Jump to content
Vlahotic

Trojan DNS Changer keeps coming back

Recommended Posts

Scan complete:
 

Spoiler

RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug  9 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : vanov [Administrator]
Started from : C:\Users\vanov\Downloads\RogueKiller_portable64.exe
Signatures : 20190809_122242, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/11 19:45:38 (Duration : 00:49:56)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -- N/A -> Found
  [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Mail.Ru -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Popcorn Time -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\PopcornTime -- N/A -> Found
  [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\AppDataLow\Software\Mail.Ru -- N/A -> Found
>>>>>> XX - Uninstall
  [PUP.Popcorn (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time_is1 -- N/A -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Popcorn|PUP.Gen1 (Potentially Malicious)] (shortcut) Popcorn Time.lnk -- C:\Users\Public\Desktop\Popcorn Time.lnk => C:\PROGRA~2\POPCOR~1\PopcornTimeDesktop.exe -> Found
[PUP.Popcorn (Potentially Malicious)] (folder) PopcornTime -- C:\Users\vanov\AppData\Local\PopcornTime -> Found
[PUP.HackTool (Potentially Malicious)] (folder) KMSpico -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Found
[PUP.Popcorn|PUP.Gen1 (Potentially Malicious)] (folder) Popcorn Time -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time -> Found
[PUP.HackTool (Potentially Malicious)] (folder) KMSpico -- C:\Program Files\KMSpico -> Found
[PUP.Popcorn|PUP.Gen1 (Potentially Malicious)] (folder) Popcorn Time -- C:\Program Files (x86)\Popcorn Time -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Firefox Addon
  [PUP.MailRU (Potentially Malicious)] DevTool: Remove CSP, IFrame option (C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\extensions\{d102ce54-94a6-4cbb-b005-7391ce5702e0}) -- {d102ce54-94a6-4cbb-b005-7391ce5702e0} -> Found
>>>>>> Firefox Config
  [PUM.Proxy (Potentially Malicious)] network.proxy.type (C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\prefs.js) -- 4 -> Found

 

Those PUPs in the registry showed as removed before, by malwarebytes and Kaspersky recue disk (which I ran way before posting here) so I guess they're back too 🤯

What's next

Share this post


Link to post
Share on other sites
Run RogueKiller again....
 
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Checkmark all of the found entries
  • click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply....


Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs in your reply...

fixlist.txt

Share this post


Link to post
Share on other sites

Here are all the logs
 

RKClean log

Spoiler

RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug  9 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : vanov [Administrator]
Started from : C:\Users\vanov\Downloads\RogueKiller_portable64.exe
Signatures : 20190809_122242, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/08/11 20:55:36 (Duration : 00:49:56)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Mail.Ru --  -> Deleted
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] HKEY_USERS\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Mail.Ru --  -> Deleted
[PUP.Gen1|PUP.MailRU (Potentially Malicious)] HKEY_USERS\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\AppDataLow\Software\Mail.Ru --  -> Deleted
[PUP.HackTool (Potentially Malicious)] (folder) KMSpico -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -- -> Deleted
[PUP.HackTool (Potentially Malicious)] (folder) KMSpico -- C:\Program Files\KMSpico -- -> Deleted
[PUP.MailRU (Potentially Malicious)] DevTool: Remove CSP, IFrame option -- {d102ce54-94a6-4cbb-b005-7391ce5702e0} -> Deleted
[PUM.Proxy (Potentially Malicious)] network.proxy.type -- 4 ->

 

The last entry wasn't deleted for some reason, I can re-run the scan and try again ?

FRST:
 

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (11-08-2019 21:13:02)
Running from C:\Users\vanov\Downloads
Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER)
Platform: Windows 10 Pro Version 1803 17134.885 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TunnelBear, Inc. -> ) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-10] (Valve -> Valve Corporation)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13]
ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat
Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)
Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat
Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {79C43D64-C54E-4662-9D49-919AEF86BF9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat
Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat
Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited)
Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B058EC2B-0726-47B7-8B1B-A975B69CED27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> )
Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {DD5F0550-0D96-45A8-80CB-EA5DB0E9C59E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed]
Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {FBD77374-BC26-4033-84E7-10F003A9EED5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\vanov\Downloads

FireFox:
========
FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-11]
FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 0
FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26]
FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json]
FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26]
FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02]
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06]
FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Opera:
=======
OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15]
OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02]
OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02]
OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02]
OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> )
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5073792 2019-07-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> )
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-07-04] (Microsoft Windows -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 51D2828C; C:\WINDOWS\system32\drivers\51D2828C.sys [255928 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm))
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-05] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-11] (Malwarebytes Corporation -> Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-11 21:13 - 2019-08-11 21:16 - 000033356 _____ C:\Users\vanov\Downloads\FRST.txt
2019-08-11 21:05 - 2019-08-11 21:05 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-11 21:05 - 2019-08-11 21:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-11 21:04 - 2019-08-11 21:04 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-11 21:04 - 2019-08-11 21:04 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-11 21:03 - 2019-08-11 21:03 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-11 21:03 - 2019-08-11 21:03 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-11 20:58 - 2019-08-11 21:00 - 000001824 _____ C:\Users\vanov\Downloads\Fixlog.txt
2019-08-11 20:57 - 2019-08-11 21:12 - 000002662 _____ C:\Users\vanov\Downloads\RKClean.txt
2019-08-11 20:37 - 2019-08-11 20:37 - 000006410 _____ C:\Users\vanov\Downloads\RKReport.txt
2019-08-11 19:44 - 2019-08-11 20:57 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-11 19:43 - 2019-08-11 19:44 - 034922040 _____ C:\Users\vanov\Downloads\RogueKiller_portable64.exe
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ C:\Users\vanov\AppData\Local\WMI.rar
2019-08-11 16:12 - 2019-08-11 16:18 - 000092438 _____ C:\Users\vanov\Downloads\Addition8.txt
2019-08-11 16:06 - 2019-08-11 16:18 - 000058690 _____ C:\Users\vanov\Downloads\FRST8.txt
2019-08-11 15:56 - 2019-08-11 15:59 - 000003532 _____ C:\Users\vanov\Downloads\Fixlog3.txt
2019-08-11 15:49 - 2019-08-11 15:56 - 000092197 _____ C:\Users\vanov\Downloads\Addition7.txt
2019-08-11 15:44 - 2019-08-11 15:56 - 000058730 _____ C:\Users\vanov\Downloads\FRST7.txt
2019-08-11 11:36 - 2019-08-11 11:40 - 000092507 _____ C:\Users\vanov\Downloads\Addition6.txt
2019-08-11 11:31 - 2019-08-11 11:40 - 000060698 _____ C:\Users\vanov\Downloads\FRST6.txt
2019-08-11 11:31 - 2019-08-11 11:31 - 002097664 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe
2019-08-11 11:31 - 2019-08-11 11:31 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion
2019-08-10 23:41 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\LionsShade
2019-08-10 23:40 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\Downloads\Cliff.Empire.v1.10
2019-08-10 20:49 - 2019-08-10 20:49 - 000000448 _____ C:\Users\vanov\Documents\bsod.rar
2019-08-10 20:42 - 2019-08-10 20:42 - 000001232 _____ C:\Users\vanov\Documents\bsod.xml
2019-08-10 20:24 - 2019-08-11 04:27 - 000000000 ____D C:\WINDOWS\Minidump
2019-08-10 19:41 - 2019-08-10 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51D2828C.sys
2019-08-10 02:02 - 2019-08-10 02:02 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001
2019-08-10 02:02 - 2019-08-10 02:02 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-09 22:04 - 2019-08-09 22:04 - 528928101 _____ C:\Users\vanov\Downloads\Cliff.Empire.v1.10.rar
2019-08-09 18:01 - 2019-08-09 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1238763A.sys
2019-08-09 18:00 - 2019-08-10 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-08-09 18:00 - 2019-08-10 19:41 - 000000000 ____D C:\Users\vanov\Desktop\mbar
2019-08-09 17:58 - 2019-08-09 17:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\vanov\Desktop\mbar-1.10.3.1001.exe
2019-08-09 17:32 - 2019-08-09 17:32 - 000000000 ____D C:\Users\vanov\AppData\Local\RSG
2019-08-09 17:30 - 2019-08-09 17:30 - 000004184 _____ C:\Users\vanov\Desktop\notify.csv
2019-08-09 17:30 - 2019-08-09 17:30 - 000000786 _____ C:\Users\vanov\Desktop\notify.rar
2019-08-09 17:29 - 2019-08-09 17:29 - 000177816 _____ (PowerTool) C:\Users\vanov\Desktop\kEvP64.sys
2019-08-09 17:28 - 2019-08-09 17:28 - 009440768 _____ C:\Users\vanov\Desktop\PowerTool64.exe
2019-08-09 16:50 - 2019-08-09 16:51 - 000519347 _____ C:\Users\vanov\Desktop\TDSS Report.txt
2019-08-09 16:31 - 2019-08-09 16:40 - 001038716 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.31.54_log.txt
2019-08-09 16:27 - 2019-08-09 16:28 - 000006126 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.27.31_log.txt
2019-08-09 15:29 - 2019-08-09 15:35 - 000091634 _____ C:\Users\vanov\Downloads\Addition5.txt
2019-08-09 15:23 - 2019-08-09 15:35 - 000088832 _____ C:\Users\vanov\Downloads\FRST5.txt
2019-08-09 15:08 - 2019-08-09 15:14 - 000039960 _____ C:\Users\vanov\Downloads\Fixlog2.txt
2019-08-09 10:57 - 2019-08-09 11:04 - 000116729 _____ C:\Users\vanov\Downloads\Addition4.txt
2019-08-09 10:51 - 2019-08-09 11:04 - 000094180 _____ C:\Users\vanov\Downloads\FRST4.txt
2019-08-09 10:35 - 2019-08-09 10:40 - 000107856 _____ C:\Users\vanov\Downloads\Addition3.txt
2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper
2019-08-09 10:30 - 2019-08-09 10:40 - 000089720 _____ C:\Users\vanov\Downloads\FRST3.txt
2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip
2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487
2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc
2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool
2019-08-06 17:42 - 2019-08-11 21:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-06 17:00 - 2019-08-06 17:06 - 000105806 _____ C:\Users\vanov\Downloads\Addition2.txt
2019-08-06 16:55 - 2019-08-06 17:06 - 000088273 _____ C:\Users\vanov\Downloads\FRST2.txt
2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe
2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt
2019-08-06 15:20 - 2019-08-06 15:32 - 000012830 _____ C:\Users\vanov\Downloads\Fixlog1.txt
2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf
2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games
2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects
2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine
2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk
2019-08-05 11:14 - 2019-08-05 11:19 - 000108154 _____ C:\Users\vanov\Downloads\Addition1.txt
2019-08-05 11:11 - 2019-08-05 11:19 - 000089056 _____ C:\Users\vanov\Downloads\FRST1.txt
2019-08-05 11:08 - 2019-08-11 21:13 - 000000000 ____D C:\FRST
2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt
2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt
2019-08-05 01:18 - 2019-08-05 01:18 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url
2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk
2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe
2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk
2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe
2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe
2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace
2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg
2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe
2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner
2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt
2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe
2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK
2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana
2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe
2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip
2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe
2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray
2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-03 10:51 - 2019-08-09 18:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip
2019-08-02 21:49 - 2019-08-02 21:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data
2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset
2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso
2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther
2019-08-02 19:00 - 2019-08-09 18:38 - 000000000 ____D C:\ProgramData\TmpLoog
2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe
2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe
2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_
2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3
2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf
2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe
2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com
2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp
2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf
2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf
2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf
2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt
2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt
2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order
2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games
2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe
2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm
2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe
2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt
2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe
2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe
2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-11 21:05 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles
2019-08-11 21:04 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-11 21:04 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2019-08-11 21:03 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-08-11 21:02 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-11 21:01 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-11 20:57 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla
2019-08-11 20:35 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-11 19:53 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031}
2019-08-11 19:45 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-11 15:37 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov
2019-08-10 20:25 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER
2019-08-10 02:02 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive
2019-08-09 16:25 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite
2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc
2019-08-09 10:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-08 23:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer
2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera
2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup
2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet
2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet
2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-08-06 16:34 - 2016-10-13 16:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp
2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent
2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord
2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine
2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games
2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR
2019-08-04 19:54 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games
2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl
2019-08-03 19:46 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify
2019-08-03 18:28 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify
2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher
2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic
2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype
2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java
2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java
2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin
2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk
2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin
2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++
2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders
2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC
2019-08-03 12:52 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit
2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu
2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2019-07-31 14:05 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games
2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games
2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages
2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee
2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache
2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg
2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android
2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games
2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-15 14:45 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects
2019-07-15 14:45 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-15 14:43 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-14 23:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-14 23:44 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-14 23:43 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V
2019-07-14 23:43 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-14 23:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr

