks) Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation) Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation) Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation) Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation) Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation) Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation) Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation) Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation) Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft) Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version: - Microsoft Corporation) Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich) MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB) sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear) TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - ) Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft) vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation) WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft) Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad] Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation) Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream) MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02] CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed] ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation) ==================== Loaded Modules (Whitelisted) ============== 2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll 2016-09-24 08:53 - 2016-09-24 08:53 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll 2018-01-11 18:39 - 2008-05-23 00:25 - 000043520 ____N (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll 2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73235831.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73235831.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-11 15:58 - 2019-08-11 15:58 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2018-08-04 16:06 - 2019-08-11 16:03 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 5 9 14 3 1 281 37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: EasyAntiCheat => 3 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MsMpiLaunchSvc => 3 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: PnkBstrA => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TunnelBearMaintenance => 2 HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Lightshot" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Idvsoft" HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}" HKLM\...\StartupApproved\Run32: => "wgpro" HKLM\...\StartupApproved\Run32: => "amd_dc_opt" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DOS Host" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed] FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed] FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed] FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed] FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed] FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios) FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53 ==================== Restore Points ========================= 07-08-2019 15:45:54 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2019 04:05:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/11/2019 04:05:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/11/2019 04:05:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/11/2019 03:58:30 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/11/2019 03:56:58 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {911dcbd5-c1dc-4fc4-bdb5-731f642d3a05} Error: (08/11/2019 03:43:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/11/2019 03:43:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/11/2019 03:43:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (08/11/2019 04:06:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/11/2019 04:04:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/11/2019 04:02:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SQLTELEMETRY service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/11/2019 04:02:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SQLTELEMETRY service to connect. Error: (08/11/2019 04:01:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IntelHaxm service failed to start due to the following error: A device attached to the system is not functioning. Error: (08/11/2019 04:01:52 PM) (Source: IntelHaxm) (EventID: 3) (User: ) Description: HAXM Failed to init VMX Error: (08/11/2019 04:01:52 PM) (Source: IntelHaxm) (EventID: 6) (User: ) Description: HAXM can't work on system without VT support Error: (08/11/2019 04:01:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WMPNetworkSvc service depends on the WSearch service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Windows Defender: =================================== Date: 2019-08-09 19:19:55.512 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {8EC7E7A5-0A16-4814-A79A-D893EE57A550} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-09 18:36:44.306 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bluteal!rfn&threatid=2147724737&enterprise=0 Name: Trojan:Win32/Bluteal!rfn ID: 2147724737 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\TmpLoog\tmplog.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\vanov\Desktop\mbar\mbar.exe Signature Version: AV: 1.299.1628.0, AS: 1.299.1628.0, NIS: 1.299.1628.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-09 18:31:31.354 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {893C92A0-B4D9-4175-ABC4-2F47639C2A25} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-03 11:26:37.257 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-07-28 20:29:32.996 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-08-11 16:17:17.241 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1765.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 11:04:51.511 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-03 10:48:53.266 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1090.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-08-02 21:50:23.754 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-08-02 21:34:43.457 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =================================== Date: 2019-08-03 11:42:32.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:42:31.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:45.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.559 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2019-08-03 11:41:36.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 24% Total physical RAM: 12203.32 MB Available physical RAM: 9248.89 MB Total Virtual: 13355.32 MB Available Virtual: 10405.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.21 GB) (Free:70.5 GB) NTFS \\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted August 11, 2019 ID:1328860 Share Posted August 11, 2019 Can you zip up this file and attach to next reply please: C:\Users\vanov\AppData\Local\WMI.ini Link to post Share on other sites More sharing options...
Vlahotic Posted August 11, 2019 Author ID:1328863 Share Posted August 11, 2019 Here you go WMI.rar Link to post Share on other sites More sharing options...
kevinf80 Posted August 11, 2019 ID:1328864 Share Posted August 11, 2019 Unfortunately still no further forward.. try this please: Run RogueKiller IMPORTANT: Please remove any usb or external drives from the computer and close all running programs before you run this scan! Download RogueKiller and save to your desktop...RogueKiller (X86)RogueKiller (x64) Exit all running applications. Double-click on RogueKiller.exe to launch the tool. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Scan" then Start under ‘Standard Scan (recommended)’ Once the scan is complete, click on Results click Open and then select text file save the file to your Desktop as RKreport.txt copy/paste the content in your next reply NOTE: DO NOT attempt to remove anything that the scan detects, entries reported may not be malicious Link to post Share on other sites More sharing options...
Recommended Posts