==================== Files in the root of some directories ================

2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat
2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile
2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp
2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg
2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat
2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini
2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log
2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel
2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg
2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml
2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log
2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml
2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ () C:\Users\vanov\AppData\Local\WMI.rar

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition:

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by vanov (11-08-2019 21:18:49)
Running from C:\Users\vanov\Downloads
Windows 10 Pro Version 1803 17134.885 (X64) (2018-05-23 14:41:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled)
DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled)
vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov
WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation)
µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks)
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION
Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation)
Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear)
TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad]
Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream)
MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02]
CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) ==============

2018-02-12 21:33 - 2018-02-12 21:33 - 000161792 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-24 08:53 - 2016-09-24 08:53 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2018-01-11 18:39 - 2008-05-23 00:25 - 000043520 ____N (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll
2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-11 21:00 - 2019-08-11 21:04 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2018-08-04 16:06 - 2019-08-11 21:04 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 5 9 19 4 4 997
37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Idvsoft"
HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}"
HKLM\...\StartupApproved\Run32: => "wgpro"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DOS Host"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53

==================== Restore Points =========================

07-08-2019 15:45:54 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2019 09:07:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/11/2019 09:07:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/11/2019 09:07:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/11/2019 09:00:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/11/2019 08:59:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ffbe8271-c5a7-4beb-9124-5b9ffe4b1cec}

Error: (08/11/2019 05:26:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/11/2019 05:26:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/11/2019 05:26:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (08/11/2019 09:07:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/11/2019 09:07:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/11/2019 09:05:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/11/2019 09:05:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (08/11/2019 09:04:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/11/2019 09:04:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (08/11/2019 09:04:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/11/2019 09:03:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server CEIP service (MSSQLSERVER) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2019-08-09 19:19:55.512
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8EC7E7A5-0A16-4814-A79A-D893EE57A550}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-09 18:36:44.306
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bluteal!rfn&threatid=2147724737&enterprise=0
Name: Trojan:Win32/Bluteal!rfn
ID: 2147724737
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\TmpLoog\tmplog.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\vanov\Desktop\mbar\mbar.exe
Signature Version: AV: 1.299.1628.0, AS: 1.299.1628.0, NIS: 1.299.1628.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-09 18:31:31.354
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {893C92A0-B4D9-4175-ABC4-2F47639C2A25}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-03 11:26:37.257
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C36C47AF-6A54-49DD-AF3D-7D4D5520DA5F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-28 20:29:32.996
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F357303F-3784-4B4F-8754-2BE400640E70}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-11 16:17:17.241
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1765.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-08-03 11:04:51.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1090.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-08-03 10:48:53.266
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1090.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-08-02 21:50:23.754
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-08-02 21:34:43.457
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2019-08-03 11:42:32.022
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:42:31.974
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.934
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.879
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.811
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.753
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:36.559
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:36.234
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.37 02/16/2016
Motherboard: Acer ZORO_BH
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 12203.32 MB
Available physical RAM: 8995.18 MB
Total Virtual: 13291.32 MB
Available Virtual: 10132.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.21 GB) (Free:69.97 GB) NTFS

\\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Share this post


Link to post
Share on other sites

Yes can you run RK again, see if it will remove that entry..

Share this post


Link to post
Share on other sites
1 hour ago, kevinf80 said:

Did you run FRST fix..?

Ah yes I did sorry I forgot to attach it

 

Spoiler

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by vanov (11-08-2019 20:58:57) Run:6
Running from C:\Users\vanov\Downloads
Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}\\DhcpNameServer" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6524552 B
Java, Flash, Steam htmlcache => 36581314 B
Windows/system/drivers => 144770 B
Edge => 0 B
Chrome => 0 B
Firefox => 966955261 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 3616 B
NetworkService => 0 B
defaultuser0 => 0 B
vanov => 51949 B
SQLTELEMETRY => 0 B
MSSQLSERVER => 0 B

RecycleBin => 0 B
EmptyTemp: => 975 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:00:48 ====

 

Share this post


Link to post
Share on other sites

We are still not finding the loader, try the following:

user posted image
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop.
 
  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
    user posted image
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

    user posted image
     
  • Press start scan
  • The scan will now commence

    user posted image

     
  • Once the scan has finished click open report <<<--- Do not miss this step

    user posted image

     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop


This log will be excessive, Please attach it to your next reply…

Share this post


Link to post
Share on other sites

Another clean log, can you run FRST again to see if rogue IP`s are still present...

Share this post


Link to post
Share on other sites

Sorry for the delay

FRST:

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (14-08-2019 18:43:49)
Running from C:\Users\vanov\Downloads
Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER)
Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13]
ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {14D5ABA7-60D8-4C04-A73D-D462D3EC53BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat
Task: {31A4D16D-ED62-4473-8883-5805BFACBBAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {32075B90-EA68-4A1E-8153-09FAB21A0EBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-13] (Adobe Inc. -> Adobe)
Task: {55545618-D77B-4D27-BAB9-FB044352CE01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat
Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {711CD294-5C89-492C-89AA-8B98D35D461A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78C49C7C-92BE-4687-AF06-420B5ED30A0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7B6B9926-BDA7-44D7-A5CE-F6D962D3B49E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat
Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-13] (Adobe Inc. -> Adobe)
Task: {9892A3E0-1121-41D5-9A13-991AE56D5F95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat
Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited)
Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8FB1415-F7CF-485C-B1BF-719EBF4CFDC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> )
Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {DE525C0C-B6B7-4A0C-BF03-FB7FBAFF172E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE9EE772-2041-4E2F-8856-6D84E12E4E02} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed]
Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-13] (Adobe Inc. -> Adobe)
Task: {F51FC55E-9DF9-47E0-8B2A-5056FD0B3C6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\vanov\Downloads

FireFox:
========
FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-14]
FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 0
FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26]
FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json]
FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26]
FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02]
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06]
FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-13] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Opera:
=======
OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15]
OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02]
OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02]
OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02]
OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> )
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> )
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 51D2828C; C:\WINDOWS\system32\drivers\51D2828C.sys [255928 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm))
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-13] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-14 18:43 - 2019-08-14 18:46 - 000033038 _____ C:\Users\vanov\Downloads\FRST.txt
2019-08-14 18:43 - 2019-08-14 18:43 - 001612800 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe
2019-08-14 17:52 - 2019-08-14 17:52 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-14 17:50 - 2019-08-14 17:50 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-14 17:50 - 2019-08-14 17:50 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-14 17:50 - 2019-08-14 17:50 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-14 17:49 - 2019-08-14 17:49 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-14 17:49 - 2019-08-14 17:49 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-14 11:56 - 2019-08-14 11:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 11:52 - 2019-08-07 15:03 - 015202816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2019-08-14 11:52 - 2019-08-07 14:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 11:52 - 2019-08-07 14:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 11:52 - 2019-08-07 14:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 11:52 - 2019-08-07 14:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 11:52 - 2019-08-07 14:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 11:52 - 2019-08-07 10:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 11:52 - 2019-08-07 10:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 11:52 - 2019-08-07 10:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 11:52 - 2019-08-07 10:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 11:52 - 2019-08-07 09:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 11:52 - 2019-08-07 09:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 11:52 - 2019-08-07 09:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 11:52 - 2019-08-07 09:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 11:52 - 2019-08-07 09:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 11:52 - 2019-07-09 10:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 11:52 - 2019-07-09 09:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 11:52 - 2019-07-09 09:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-14 11:52 - 2019-07-09 09:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-14 11:52 - 2019-07-09 08:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2019-08-14 11:52 - 2019-07-09 08:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-14 11:52 - 2019-07-09 05:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-14 11:52 - 2019-07-09 05:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 11:52 - 2019-07-09 05:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 11:52 - 2019-07-09 04:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 11:52 - 2019-07-09 04:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-14 11:52 - 2019-07-09 04:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 11:52 - 2019-07-09 04:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 11:52 - 2019-07-09 04:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 11:52 - 2019-07-09 04:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 11:52 - 2019-07-09 04:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 11:51 - 2019-08-07 15:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 11:51 - 2019-08-07 15:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-14 11:51 - 2019-08-07 15:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 11:51 - 2019-08-07 15:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 11:51 - 2019-08-07 14:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 11:51 - 2019-08-07 14:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 11:51 - 2019-08-07 14:55 - 004594688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2019-08-14 11:51 - 2019-08-07 14:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 11:51 - 2019-08-07 14:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 11:51 - 2019-08-07 14:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 11:51 - 2019-08-07 14:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 11:51 - 2019-08-07 14:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 11:51 - 2019-08-07 14:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 11:51 - 2019-08-07 14:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 11:51 - 2019-08-07 14:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 11:51 - 2019-08-07 14:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 11:51 - 2019-08-07 11:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 11:51 - 2019-08-07 10:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 11:51 - 2019-08-07 10:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 11:51 - 2019-08-07 10:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 11:51 - 2019-08-07 10:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 11:51 - 2019-08-07 10:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 000343712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 11:51 - 2019-08-07 09:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 11:51 - 2019-08-07 09:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 11:51 - 2019-08-07 09:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 11:51 - 2019-08-07 09:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 11:51 - 2019-08-07 09:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 11:51 - 2019-08-07 09:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 11:51 - 2019-08-07 09:39 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2019-08-14 11:51 - 2019-08-07 09:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-08-14 11:51 - 2019-08-07 09:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 11:51 - 2019-08-07 09:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 11:51 - 2019-08-07 09:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 11:51 - 2019-08-07 09:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 11:51 - 2019-08-07 09:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 001777152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2019-08-14 11:51 - 2019-08-07 09:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 11:51 - 2019-08-07 09:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 11:51 - 2019-07-11 08:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 11:51 - 2019-07-09 10:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 11:51 - 2019-07-09 10:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 11:51 - 2019-07-09 10:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 11:51 - 2019-07-09 10:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 11:51 - 2019-07-09 09:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 11:51 - 2019-07-09 09:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 11:51 - 2019-07-09 09:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-14 11:51 - 2019-07-09 09:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 11:51 - 2019-07-09 09:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-14 11:51 - 2019-07-09 09:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-14 11:51 - 2019-07-09 09:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 11:51 - 2019-07-09 08:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 11:51 - 2019-07-09 05:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-14 11:51 - 2019-07-09 05:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 11:51 - 2019-07-09 05:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-14 11:51 - 2019-07-09 05:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 11:51 - 2019-07-09 05:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 11:51 - 2019-07-09 05:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 11:51 - 2019-07-09 05:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 11:51 - 2019-07-09 05:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 11:51 - 2019-07-09 05:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-14 11:51 - 2019-07-09 04:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 11:51 - 2019-07-09 04:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-14 11:51 - 2019-07-09 04:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 11:51 - 2019-07-09 04:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-14 11:51 - 2019-07-09 04:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-14 11:51 - 2019-07-09 04:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-14 11:51 - 2019-07-09 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 11:51 - 2019-07-09 04:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 11:51 - 2019-07-09 04:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 11:51 - 2019-07-09 04:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 11:51 - 2019-06-20 04:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-14 11:50 - 2019-08-07 14:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 11:50 - 2019-08-07 14:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 11:50 - 2019-08-07 14:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 11:50 - 2019-08-07 14:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 11:50 - 2019-08-07 14:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 11:50 - 2019-08-07 14:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 11:50 - 2019-08-07 14:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 11:50 - 2019-08-07 14:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 11:50 - 2019-08-07 09:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 11:50 - 2019-08-07 09:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 11:50 - 2019-08-07 09:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 11:50 - 2019-08-07 09:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 11:50 - 2019-08-07 09:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 11:50 - 2019-08-07 09:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 11:50 - 2019-08-07 09:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 11:50 - 2019-08-07 08:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 11:50 - 2019-07-09 09:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-14 11:50 - 2019-07-09 09:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-14 11:50 - 2019-07-09 09:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-14 11:50 - 2019-07-09 09:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 11:50 - 2019-07-09 09:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 11:50 - 2019-07-09 08:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 11:50 - 2019-07-09 05:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-14 11:50 - 2019-07-09 05:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 11:50 - 2019-07-09 05:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-14 11:50 - 2019-07-09 05:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-14 11:50 - 2019-07-09 05:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-14 11:50 - 2019-07-09 04:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 11:50 - 2019-07-09 04:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 11:50 - 2019-07-09 04:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 11:50 - 2019-07-09 04:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-14 11:50 - 2019-07-09 04:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 11:50 - 2019-07-09 04:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 11:50 - 2019-07-09 04:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-14 11:50 - 2019-07-09 04:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-13 18:39 - 2019-08-13 18:39 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uplay
2019-08-13 12:00 - 2019-08-13 12:00 - 000000000 ____D C:\Users\vanov\Doctor Web
2019-08-13 12:00 - 2019-08-13 12:00 - 000000000 ____D C:\ProgramData\Doctor Web
2019-08-13 11:58 - 2019-08-13 11:58 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-13 11:58 - 2019-08-13 11:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-13 11:33 - 2019-08-13 12:00 - 000404342 _____ C:\WINDOWS\ntbtlog.txt
2019-08-13 11:28 - 2019-08-13 11:30 - 196887472 _____ C:\Users\vanov\Downloads\yxf1x11g.exe
2019-08-12 21:12 - 2019-08-12 21:13 - 000000000 ____D C:\Users\vanov\Downloads\FRST LOGS
2019-08-12 17:52 - 2019-08-12 17:52 - 012462959 _____ C:\Users\vanov\Downloads\09D9615A-9E3B-46E3-9FC6-18923B3671F2.pdf
2019-08-11 20:57 - 2019-08-11 21:28 - 000002706 _____ C:\Users\vanov\Downloads\RKClean.txt
2019-08-11 20:37 - 2019-08-11 20:37 - 000006410 _____ C:\Users\vanov\Downloads\RKReport.txt
2019-08-11 19:44 - 2019-08-11 20:57 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-11 19:43 - 2019-08-11 19:44 - 034922040 _____ C:\Users\vanov\Downloads\RogueKiller_portable64.exe
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ C:\Users\vanov\AppData\Local\WMI.rar
2019-08-11 11:31 - 2019-08-14 18:43 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion
2019-08-10 23:41 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\LionsShade
2019-08-10 20:49 - 2019-08-10 20:49 - 000000448 _____ C:\Users\vanov\Documents\bsod.rar
2019-08-10 20:42 - 2019-08-10 20:42 - 000001232 _____ C:\Users\vanov\Documents\bsod.xml
2019-08-10 20:24 - 2019-08-11 04:27 - 000000000 ____D C:\WINDOWS\Minidump
2019-08-10 19:41 - 2019-08-10 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51D2828C.sys
2019-08-10 02:02 - 2019-08-10 02:02 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001
2019-08-10 02:02 - 2019-08-10 02:02 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-09 18:01 - 2019-08-09 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1238763A.sys
2019-08-09 18:00 - 2019-08-10 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-08-09 18:00 - 2019-08-10 19:41 - 000000000 ____D C:\Users\vanov\Desktop\mbar
2019-08-09 17:58 - 2019-08-09 17:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\vanov\Desktop\mbar-1.10.3.1001.exe
2019-08-09 17:32 - 2019-08-09 17:32 - 000000000 ____D C:\Users\vanov\AppData\Local\RSG
2019-08-09 17:30 - 2019-08-09 17:30 - 000004184 _____ C:\Users\vanov\Desktop\notify.csv
2019-08-09 17:30 - 2019-08-09 17:30 - 000000786 _____ C:\Users\vanov\Desktop\notify.rar
2019-08-09 17:29 - 2019-08-09 17:29 - 000177816 _____ (PowerTool) C:\Users\vanov\Desktop\kEvP64.sys
2019-08-09 17:28 - 2019-08-09 17:28 - 009440768 _____ C:\Users\vanov\Desktop\PowerTool64.exe
2019-08-09 16:50 - 2019-08-09 16:51 - 000519347 _____ C:\Users\vanov\Desktop\TDSS Report.txt
2019-08-09 16:31 - 2019-08-09 16:40 - 001038716 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.31.54_log.txt
2019-08-09 16:27 - 2019-08-09 16:28 - 000006126 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.27.31_log.txt
2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper
2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip
2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487
2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc
2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool
2019-08-06 17:42 - 2019-08-14 18:28 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe
2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt
2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf
2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games
2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects
2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine
2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk
2019-08-05 11:08 - 2019-08-14 18:43 - 000000000 ____D C:\FRST
2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt
2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt
2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url
2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk
2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe
2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk
2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe
2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe
2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace
2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg
2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe
2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner
2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt
2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe
2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK
2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana
2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe
2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip
2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe
2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray
2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-03 10:51 - 2019-08-09 18:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip
2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data
2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset
2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso
2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther
2019-08-02 19:00 - 2019-08-09 18:38 - 000000000 ____D C:\ProgramData\TmpLoog
2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe
2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe
2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_
2019-08-02 11:07 - 2019-08-02 11:07 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-02 11:07 - 2019-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-08-01 02:14 - 2019-08-01 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3
2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf
2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe
2019-07-30 14:19 - 2019-07-30 14:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-07-30 14:19 - 2019-07-30 14:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com
2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp
2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf
2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf
2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf
2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt
2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt
2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order
2019-07-18 20:24 - 2019-07-18 20:25 - 000000000 ____D C:\Users\vanov\Documents\Rockstar Games
2019-07-18 20:20 - 2019-06-28 14:08 - 002826520 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp.exe
2019-07-18 20:20 - 2019-06-28 14:08 - 000072154 ____N C:\Users\vanov\Downloads\procexp.chm
2019-07-18 20:20 - 2019-06-28 14:05 - 001501248 ____N (Sysinternals - www.sysinternals.com) C:\Users\vanov\Downloads\procexp64.exe
2019-07-18 20:20 - 2019-05-05 11:00 - 000007490 ____N C:\Users\vanov\Downloads\Eula.txt
2019-07-18 20:16 - 2019-07-18 20:16 - 008771640 _____ (Martin Malik - REALiX ) C:\Users\vanov\Downloads\hwi_608.exe
2019-07-18 18:53 - 2019-07-18 18:54 - 228125096 _____ (Rockstar Games) C:\Users\vanov\Downloads\GTAV_Setup_Tool.exe
2019-07-18 18:44 - 2019-07-23 12:06 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-14 18:43 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-14 18:43 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla
2019-08-14 18:03 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-14 17:56 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-14 17:52 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects
2019-08-14 17:52 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles
2019-08-14 17:52 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-14 17:50 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-14 17:49 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 17:48 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-14 17:48 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-08-14 17:47 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-14 17:45 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V
2019-08-14 17:45 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 17:43 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov
2019-08-14 12:22 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031}
2019-08-14 11:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-14 11:50 - 2016-10-13 16:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 11:45 - 2016-10-13 16:35 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-13 20:52 - 2018-05-23 16:38 - 000004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-13 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-13 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-13 20:09 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-13 20:06 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-13 19:59 - 2019-02-06 01:16 - 000000000 ____D C:\ProgramData\Orbit
2019-08-13 19:52 - 2018-05-23 16:38 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-13 19:40 - 2017-06-05 00:36 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2019-08-13 18:36 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games
2019-08-13 12:27 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2019-08-13 07:04 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-13 01:25 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify
2019-08-12 23:02 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify
2019-08-12 21:24 - 2018-09-28 09:53 - 000000000 ____D C:\Users\vanov\AppData\Local\ElevatedDiagnostics
2019-08-11 15:37 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER
2019-08-10 02:02 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive
2019-08-09 16:25 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite
2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc
2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer
2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera
2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup
2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet
2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet
2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp
2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent
2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord
2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine
2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games
2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR
2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl
2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher
2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic
2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype
2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java
2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java
2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin
2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk
2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin
2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++
2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders
2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit
2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu
2019-08-02 11:05 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-01 02:15 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games
2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games
2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages
2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee
2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache
2019-07-23 12:06 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg
2019-07-18 20:10 - 2018-08-04 15:41 - 000000000 ____D C:\Users\vanov\.android
2019-07-18 20:06 - 2017-06-04 19:17 - 000000000 ____D C:\Games
2019-07-18 18:49 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-15 14:49 - 2018-05-23 16:29 - 001066156 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories ================

2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat
2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile
2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp
2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg
2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat
2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini
2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log
2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel
2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg
2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml
2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log
2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml
2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ () C:\Users\vanov\AppData\Local\WMI.rar

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition:
 

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by vanov (14-08-2019 18:48:22)
Running from C:\Users\vanov\Downloads
Windows 10 Pro Version 1803 17134.950 (X64) (2018-05-23 14:41:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled)
DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled)
vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov
WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation)
µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks)
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION
Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation)
Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear)
TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad]
Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream)
MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02]
CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) ==============

2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-11 21:00 - 2019-08-13 12:27 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2018-08-04 16:06 - 2019-08-14 17:50 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 1 12 15 50 24 756
37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Idvsoft"
HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}"
HKLM\...\StartupApproved\Run32: => "wgpro"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DOS Host"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{C44E048D-F0D0-4E42-875F-A1C1E6BE5E7C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53
FirewallRules: [TCP Query User{4EE7E41B-7EDC-4527-BCB6-651EE8D3AABA}C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe No File
FirewallRules: [UDP Query User{C4429850-5807-43B9-9E8F-00CF05AF74C2}C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe No File

==================== Restore Points =========================

13-08-2019 19:22:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2019 05:54:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/14/2019 05:50:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/14/2019 05:49:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/14/2019 01:52:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/14/2019 01:52:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/14/2019 11:50:31 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_1.1.4322" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (08/14/2019 11:50:31 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_1.1.4322 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (08/14/2019 11:50:31 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (08/14/2019 05:55:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2019 05:54:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (08/14/2019 05:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/14/2019 05:51:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (08/14/2019 05:51:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2019 05:49:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server CEIP service (MSSQLSERVER) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/14/2019 05:49:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQLTELEMETRY service to connect.

Error: (08/14/2019 05:49:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TunnelBearMaintenance service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2019-08-13 19:57:39.403
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\PickerHost.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-13 19:57:36.602
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\PickerHost.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-13 19:55:13.478
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-13 19:54:59.589
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-09 19:19:55.512
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8EC7E7A5-0A16-4814-A79A-D893EE57A550}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-13 12:10:05.609
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1881.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2019-08-13 11:59:36.760
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-08-13 11:35:37.650
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-08-11 16:17:17.241
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1765.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-08-03 11:04:51.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1090.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-08-03 11:42:32.022
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:42:31.974
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.934
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.879
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.811
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.753
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:36.559
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:36.234
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.37 02/16/2016
Motherboard: Acer ZORO_BH
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 25%
Total physical RAM: 12203.32 MB
Available physical RAM: 9103.48 MB
Total Virtual: 12971.32 MB
Available Virtual: 9987.23 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:465.21 GB) (Free:71.39 GB) NTFS

\\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Share this post


Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Post those logs...

 

fixlist.txt

Share this post


Link to post
Share on other sites

Once again sorry for the delay, got busy in the analog world

Here are the files
Fixlog:
 

Spoiler

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by vanov (18-08-2019 13:19:17) Run:7
Running from C:\Users\vanov\Downloads
Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default [2019-08-06]
FF user.js: detected! => C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js [2017-02-03]
Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default => moved successfully
C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default => path removed successfully
"C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\cyjbwou1.dev-edition-default\user.js" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}\\DhcpNameServer" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17120331 B
Java, Flash, Steam htmlcache => 125228755 B
Windows/system/drivers => 75918201 B
Edge => 7680 B
Chrome => 0 B
Firefox => 396558842 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 9405 B
LocalService => 1430 B
LocalService => 0 B
NetworkService => 19738 B
NetworkService => 0 B
defaultuser0 => 0 B
vanov => 1215902 B
SQLTELEMETRY => 0 B
MSSQLSERVER => 0 B

RecycleBin => 0 B
EmptyTemp: => 599.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:22:43 ====

Post fix scans
FRST:
 

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by vanov (administrator) on DESKTOP-ME49L6T (Acer Aspire E5-573) (18-08-2019 13:30:20)
Running from C:\Users\vanov\Downloads
Loaded Profiles: vanov & MSSQLSERVER (Available Profiles: defaultuser0 & vanov & SQLTELEMETRY & MSSQLSERVER)
Platform: Windows 10 Pro Version 1803 17134.950 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.877.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [wgpro] => C:\Program Files (x86)\WinGuardPro Ltd\WinGuard\wgengine.exe [30720 2019-01-19] (WinGuard Inc.) [File not signed]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35809680 2019-08-05] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13]
ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {19A2ADE5-9202-4910-B10B-9EFFB39BE226} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447512 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {206FB3CE-C3A0-4A8B-BD59-F21F15AD9DEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat
Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {4A3D3F1C-3B9B-40FB-BAE0-99A72BD5F7C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-13] (Adobe Inc. -> Adobe)
Task: {55545618-D77B-4D27-BAB9-FB044352CE01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat
Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {711CD294-5C89-492C-89AA-8B98D35D461A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7C76E617-0F76-4057-9090-ED7B8009A7C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat
Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-13] (Adobe Inc. -> Adobe)
Task: {9892A3E0-1121-41D5-9A13-991AE56D5F95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat
Task: {A7AE68DA-BDFD-4D7E-BCE5-A9F05820A78E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited)
Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {ADF227D8-BFDB-4C27-879D-AF0616A4CA2E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4DB8B39-2FEC-42F8-BA56-25C3A2F29239} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447512 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8FB1415-F7CF-485C-B1BF-719EBF4CFDC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF6B353B-2A6F-455F-951E-080954D28F2D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> )
Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed]
Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-13] (Adobe Inc. -> Adobe)
Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\vanov\Downloads

FireFox:
========
FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-18]
FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 0
FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26]
FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json]
FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26]
FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-13] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Opera:
=======
OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15]
OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02]
OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02]
OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02]
OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> )
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-08-08] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> )
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 51D2828C; C:\WINDOWS\system32\drivers\51D2828C.sys [255928 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm))
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-18] (Malwarebytes Corporation -> Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-18 13:30 - 2019-08-18 13:33 - 000032809 _____ C:\Users\vanov\Downloads\FRST.txt
2019-08-18 13:28 - 2019-08-18 13:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-18 13:26 - 2019-08-18 13:26 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-18 13:19 - 2019-08-18 13:22 - 000002422 _____ C:\Users\vanov\Downloads\Fixlog.txt
2019-08-18 13:19 - 2019-08-18 13:19 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-18 03:30 - 2019-08-18 03:30 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-08-15 00:09 - 2019-08-15 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-08-14 18:48 - 2019-08-14 18:53 - 000093494 _____ C:\Users\vanov\Downloads\Addition9.txt
2019-08-14 18:43 - 2019-08-14 18:53 - 000090467 _____ C:\Users\vanov\Downloads\FRST9.txt
2019-08-14 18:43 - 2019-08-14 18:43 - 001612800 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe
2019-08-14 11:56 - 2019-08-14 11:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 11:52 - 2019-08-07 15:03 - 015202816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2019-08-14 11:52 - 2019-08-07 14:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 11:52 - 2019-08-07 14:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 11:52 - 2019-08-07 14:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 11:52 - 2019-08-07 14:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 11:52 - 2019-08-07 14:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 11:52 - 2019-08-07 10:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 11:52 - 2019-08-07 10:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 11:52 - 2019-08-07 10:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 11:52 - 2019-08-07 10:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 11:52 - 2019-08-07 09:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 11:52 - 2019-08-07 09:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 11:52 - 2019-08-07 09:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 11:52 - 2019-08-07 09:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 11:52 - 2019-08-07 09:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 11:52 - 2019-07-09 10:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 11:52 - 2019-07-09 09:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 11:52 - 2019-07-09 09:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-14 11:52 - 2019-07-09 09:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-14 11:52 - 2019-07-09 08:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2019-08-14 11:52 - 2019-07-09 08:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-14 11:52 - 2019-07-09 05:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-14 11:52 - 2019-07-09 05:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 11:52 - 2019-07-09 05:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 11:52 - 2019-07-09 04:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 11:52 - 2019-07-09 04:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-14 11:52 - 2019-07-09 04:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 11:52 - 2019-07-09 04:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 11:52 - 2019-07-09 04:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 11:52 - 2019-07-09 04:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 11:52 - 2019-07-09 04:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 11:51 - 2019-08-07 15:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 11:51 - 2019-08-07 15:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-14 11:51 - 2019-08-07 15:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 11:51 - 2019-08-07 15:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 11:51 - 2019-08-07 14:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 11:51 - 2019-08-07 14:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 11:51 - 2019-08-07 14:55 - 004594688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2019-08-14 11:51 - 2019-08-07 14:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 11:51 - 2019-08-07 14:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 11:51 - 2019-08-07 14:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 11:51 - 2019-08-07 14:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 11:51 - 2019-08-07 14:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 11:51 - 2019-08-07 14:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 11:51 - 2019-08-07 14:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 11:51 - 2019-08-07 14:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 11:51 - 2019-08-07 14:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 11:51 - 2019-08-07 11:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 11:51 - 2019-08-07 10:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 11:51 - 2019-08-07 10:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 11:51 - 2019-08-07 10:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 11:51 - 2019-08-07 10:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 11:51 - 2019-08-07 10:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 000343712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 11:51 - 2019-08-07 09:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 11:51 - 2019-08-07 09:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 11:51 - 2019-08-07 09:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 11:51 - 2019-08-07 09:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 11:51 - 2019-08-07 09:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 11:51 - 2019-08-07 09:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 11:51 - 2019-08-07 09:39 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2019-08-14 11:51 - 2019-08-07 09:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-08-14 11:51 - 2019-08-07 09:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 11:51 - 2019-08-07 09:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 11:51 - 2019-08-07 09:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 11:51 - 2019-08-07 09:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 11:51 - 2019-08-07 09:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 001777152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2019-08-14 11:51 - 2019-08-07 09:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 11:51 - 2019-08-07 09:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 11:51 - 2019-07-11 08:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 11:51 - 2019-07-09 10:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 11:51 - 2019-07-09 10:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 11:51 - 2019-07-09 10:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 11:51 - 2019-07-09 10:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 11:51 - 2019-07-09 09:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 11:51 - 2019-07-09 09:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 11:51 - 2019-07-09 09:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-14 11:51 - 2019-07-09 09:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 11:51 - 2019-07-09 09:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-14 11:51 - 2019-07-09 09:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-14 11:51 - 2019-07-09 09:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 11:51 - 2019-07-09 08:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 11:51 - 2019-07-09 05:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-14 11:51 - 2019-07-09 05:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 11:51 - 2019-07-09 05:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-14 11:51 - 2019-07-09 05:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 11:51 - 2019-07-09 05:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 11:51 - 2019-07-09 05:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 11:51 - 2019-07-09 05:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 11:51 - 2019-07-09 05:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 11:51 - 2019-07-09 05:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-14 11:51 - 2019-07-09 04:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 11:51 - 2019-07-09 04:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-14 11:51 - 2019-07-09 04:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 11:51 - 2019-07-09 04:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-14 11:51 - 2019-07-09 04:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-14 11:51 - 2019-07-09 04:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-14 11:51 - 2019-07-09 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 11:51 - 2019-07-09 04:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 11:51 - 2019-07-09 04:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 11:51 - 2019-07-09 04:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 11:51 - 2019-06-20 04:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-14 11:50 - 2019-08-07 14:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 11:50 - 2019-08-07 14:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 11:50 - 2019-08-07 14:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 11:50 - 2019-08-07 14:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 11:50 - 2019-08-07 14:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 11:50 - 2019-08-07 14:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 11:50 - 2019-08-07 14:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 11:50 - 2019-08-07 14:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 11:50 - 2019-08-07 09:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 11:50 - 2019-08-07 09:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 11:50 - 2019-08-07 09:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 11:50 - 2019-08-07 09:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 11:50 - 2019-08-07 09:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 11:50 - 2019-08-07 09:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 11:50 - 2019-08-07 09:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 11:50 - 2019-08-07 08:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 11:50 - 2019-07-09 09:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-14 11:50 - 2019-07-09 09:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-14 11:50 - 2019-07-09 09:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-14 11:50 - 2019-07-09 09:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 11:50 - 2019-07-09 09:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 11:50 - 2019-07-09 08:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 11:50 - 2019-07-09 05:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-14 11:50 - 2019-07-09 05:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 11:50 - 2019-07-09 05:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-14 11:50 - 2019-07-09 05:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-14 11:50 - 2019-07-09 05:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-14 11:50 - 2019-07-09 04:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 11:50 - 2019-07-09 04:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 11:50 - 2019-07-09 04:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 11:50 - 2019-07-09 04:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-14 11:50 - 2019-07-09 04:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 11:50 - 2019-07-09 04:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 11:50 - 2019-07-09 04:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-14 11:50 - 2019-07-09 04:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-13 18:39 - 2019-08-13 18:39 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uplay
2019-08-13 13:49 - 2019-08-13 13:49 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-08-13 13:49 - 2019-08-13 13:49 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-08-13 13:49 - 2019-08-13 13:49 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-08-13 13:49 - 2019-08-13 13:49 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-08-13 12:00 - 2019-08-13 12:00 - 000000000 ____D C:\Users\vanov\Doctor Web
2019-08-13 12:00 - 2019-08-13 12:00 - 000000000 ____D C:\ProgramData\Doctor Web
2019-08-13 11:58 - 2019-08-13 11:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-13 11:33 - 2019-08-13 12:00 - 000404342 _____ C:\WINDOWS\ntbtlog.txt
2019-08-13 11:28 - 2019-08-13 11:30 - 196887472 _____ C:\Users\vanov\Downloads\yxf1x11g.exe
2019-08-12 21:12 - 2019-08-12 21:13 - 000000000 ____D C:\Users\vanov\Downloads\FRST LOGS
2019-08-12 17:52 - 2019-08-12 17:52 - 012462959 _____ C:\Users\vanov\Downloads\09D9615A-9E3B-46E3-9FC6-18923B3671F2.pdf
2019-08-11 20:57 - 2019-08-11 21:28 - 000002706 _____ C:\Users\vanov\Downloads\RKClean.txt
2019-08-11 20:37 - 2019-08-11 20:37 - 000006410 _____ C:\Users\vanov\Downloads\RKReport.txt
2019-08-11 19:44 - 2019-08-11 20:57 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-11 19:43 - 2019-08-11 19:44 - 034922040 _____ C:\Users\vanov\Downloads\RogueKiller_portable64.exe
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ C:\Users\vanov\AppData\Local\WMI.rar
2019-08-11 11:31 - 2019-08-14 18:43 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion
2019-08-10 23:41 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\LionsShade
2019-08-10 20:49 - 2019-08-10 20:49 - 000000448 _____ C:\Users\vanov\Documents\bsod.rar
2019-08-10 20:42 - 2019-08-10 20:42 - 000001232 _____ C:\Users\vanov\Documents\bsod.xml
2019-08-10 20:24 - 2019-08-11 04:27 - 000000000 ____D C:\WINDOWS\Minidump
2019-08-10 19:41 - 2019-08-10 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51D2828C.sys
2019-08-10 02:02 - 2019-08-10 02:02 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001
2019-08-10 02:02 - 2019-08-10 02:02 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-09 18:01 - 2019-08-09 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1238763A.sys
2019-08-09 18:00 - 2019-08-10 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-08-09 18:00 - 2019-08-10 19:41 - 000000000 ____D C:\Users\vanov\Desktop\mbar
2019-08-09 17:58 - 2019-08-09 17:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\vanov\Desktop\mbar-1.10.3.1001.exe
2019-08-09 17:32 - 2019-08-09 17:32 - 000000000 ____D C:\Users\vanov\AppData\Local\RSG
2019-08-09 17:30 - 2019-08-09 17:30 - 000004184 _____ C:\Users\vanov\Desktop\notify.csv
2019-08-09 17:30 - 2019-08-09 17:30 - 000000786 _____ C:\Users\vanov\Desktop\notify.rar
2019-08-09 17:29 - 2019-08-09 17:29 - 000177816 _____ (PowerTool) C:\Users\vanov\Desktop\kEvP64.sys
2019-08-09 17:28 - 2019-08-09 17:28 - 009440768 _____ C:\Users\vanov\Desktop\PowerTool64.exe
2019-08-09 16:50 - 2019-08-09 16:51 - 000519347 _____ C:\Users\vanov\Desktop\TDSS Report.txt
2019-08-09 16:31 - 2019-08-09 16:40 - 001038716 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.31.54_log.txt
2019-08-09 16:27 - 2019-08-09 16:28 - 000006126 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.27.31_log.txt
2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper
2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip
2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487
2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc
2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool
2019-08-06 17:42 - 2019-08-18 13:35 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe
2019-08-06 16:21 - 2019-08-06 16:21 - 000001310 _____ C:\Users\vanov\Desktop\misplacedforcopy.txt
2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf
2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games
2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects
2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine
2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk
2019-08-05 11:08 - 2019-08-18 13:30 - 000000000 ____D C:\FRST
2019-08-05 11:07 - 2019-08-05 11:07 - 000002601 _____ C:\Users\vanov\Desktop\Malarebytes1.txt
2019-08-05 10:56 - 2019-08-05 10:56 - 000001714 _____ C:\Users\vanov\Desktop\Malwarebytes2.txt
2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url
2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk
2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe
2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk
2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe
2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe
2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace
2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg
2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe
2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner
2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt
2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe
2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK
2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana
2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe
2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip
2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe
2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray
2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-03 10:51 - 2019-08-09 18:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip
2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data
2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset
2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso
2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther
2019-08-02 19:00 - 2019-08-09 18:38 - 000000000 ____D C:\ProgramData\TmpLoog
2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe
2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe
2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_
2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3
2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf
2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com
2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp
2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf
2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf
2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf
2019-07-24 20:05 - 2017-09-26 12:24 - 000100352 _____ C:\Users\vanov\Downloads\Spider Man Homecoming.srt
2019-07-24 20:05 - 2011-11-11 20:27 - 000078233 ____N C:\Users\vanov\Downloads\Captain America.srt
2019-07-23 19:36 - 2019-07-23 19:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Colossal Order

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-18 13:33 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-18 13:32 - 2018-05-23 16:29 - 000998212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-18 13:32 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-18 13:28 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles
2019-08-18 13:26 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-18 13:25 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-08-18 13:24 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-18 13:24 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-18 13:23 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-18 13:19 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER
2019-08-18 13:19 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla
2019-08-18 13:17 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-18 08:05 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031}
2019-08-18 03:28 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-17 16:04 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-17 13:57 - 2019-07-18 18:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-17 13:57 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-16 23:01 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-15 00:09 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-08-14 17:52 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects
2019-08-14 17:52 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-14 17:49 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 17:45 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V
2019-08-14 17:45 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 17:43 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov
2019-08-14 11:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-14 11:50 - 2016-10-13 16:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 11:45 - 2016-10-13 16:35 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-13 20:52 - 2018-05-23 16:38 - 000004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-13 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-13 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-13 20:06 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-13 19:59 - 2019-02-06 01:16 - 000000000 ____D C:\ProgramData\Orbit
2019-08-13 19:52 - 2018-05-23 16:38 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-13 19:40 - 2017-06-05 00:36 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2019-08-13 18:36 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games
2019-08-13 12:27 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2019-08-13 01:25 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify
2019-08-12 23:02 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify
2019-08-12 21:24 - 2018-09-28 09:53 - 000000000 ____D C:\Users\vanov\AppData\Local\ElevatedDiagnostics
2019-08-10 02:02 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive
2019-08-09 16:25 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite
2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc
2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer
2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera
2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup
2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet
2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet
2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp
2019-08-06 14:52 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent
2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord
2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine
2019-08-05 22:27 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games
2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR
2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl
2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher
2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic
2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype
2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java
2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java
2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin
2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk
2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin
2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++
2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders
2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit
2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu
2019-08-01 20:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games
2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games
2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages
2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee
2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-24 13:22 - 2016-10-13 14:37 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2019-07-23 12:12 - 2018-05-26 23:49 - 000000000 ____D C:\Users\vanov\AppData\Local\D3DSCache
2019-07-19 12:18 - 2016-10-22 23:54 - 000007633 _____ C:\Users\vanov\AppData\Local\Resmon.ResmonCfg

==================== Files in the root of some directories ================

2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat
2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile
2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp
2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg
2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat
2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini
2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log
2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel
2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg
2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml
2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log
2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml
2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ () C:\Users\vanov\AppData\Local\WMI.rar

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition:
 

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by vanov (18-08-2019 13:36:18)
Running from C:\Users\vanov\Downloads
Windows 10 Pro Version 1803 17134.950 (X64) (2018-05-23 14:41:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled)
DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled)
vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov
WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation)
µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks)
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 79.4.143 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20218 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION
Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation)
Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear)
TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinGuard Pro 2016 (HKLM-x32\...\{F5DA39A7-9A26-44E2-9754-A611ACF0C8CC}) (Version: 10.10.2001 - WinGuardProLTD)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad]
Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream)
MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02]
CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) ==============

2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-18 13:22 - 2019-08-18 13:22 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2018-08-04 16:06 - 2019-08-18 13:26 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 5 16 11 26 51 570
37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Idvsoft"
HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}"
HKLM\...\StartupApproved\Run32: => "wgpro"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DOS Host"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{B82E9260-29D2-4F2D-BDBD-6A596F91BC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{361A52A7-D6A1-4E8C-A6D3-2933937A02A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53
FirewallRules: [TCP Query User{4EE7E41B-7EDC-4527-BCB6-651EE8D3AABA}C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe No File
FirewallRules: [UDP Query User{C4429850-5807-43B9-9E8F-00CF05AF74C2}C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe No File
FirewallRules: [{E3EE784C-588B-4F90-AD2B-FCCA44340B57}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{D4B2BD2F-13FC-4BF0-AD2C-3FC1427293B9}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

13-08-2019 19:22:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2019 01:29:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/18/2019 01:29:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/18/2019 01:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.556, time stamp: 0xf23cada5
Faulting module name: ntdll.dll, version: 10.0.17134.799, time stamp: 0x7f828745
Exception code: 0xc000000d
Fault offset: 0x0000000000108580
Faulting process id: 0x185c
Faulting application start time: 0x01d554732159c19d
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: aa5261ec-b758-4c1a-bcbe-7d89ee7e3d67
Faulting package full name:
Faulting package-relative application ID:

Error: (08/18/2019 01:21:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/18/2019 01:19:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a0a863b4-bfb7-49b9-b983-c26c509383e1}

Error: (08/18/2019 01:54:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/18/2019 01:54:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/17/2019 01:53:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (08/18/2019 01:30:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2019 01:28:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/18/2019 01:28:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (08/18/2019 01:27:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2019 01:27:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2019 01:27:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2019 01:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server CEIP service (MSSQLSERVER) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/18/2019 01:26:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQLTELEMETRY service to connect.


Windows Defender:
===================================
Date: 2019-08-17 01:54:35.921
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3DB58485-672C-492D-A334-D93D1B65DB32}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-13 19:57:39.403
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\PickerHost.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-13 19:57:36.602
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\PickerHost.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-13 19:55:13.478
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-13 19:54:59.589
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
ID: 2147625929
Severity: Severe
Category: Tool
Path: file:_D:\PROPHET\Crack\ubiorbitapi_r2_loader.dll
Detection Origin: Local machine
Detection Type: Heuristics
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.299.1881.0, AS: 1.299.1881.0, NIS: 1.299.1881.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-08-13 12:10:05.609
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1881.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2019-08-13 11:59:36.760
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-08-13 11:35:37.650
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-08-11 16:17:17.241
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1765.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-08-03 11:04:51.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.1090.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-08-03 11:42:32.022
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:42:31.974
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.934
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.879
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.811
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:45.753
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:36.559
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-08-03 11:41:36.234
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.37 02/16/2016
Motherboard: Acer ZORO_BH
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 24%
Total physical RAM: 12203.32 MB
Available physical RAM: 9242.66 MB
Total Virtual: 12971.32 MB
Available Virtual: 10054.21 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:465.21 GB) (Free:70.58 GB) NTFS

\\?\Volume{4eafa3c8-b0a9-4d57-bbc8-43ec29bacab8}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{d30143e0-3bd2-4090-b0a7-697dc65108ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Share this post


Link to post
Share on other sites
Yet again the rogue IP`s have returned:

Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194

The log also shows the current DNS Server entries as 8.8.8.8 - 8.8.4.4 suggesting the the rogue entries are not in use.

Can you upload the following to VirusTotal to be checked out..

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Users\vanov\AppData\Local\WMI.ini
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.
  • Repeat the above steps for the following files


C:\Users\vanov\AppData\Local\WMI.rar
C:\Users\vanov\AppData\Local\imw.ini


Next,

Type or copy/paste virus and threat protection into the search function next to start, hit enter..

Virus and Threat protection window should open.

In that window select Scan Options

In the new window select Windows Defender Offline Scan then Scan now from there follow the prompts...

Thanks,

Kevin..

Share this post


Link to post
Share on other sites

What is the purpose of this program, WinGuardPro. What are its functions, what does it do.. Is it possible it has DNS entries locked..?

Share this post


Link to post
Share on other sites

It password locks programs you select and kills the process if no password is entered.
The only program that I think could alter DNS entries is Tunnel Bear, but I only run that sometimes

Share this post


Link to post
Share on other sites

The problem we have is the constant return of the rogue DNS entries after removal. I cannot find any definite reason for the returns... It would seem the rogue entries are actually not in use, Google entries 8.8.8.8 8.8.4.4 are, that is not an issue per se. However, the very fact that the rogue entries return after removal still is, as we find no reason through many logs and searches. The only way to test if the problem maybe related to WinGuardPro or TunnelBear is to completely uninstall those two apps, reboot. Remove rogue DNS entries, reboot and then see if they return...

Share this post


Link to post
Share on other sites

I can uninstall winguard, do you want to post a fix or should I just run malwarebytes and then post scan results after ?

Share this post


Link to post
Share on other sites

I will attach fix to this reply. Uninstall Winguard, then reboot. Run FRST fix. Run Malwarebytes, post that log.

So as follows please;

Uninstall WinGuardPro, when complete reboot your system.

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:

    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open Malwarebytes once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Thanks,

Kevin...

 

 

fixlist.txt

Share this post


Link to post
Share on other sites

Uninstalled winguard, rebooted
malwarebytes returned a clean scan
 

Spoiler

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/25/19
Scan Time: 4:31 PM
Log File: 11ff496c-c745-11e9-9d8a-2c600ced4dad.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12177
License: Expired

-System Information-
OS: Windows 10 (Build 17134.950)
CPU: x64
File System: NTFS
User: DESKTOP-ME49L6T\vanov

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 473837
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 30 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

FRST:
 

Spoiler


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [REDRAGON M711 Gaming Mouse] => C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\hid.exe [965120 2019-02-21] () [File not signed]
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Akamai NetSession Interface] => C:\Users\vanov\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Spotify] => C:\Users\vanov\AppData\Roaming\Spotify\Spotify.exe [25828256 2019-08-03] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35915664 2019-08-22] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210528 2019-08-22] (Valve -> Valve Corporation)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\MountPoints2: {27d921d4-9382-11e6-bda2-3252cb477ee3} - "I:\setup.exe"
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-13]
ShortcutTarget: MEGAsync.lnk -> C:\Users\vanov\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1191D268-1A73-41D0-BD85-D1311491443C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1217C1E3-7A8E-4C0B-B4B5-5C28F63B1D39} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill2 => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {19A2ADE5-9202-4910-B10B-9EFFB39BE226} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447512 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A902826-C33D-4706-A2ED-F192F5993FAC} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-vanovac.zlatan@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {206FB3CE-C3A0-4A8B-BD59-F21F15AD9DEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {3051FE3C-FB51-4549-8184-7DCA7CCB515B} - System32\Tasks\Microsoft\Windows\TaskScheduler\Restart => C:\Users\vanov\Desktop\BatFiles\Restart.bat
Task: {4021E04F-2C4F-4B2A-85E7-60D62C0CE79C} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {44CEEBC6-4031-42AD-B2B1-4157F57AD5FE} - System32\Tasks\Microsoft\Windows\TaskScheduler\OperaKill => C:\Users\vanov\Desktop\BatFiles\Operakill.bat
Task: {4A3D3F1C-3B9B-40FB-BAE0-99A72BD5F7C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D713D29-1FB3-4E41-9D76-CD1B86264B83} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-13] (Adobe Inc. -> Adobe)
Task: {55545618-D77B-4D27-BAB9-FB044352CE01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6137EB70-DCD3-44CE-8665-73E27FA3E9EE} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall => C:\Users\vanov\Desktop\BatFiles\DragonForce.bat
Task: {63C7C186-F15B-448B-94BC-5F4ED0A4E638} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {711CD294-5C89-492C-89AA-8B98D35D461A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {79DFF442-7CF7-480E-934B-8FCEBEE221D7} - System32\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7C76E617-0F76-4057-9090-ED7B8009A7C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F5DE95D-C17C-4408-85D1-6F56B9FF5F5A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8FCC1103-34CD-41C4-B3BC-EEE596BE90CB} - System32\Tasks\Microsoft\Windows\TaskScheduler\WakeUpCall2 => C:\Users\vanov\Desktop\BatFiles\Disasterpiece.bat
Task: {940A0D4F-E5D1-4349-A97B-BA70D6B8789D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-13] (Adobe Inc. -> Adobe)
Task: {9892A3E0-1121-41D5-9A13-991AE56D5F95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A35FB29E-054C-45BE-9E40-C94DB7728413} - System32\Tasks\Microsoft\Windows\TaskScheduler\MusicKill => C:\Users\vanov\Desktop\BatFiles\BeeMp3TaskKill.bat
Task: {A7AE68DA-BDFD-4D7E-BCE5-A9F05820A78E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9E34D5E-D053-4247-8350-83C330CA6958} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3387545514-2906784231-2682514228-1001 => C:\Users\vanov\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-10-02] (Mega Limited -> Mega Limited)
Task: {AA6D739F-D568-4A9D-A4ED-FC3B5D432A84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {ADF227D8-BFDB-4C27-879D-AF0616A4CA2E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4DB8B39-2FEC-42F8-BA56-25C3A2F29239} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447512 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB3A72A1-B735-4F37-9B99-260BF5F05151} - System32\Tasks\Microsoft\VisualStudio\Updates\UpdateConfiguration_S-1-5-21-3387545514-2906784231-2682514228-1000 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXConfigurationUpdater.exe [33440 2019-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8FB1415-F7CF-485C-B1BF-719EBF4CFDC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF6B353B-2A6F-455F-951E-080954D28F2D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF931575-DB06-4A0A-A9DC-19D4C4269CB3} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.8.3252 => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\VSIXAutoUpdate.exe [206184 2019-08-06] (Microsoft Corporation -> )
Task: {D63EB858-D44F-42ED-AC94-00B6D4374934} - System32\Tasks\Opera scheduled Autoupdate 1476361487 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {E1176194-F6FD-4A7B-BB95-24031E7F8611} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-10-18] () [File not signed]
Task: {E161BC06-6796-4A76-8D71-21048961E8D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-13] (Adobe Inc. -> Adobe)
Task: {F95F8299-A9C1-49FC-8E40-0B0E93D73D5A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3387545514-2906784231-2682514228-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1
Tcpip\..\Interfaces\{73d6c282-ec45-4b52-991a-0efc62ba8c41}: [DhcpNameServer] 77.78.192.20 94.140.66.194

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\vanov\Downloads

FireFox:
========
FF DefaultProfile: poq2nbe3.default-1491901036943-1546437671085
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 [2019-08-18]
FF NetworkProxy: Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085 -> type", 0
FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26]
FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\firefox@betterttv.net.xpi [2019-08-03] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json]
FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\uBlock0@raymondhill.net.xpi [2019-07-26]
FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\poq2nbe3.default-1491901036943-1546437671085\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-01-02]
FF ProfilePath: C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\2onv9r1g.Default User [2019-08-25]
FF Extension: (ETP Search Volume Study) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\2onv9r1g.Default User\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-08-19]
FF Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\2onv9r1g.Default User\Extensions\firefox@betterttv.net.xpi [2019-08-22] [UpdateUrl:hxxps://nightdev.com/betterttv/firefox/updates.json]
FF Extension: (uBlock Origin) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\2onv9r1g.Default User\Extensions\uBlock0@raymondhill.net.xpi [2019-08-18]
FF Extension: (Unseen) - C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Profiles\2onv9r1g.Default User\Extensions\{230ed5ec-936c-4ad1-b3d4-e2bb251bd1c3}.xpi [2019-08-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-13] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Opera:
=======
OPR Extension: (BetterTTV) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-11-15]
OPR Extension: (Tampermonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-06-02]
OPR Extension: (book_helper) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmmkobpokkidkpaidggnebnhiipdkhkl [2019-08-02]
OPR Extension: (ScriptMonkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\lblbnlfhhblmfconjalikamamlgoobbe [2018-06-02]
OPR Extension: (Violent monkey) - C:\Users\vanov\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-05-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-05-27] (BattlEye Innovations e.K. -> )
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-08-08] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-09-13] (Intel Corporation -> Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21256 2018-04-20] (Microsoft Corporation -> Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2332464 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3206448 2019-08-03] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-11-22] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074128 2019-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [113024 2018-02-12] (TunnelBear, Inc. -> )
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-08-07] (Microsoft Windows -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 51D2828C; C:\WINDOWS\system32\drivers\51D2828C.sys [255928 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-13] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-06-23] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-10-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-10] (Martin Malik - REALiX -> REALiX(tm))
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2019-01-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-25] (Malwarebytes Corporation -> Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-24] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S4 RsFx0500; C:\WINDOWS\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-19] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-10-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-12-18] (Oracle Corporation -> Oracle Corporation)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2018-11-07] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-25 17:04 - 2019-08-25 17:07 - 000029894 _____ C:\Users\vanov\Downloads\FRST.txt
2019-08-25 16:31 - 2019-08-25 16:31 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-25 16:27 - 2019-08-25 16:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-25 16:25 - 2019-08-25 16:25 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-25 16:17 - 2019-08-25 16:17 - 001612800 _____ (Farbar) C:\Users\vanov\Downloads\FRST64.exe
2019-08-25 11:39 - 2019-08-25 11:39 - 000000000 ____D C:\Users\vanov\Downloads\Sid.Meiers.Civilization.VI.Gathering.Storm.Update.v1.0.0.328
2019-08-25 11:38 - 2019-08-25 11:39 - 104371996 _____ C:\Users\vanov\Downloads\Sid.Meiers.Civilization.VI.Gathering.Storm.Update.v1.0.0.328.rar
2019-08-25 11:37 - 2019-08-25 11:37 - 000000000 ____D C:\Users\vanov\AppData\Roaming\FiraxisLive
2019-08-25 10:28 - 2019-08-25 10:36 - 000000000 ____D C:\Users\vanov\Documents\codex-sid.meiers.civilization.vi.gathering.storm
2019-08-24 13:27 - 2019-08-24 13:27 - 000000215 _____ C:\Users\vanov\Desktop\Sid Meier's Civilization V (DirectX 9).url
2019-08-22 20:28 - 2019-08-22 20:28 - 000001359 _____ C:\Users\Public\Desktop\Sid Meier's Civilization V - Complete Edition.lnk
2019-08-22 20:11 - 2019-08-22 20:11 - 000000000 ____D C:\Program Files (x86)\2K Games
2019-08-22 10:47 - 2019-08-22 10:47 - 001502943 _____ C:\WINDOWS\unins001.exe
2019-08-22 10:47 - 2019-08-22 10:47 - 000043794 _____ C:\WINDOWS\unins001.dat
2019-08-22 10:47 - 2019-08-22 10:47 - 000001205 _____ C:\Users\vanov\Desktop\REDRAGON M711.lnk
2019-08-22 10:47 - 2019-08-22 10:47 - 000000000 ____D C:\Users\vanov\Documents\M711 Gaming Mouse
2019-08-22 10:47 - 2019-08-22 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REDRAGON M711
2019-08-22 10:47 - 2019-08-22 10:47 - 000000000 ____D C:\Program Files (x86)\REDRAGON M711 Gaming Mouse
2019-08-20 13:44 - 2019-08-20 13:44 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\SUPERHOT_Team
2019-08-20 13:44 - 2019-08-20 13:44 - 000000000 ____D C:\Users\vanov\AppData\Local\SUPERHOT_Sp_z_o.o
2019-08-20 13:37 - 2019-08-20 13:37 - 000000000 ____D C:\Program Files (x86)\SUPERHOT Team
2019-08-20 07:44 - 2019-08-25 16:24 - 176160768 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-08-19 14:33 - 2019-08-24 18:03 - 000000000 ____D C:\Users\vanov\AppData\Local\CrashDumps
2019-08-18 13:36 - 2019-08-18 13:42 - 000094498 _____ C:\Users\vanov\Downloads\Addition10.txt
2019-08-18 13:30 - 2019-08-25 17:04 - 000004076 _____ C:\Users\vanov\Downloads\FRST10.txt
2019-08-18 13:19 - 2019-08-25 16:22 - 000001838 _____ C:\Users\vanov\Downloads\Fixlog.txt
2019-08-18 03:30 - 2019-08-18 03:30 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-18 03:30 - 2019-08-18 03:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-08-15 00:09 - 2019-08-15 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-08-14 18:48 - 2019-08-14 18:53 - 000093494 _____ C:\Users\vanov\Downloads\Addition9.txt
2019-08-14 18:43 - 2019-08-14 18:53 - 000090467 _____ C:\Users\vanov\Downloads\FRST9.txt
2019-08-14 11:56 - 2019-08-14 11:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 11:52 - 2019-08-07 15:03 - 015202816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2019-08-14 11:52 - 2019-08-07 14:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 11:52 - 2019-08-07 14:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-14 11:52 - 2019-08-07 14:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 11:52 - 2019-08-07 14:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 11:52 - 2019-08-07 14:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 11:52 - 2019-08-07 10:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 11:52 - 2019-08-07 10:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 11:52 - 2019-08-07 10:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 11:52 - 2019-08-07 10:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 11:52 - 2019-08-07 09:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 11:52 - 2019-08-07 09:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 11:52 - 2019-08-07 09:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 11:52 - 2019-08-07 09:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 11:52 - 2019-08-07 09:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 11:52 - 2019-07-09 10:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 11:52 - 2019-07-09 09:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 11:52 - 2019-07-09 09:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-14 11:52 - 2019-07-09 09:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-14 11:52 - 2019-07-09 08:59 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2019-08-14 11:52 - 2019-07-09 08:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-14 11:52 - 2019-07-09 05:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-14 11:52 - 2019-07-09 05:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 11:52 - 2019-07-09 05:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 11:52 - 2019-07-09 04:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 11:52 - 2019-07-09 04:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-14 11:52 - 2019-07-09 04:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 11:52 - 2019-07-09 04:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 11:52 - 2019-07-09 04:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 11:52 - 2019-07-09 04:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 11:52 - 2019-07-09 04:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 11:51 - 2019-08-07 15:18 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 11:51 - 2019-08-07 15:18 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-14 11:51 - 2019-08-07 15:14 - 000303928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 11:51 - 2019-08-07 15:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 11:51 - 2019-08-07 15:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-14 11:51 - 2019-08-07 14:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 11:51 - 2019-08-07 14:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 11:51 - 2019-08-07 14:55 - 004594688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2019-08-14 11:51 - 2019-08-07 14:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 11:51 - 2019-08-07 14:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 11:51 - 2019-08-07 14:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 11:51 - 2019-08-07 14:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 11:51 - 2019-08-07 14:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 11:51 - 2019-08-07 14:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 11:51 - 2019-08-07 14:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 11:51 - 2019-08-07 14:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 11:51 - 2019-08-07 14:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 11:51 - 2019-08-07 11:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 11:51 - 2019-08-07 10:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 11:51 - 2019-08-07 10:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 11:51 - 2019-08-07 10:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 11:51 - 2019-08-07 10:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 11:51 - 2019-08-07 10:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-14 11:51 - 2019-08-07 10:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 11:51 - 2019-08-07 10:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 11:51 - 2019-08-07 10:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 11:51 - 2019-08-07 10:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 11:51 - 2019-08-07 10:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 000343712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll
2019-08-14 11:51 - 2019-08-07 10:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 11:51 - 2019-08-07 09:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 11:51 - 2019-08-07 09:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 11:51 - 2019-08-07 09:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 11:51 - 2019-08-07 09:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 11:51 - 2019-08-07 09:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 11:51 - 2019-08-07 09:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 11:51 - 2019-08-07 09:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 11:51 - 2019-08-07 09:39 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2019-08-14 11:51 - 2019-08-07 09:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 11:51 - 2019-08-07 09:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 11:51 - 2019-08-07 09:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-08-14 11:51 - 2019-08-07 09:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 11:51 - 2019-08-07 09:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 11:51 - 2019-08-07 09:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 11:51 - 2019-08-07 09:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 11:51 - 2019-08-07 09:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 11:51 - 2019-08-07 09:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 11:51 - 2019-08-07 09:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 11:51 - 2019-08-07 09:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-14 11:51 - 2019-08-07 09:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 001777152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2019-08-14 11:51 - 2019-08-07 09:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 11:51 - 2019-08-07 09:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 11:51 - 2019-08-07 09:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 11:51 - 2019-07-11 08:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 11:51 - 2019-07-11 03:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 001627664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000827920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 11:51 - 2019-07-09 10:07 - 000825360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-14 11:51 - 2019-07-09 10:07 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 11:51 - 2019-07-09 10:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 11:51 - 2019-07-09 10:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 11:51 - 2019-07-09 10:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 11:51 - 2019-07-09 09:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 11:51 - 2019-07-09 09:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 11:51 - 2019-07-09 09:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-14 11:51 - 2019-07-09 09:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 11:51 - 2019-07-09 09:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-14 11:51 - 2019-07-09 09:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-14 11:51 - 2019-07-09 09:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 11:51 - 2019-07-09 08:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 11:51 - 2019-07-09 05:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-14 11:51 - 2019-07-09 05:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 11:51 - 2019-07-09 05:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-14 11:51 - 2019-07-09 05:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 11:51 - 2019-07-09 05:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 11:51 - 2019-07-09 05:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 11:51 - 2019-07-09 05:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 11:51 - 2019-07-09 05:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-14 11:51 - 2019-07-09 05:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-14 11:51 - 2019-07-09 05:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 11:51 - 2019-07-09 05:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-14 11:51 - 2019-07-09 04:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 11:51 - 2019-07-09 04:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-14 11:51 - 2019-07-09 04:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 11:51 - 2019-07-09 04:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 11:51 - 2019-07-09 04:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 11:51 - 2019-07-09 04:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-14 11:51 - 2019-07-09 04:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-14 11:51 - 2019-07-09 04:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-14 11:51 - 2019-07-09 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 11:51 - 2019-07-09 04:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 11:51 - 2019-07-09 04:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 11:51 - 2019-07-09 04:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-14 11:51 - 2019-07-09 04:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-14 11:51 - 2019-07-09 04:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-14 11:51 - 2019-07-09 04:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 11:51 - 2019-07-09 04:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 11:51 - 2019-07-09 04:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 11:51 - 2019-07-09 04:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 11:51 - 2019-07-09 04:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 11:51 - 2019-06-20 04:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-14 11:50 - 2019-08-07 14:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 11:50 - 2019-08-07 14:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 11:50 - 2019-08-07 14:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 11:50 - 2019-08-07 14:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 11:50 - 2019-08-07 14:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 11:50 - 2019-08-07 14:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 11:50 - 2019-08-07 14:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 11:50 - 2019-08-07 14:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 11:50 - 2019-08-07 09:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-14 11:50 - 2019-08-07 09:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 11:50 - 2019-08-07 09:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 11:50 - 2019-08-07 09:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 11:50 - 2019-08-07 09:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 11:50 - 2019-08-07 09:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 11:50 - 2019-08-07 09:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 11:50 - 2019-08-07 08:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-14 11:50 - 2019-07-09 09:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-14 11:50 - 2019-07-09 09:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-14 11:50 - 2019-07-09 09:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-14 11:50 - 2019-07-09 09:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 11:50 - 2019-07-09 09:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 11:50 - 2019-07-09 08:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 11:50 - 2019-07-09 05:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-14 11:50 - 2019-07-09 05:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 11:50 - 2019-07-09 05:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-14 11:50 - 2019-07-09 05:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-14 11:50 - 2019-07-09 05:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-14 11:50 - 2019-07-09 04:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 11:50 - 2019-07-09 04:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 11:50 - 2019-07-09 04:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 11:50 - 2019-07-09 04:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-14 11:50 - 2019-07-09 04:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 11:50 - 2019-07-09 04:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 11:50 - 2019-07-09 04:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-14 11:50 - 2019-07-09 04:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-13 18:39 - 2019-08-13 18:39 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uplay
2019-08-13 13:49 - 2019-08-13 13:49 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-08-13 13:49 - 2019-08-13 13:49 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-08-13 13:49 - 2019-08-13 13:49 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-08-13 13:49 - 2019-08-13 13:49 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-08-13 12:00 - 2019-08-13 12:00 - 000000000 ____D C:\Users\vanov\Doctor Web
2019-08-13 12:00 - 2019-08-13 12:00 - 000000000 ____D C:\ProgramData\Doctor Web
2019-08-13 11:58 - 2019-08-13 11:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-08-13 11:33 - 2019-08-13 12:00 - 000404342 _____ C:\WINDOWS\ntbtlog.txt
2019-08-13 11:28 - 2019-08-13 11:30 - 196887472 _____ C:\Users\vanov\Downloads\yxf1x11g.exe
2019-08-12 21:12 - 2019-08-12 21:13 - 000000000 ____D C:\Users\vanov\Downloads\FRST LOGS
2019-08-12 17:52 - 2019-08-12 17:52 - 012462959 _____ C:\Users\vanov\Downloads\09D9615A-9E3B-46E3-9FC6-18923B3671F2.pdf
2019-08-11 20:57 - 2019-08-11 21:28 - 000002706 _____ C:\Users\vanov\Downloads\RKClean.txt
2019-08-11 20:37 - 2019-08-11 20:37 - 000006410 _____ C:\Users\vanov\Downloads\RKReport.txt
2019-08-11 19:44 - 2019-08-11 20:57 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-11 19:43 - 2019-08-11 19:44 - 034922040 _____ C:\Users\vanov\Downloads\RogueKiller_portable64.exe
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ C:\Users\vanov\AppData\Local\WMI.rar
2019-08-11 11:31 - 2019-08-25 16:17 - 000000000 ____D C:\Users\vanov\Downloads\FRST-OlderVersion
2019-08-10 23:41 - 2019-08-10 23:41 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\LionsShade
2019-08-10 20:49 - 2019-08-10 20:49 - 000000448 _____ C:\Users\vanov\Documents\bsod.rar
2019-08-10 20:42 - 2019-08-10 20:42 - 000001232 _____ C:\Users\vanov\Documents\bsod.xml
2019-08-10 20:24 - 2019-08-11 04:27 - 000000000 ____D C:\WINDOWS\Minidump
2019-08-10 19:41 - 2019-08-10 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\51D2828C.sys
2019-08-10 02:02 - 2019-08-10 02:02 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3387545514-2906784231-2682514228-1001
2019-08-10 02:02 - 2019-08-10 02:02 - 000002412 _____ C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-09 18:01 - 2019-08-09 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1238763A.sys
2019-08-09 18:00 - 2019-08-10 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-08-09 17:58 - 2019-08-09 17:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\vanov\Desktop\mbar-1.10.3.1001.exe
2019-08-09 17:32 - 2019-08-09 17:32 - 000000000 ____D C:\Users\vanov\AppData\Local\RSG
2019-08-09 17:28 - 2019-08-09 17:28 - 009440768 _____ C:\Users\vanov\Desktop\PowerTool64.exe
2019-08-09 16:31 - 2019-08-09 16:40 - 001038716 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.31.54_log.txt
2019-08-09 16:27 - 2019-08-09 16:28 - 000006126 _____ C:\TDSSKiller.3.1.0.28_09.08.2019_16.27.31_log.txt
2019-08-09 10:31 - 2019-08-09 10:31 - 000000000 ____D C:\Users\vanov\Downloads\DnsJumper
2019-08-09 10:29 - 2019-08-09 10:29 - 000706233 _____ C:\Users\vanov\Downloads\DnsJumper.zip
2019-08-08 15:01 - 2019-08-08 15:01 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476361487
2019-08-08 15:01 - 2019-08-08 15:01 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-08-06 22:30 - 2019-08-06 22:30 - 000050652 _____ C:\Users\vanov\Documents\filename.gwc
2019-08-06 18:47 - 2019-08-06 18:47 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealHeaderTool
2019-08-06 17:42 - 2019-08-25 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-06 16:33 - 2019-08-06 16:33 - 047210760 _____ (Microsoft Corporation) C:\Users\vanov\Documents\Windows-KB890830-x64-V5.74.exe
2019-08-06 15:15 - 2019-08-06 15:16 - 000301326 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH8.pdf
2019-08-06 13:47 - 2019-08-06 14:05 - 000000000 ____D C:\Users\vanov\Documents\[FreeCourseSite.com] Udemy - Unreal Engine C++ Developer Learn C++ and Make Video Games
2019-08-06 13:42 - 2019-08-06 19:23 - 000000000 ____D C:\Users\vanov\Documents\Unreal Projects
2019-08-06 13:41 - 2019-08-06 13:41 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Unreal Engine
2019-08-06 00:21 - 2019-08-06 00:21 - 000002467 _____ C:\Users\vanov\Desktop\Unreal Engine.lnk
2019-08-05 11:08 - 2019-08-25 17:04 - 000000000 ____D C:\FRST
2019-08-04 18:12 - 2019-08-04 18:12 - 000000222 _____ C:\Users\vanov\Desktop\SMITE.url
2019-08-04 11:34 - 2019-08-04 11:34 - 000001048 _____ C:\Users\vanov\Desktop\Technic.exe - Shortcut.lnk
2019-08-03 13:53 - 2019-08-03 13:53 - 004478926 _____ () C:\Users\vanov\Downloads\Technic.exe
2019-08-03 13:42 - 2019-08-03 13:42 - 000001391 _____ C:\Users\Public\Desktop\Skype.lnk
2019-08-03 13:41 - 2019-08-03 13:41 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-08-03 13:40 - 2019-08-03 13:36 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-08-03 13:37 - 2019-08-03 13:37 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-08-03 13:37 - 2019-08-03 13:37 - 000001108 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-08-03 13:35 - 2019-08-03 13:35 - 001211216 _____ (Oracle Corporation) C:\Users\vanov\Downloads\JavaUninstallTool.exe
2019-08-03 13:35 - 2019-08-03 13:35 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-08-03 13:34 - 2019-08-03 13:34 - 002065880 _____ (Oracle Corporation) C:\Users\vanov\Downloads\jre-8u221-windows-i586-iftw.exe
2019-08-03 12:59 - 2019-08-03 13:22 - 000081880 _____ C:\WINDOWS\ZAM.krnl.trace
2019-08-03 12:56 - 2019-08-03 12:56 - 001359866 _____ C:\Users\vanov\Documents\cc_20190803_125640.reg
2019-08-03 12:50 - 2019-08-03 12:50 - 020888528 _____ (Piriform Software Ltd) C:\Users\vanov\Downloads\cctrialsetup.exe
2019-08-03 12:50 - 2019-08-03 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-03 12:50 - 2019-08-03 12:50 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-03 12:50 - 2019-08-03 12:50 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-03 12:50 - 2019-08-03 12:50 - 000000000 ____D C:\Program Files\CCleaner
2019-08-03 12:38 - 2019-08-03 12:40 - 000316126 _____ C:\TDSSKiller.3.1.0.28_03.08.2019_12.38.43_log.txt
2019-08-03 12:38 - 2019-08-03 12:38 - 005054744 _____ (AO Kaspersky Lab) C:\Users\vanov\Downloads\tdsskiller.exe
2019-08-03 12:32 - 2019-08-03 13:22 - 000000000 ____D C:\Users\vanov\AppData\Local\AMSDK
2019-08-03 12:32 - 2019-08-03 12:32 - 000000000 ____D C:\Users\vanov\AppData\Local\Zemana
2019-08-03 12:31 - 2019-08-03 12:31 - 012664512 _____ (Zemana Ltd. ) C:\Users\vanov\Downloads\AntiMalware_Setup.exe
2019-08-03 12:24 - 2019-08-03 12:24 - 000841241 _____ C:\Users\vanov\Downloads\rkill.zip
2019-08-03 12:24 - 2017-07-25 22:56 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vanov\Downloads\rkill.exe
2019-08-03 11:33 - 2019-08-03 11:33 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-08-03 10:54 - 2019-08-03 10:54 - 000000000 ____D C:\Users\vanov\AppData\Local\mbamtray
2019-08-03 10:53 - 2019-08-03 10:53 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-03 10:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-03 10:52 - 2019-08-03 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-03 10:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-03 10:51 - 2019-08-09 18:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-03 10:41 - 2019-08-03 10:42 - 006705178 _____ C:\Users\vanov\Downloads\mbam-chameleon-3.1.33.0.zip
2019-08-02 21:36 - 2019-08-02 21:36 - 000000000 ____D C:\KRD2018_Data
2019-08-02 21:03 - 2019-08-02 21:03 - 000000000 ___HD C:\$SysReset
2019-08-02 19:22 - 2019-08-02 19:01 - 597336064 _____ C:\Users\vanov\Documents\krd.iso
2019-08-02 19:08 - 2019-08-02 19:08 - 000000000 ____D C:\WINDOWS\Panther
2019-08-02 19:00 - 2019-08-09 18:38 - 000000000 ____D C:\ProgramData\TmpLoog
2019-08-02 18:59 - 2019-08-02 18:59 - 007623880 _____ (Malwarebytes) C:\Users\vanov\Downloads\adwcleaner_7.4.exe
2019-08-02 18:39 - 2019-08-03 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
2019-08-02 17:56 - 2019-08-02 17:56 - 005829844 _____ (UserBenchmark.com) C:\Users\vanov\Downloads\UserBenchMark.exe
2019-08-02 14:53 - 2019-08-02 14:53 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Big Fat Simulations Inc_
2019-07-31 22:52 - 2019-07-31 22:57 - 000000000 ____D C:\Users\vanov\AppData\Local\Arma 3
2019-07-31 22:52 - 2019-07-31 22:52 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2019-07-31 19:59 - 2019-07-31 19:59 - 000189726 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.1.pdf
2019-07-31 17:57 - 2019-07-31 17:57 - 005193376 _____ (Husdawg, LLC) C:\Users\vanov\Downloads\Detection.exe
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Craneballs
2019-07-29 22:29 - 2019-07-29 22:29 - 000000000 ____D C:\Users\vanov\AppData\Local\GOG.com
2019-07-29 21:47 - 2019-07-29 21:47 - 000000000 ___HD C:\temp
2019-07-29 21:06 - 2019-07-29 21:06 - 000178988 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH4.pdf
2019-07-29 10:58 - 2019-07-29 10:58 - 006732741 _____ C:\Users\vanov\Downloads\SQL-Injection-Attacks-and-Defense.pdf
2019-07-27 17:18 - 2019-07-27 17:18 - 000232401 _____ C:\Users\vanov\Desktop\zaZlaaaaajuCH3.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-25 17:03 - 2017-02-12 20:49 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Mozilla
2019-08-25 17:00 - 2018-05-23 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-25 16:27 - 2016-10-13 13:59 - 000000000 __SHD C:\Users\vanov\IntelGraphicsProfiles
2019-08-25 16:26 - 2018-08-04 16:06 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-25 16:25 - 2018-01-12 21:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-08-25 16:24 - 2018-05-23 16:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-25 16:24 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-25 16:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-25 16:11 - 2016-11-05 13:12 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-08-25 16:11 - 2016-11-05 13:12 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-08-25 15:15 - 2018-05-23 16:38 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{466D4F44-74C1-4B3A-8596-CADF3DE82031}
2019-08-25 11:38 - 2019-01-18 23:34 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-25 11:37 - 2017-06-30 15:43 - 000000000 ____D C:\Users\vanov\Documents\My Games
2019-08-25 11:14 - 2016-10-13 14:32 - 000000000 ____D C:\Users\vanov\AppData\Roaming\uTorrent
2019-08-25 11:13 - 2019-05-03 14:31 - 000000000 ____D C:\Users\vanov\AppData\Local\BitTorrentHelper
2019-08-22 20:27 - 2017-02-27 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2019-08-22 18:48 - 2018-12-16 22:22 - 000000000 ____D C:\Program Files\Epic Games
2019-08-22 07:29 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-21 19:59 - 2018-05-23 16:38 - 000003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-08-21 19:59 - 2018-05-23 16:38 - 000003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-08-20 07:44 - 2018-07-24 08:53 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2019-08-19 21:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-18 13:32 - 2018-05-23 16:29 - 000998212 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-18 13:32 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-18 13:24 - 2017-11-22 16:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-18 13:19 - 2018-08-30 14:28 - 000000000 ____D C:\Users\MSSQLSERVER
2019-08-18 03:28 - 2016-10-13 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-17 13:57 - 2019-07-18 18:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-17 13:57 - 2017-11-22 16:01 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-15 00:09 - 2016-11-05 13:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-08-14 17:52 - 2017-12-04 17:14 - 000000000 ___RD C:\Users\vanov\3D Objects
2019-08-14 17:52 - 2016-10-13 13:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-14 17:49 - 2018-05-23 16:09 - 005111760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 17:45 - 2018-08-04 16:01 - 000000000 ____D C:\Program Files\Hyper-V
2019-08-14 17:45 - 2018-04-12 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-14 17:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 17:43 - 2018-05-23 16:14 - 000000000 ____D C:\Users\vanov
2019-08-14 11:59 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-14 11:50 - 2016-10-13 16:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 11:45 - 2016-10-13 16:35 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-13 20:52 - 2018-05-23 16:38 - 000004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-13 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-13 20:52 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-13 20:06 - 2016-10-13 14:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-13 19:59 - 2019-02-06 01:16 - 000000000 ____D C:\ProgramData\Orbit
2019-08-13 19:52 - 2018-05-23 16:38 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-13 19:40 - 2017-06-05 00:36 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2019-08-13 12:27 - 2018-03-16 20:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2019-08-13 01:25 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Local\Spotify
2019-08-12 23:02 - 2018-03-16 21:00 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Spotify
2019-08-12 21:24 - 2018-09-28 09:53 - 000000000 ____D C:\Users\vanov\AppData\Local\ElevatedDiagnostics
2019-08-10 02:02 - 2016-10-13 13:53 - 000000000 ___RD C:\Users\vanov\OneDrive
2019-08-09 16:25 - 2016-10-13 14:35 - 000000000 ____D C:\Users\vanov\AppData\Roaming\DAEMON Tools Lite
2019-08-09 15:07 - 2016-12-24 13:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\vlc
2019-08-08 21:05 - 2018-01-12 21:04 - 000000000 ____D C:\Users\vanov\AppData\Roaming\TeamViewer
2019-08-08 15:01 - 2016-10-13 14:24 - 000000000 ____D C:\Program Files (x86)\Opera
2019-08-06 18:33 - 2018-08-27 10:54 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Visual Studio Setup
2019-08-06 18:06 - 2018-08-04 12:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-08-06 18:02 - 2018-08-04 12:59 - 000000000 ____D C:\Users\vanov\.dotnet
2019-08-06 17:56 - 2018-08-04 12:45 - 000000000 ____D C:\Program Files\dotnet
2019-08-06 17:56 - 2016-10-13 20:00 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-06 17:54 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-06 17:39 - 2018-08-04 12:05 - 000001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-08-06 17:38 - 2018-08-04 12:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-08-06 15:32 - 2016-10-19 15:42 - 000000000 ____D C:\Users\vanov\AppData\LocalLow\Temp
2019-08-06 14:04 - 2017-03-11 02:29 - 000000000 ____D C:\Users\vanov\AppData\Roaming\discord
2019-08-06 13:41 - 2017-01-27 21:28 - 000000000 ____D C:\Users\vanov\AppData\Local\UnrealEngine
2019-08-05 01:15 - 2016-10-13 14:55 - 000000000 ____D C:\Program Files\WinRAR
2019-08-04 14:21 - 2018-11-16 00:20 - 000000000 ____D C:\Program Files\rempl
2019-08-03 18:07 - 2017-06-05 00:36 - 000000000 ____D C:\Users\vanov\AppData\Local\Ubisoft Game Launcher
2019-08-03 13:50 - 2018-07-31 21:58 - 000000000 ____D C:\Users\vanov\AppData\Roaming\.technic
2019-08-03 13:43 - 2016-10-13 14:33 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Skype
2019-08-03 13:42 - 2018-09-08 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-03 13:40 - 2018-08-04 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-08-03 13:40 - 2018-08-01 00:12 - 000000000 ____D C:\Program Files\Java
2019-08-03 13:40 - 2017-03-19 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-03 13:40 - 2017-03-19 21:30 - 000000000 ____D C:\Program Files (x86)\Java
2019-08-03 13:35 - 2017-11-22 14:26 - 000000000 ____D C:\ProgramData\Origin
2019-08-03 13:35 - 2017-03-06 17:41 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-08-03 13:34 - 2017-11-22 14:28 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk
2019-08-03 13:34 - 2017-11-22 14:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Origin
2019-08-03 13:34 - 2017-11-22 14:27 - 000000000 ____D C:\Program Files (x86)\Origin
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:33 - 2016-10-13 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-08-03 13:32 - 2018-09-17 23:28 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Users\vanov\AppData\Roaming\Notepad++
2019-08-03 13:32 - 2018-09-17 23:28 - 000000000 ____D C:\Program Files\Notepad++
2019-08-03 13:23 - 2017-06-12 12:27 - 000000000 ____D C:\Users\vanov\Desktop\Folders
2019-08-03 12:53 - 2018-01-14 01:55 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MPC-HC
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Users\vanov\AppData\Local\Google
2019-08-03 12:49 - 2016-11-21 23:47 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-03 10:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-02 19:03 - 2017-10-10 23:31 - 000000000 ____D C:\Users\vanov\AppData\Roaming\IObit
2019-08-02 18:40 - 2018-11-25 19:39 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2019-08-02 14:53 - 2016-12-29 19:12 - 000000000 ____D C:\Users\vanov\AppData\Roaming\SmartSteamEmu
2019-07-31 14:23 - 2018-04-29 20:51 - 000000000 ____D C:\Users\vanov\AppData\Local\GameAnalytics
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files\Rockstar Games
2019-07-31 14:06 - 2016-10-18 21:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2019-07-31 14:05 - 2018-03-23 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2019-07-31 14:03 - 2016-10-18 22:24 - 000000000 ____D C:\Users\vanov\AppData\Local\Rockstar Games
2019-07-30 00:33 - 2018-08-06 23:20 - 000000000 ____D C:\GOG Games
2019-07-29 21:46 - 2017-12-04 16:09 - 000000000 ____D C:\Users\vanov\AppData\Local\Packages
2019-07-29 21:46 - 2017-06-20 20:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-07-26 14:29 - 2016-10-15 15:03 - 000000000 ____D C:\Users\vanov\AppData\Roaming\MusicBee
2019-07-26 12:21 - 2018-02-26 17:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories ================

2018-10-28 19:32 - 2018-10-28 19:32 - 000000033 _____ () C:\Users\vanov\AppData\Roaming\AdobeWLCMCache.dat
2017-03-05 19:32 - 2018-02-22 21:46 - 000000000 _____ () C:\Users\vanov\AppData\Roaming\avoriontestfile
2018-09-16 22:49 - 2018-09-16 22:49 - 000023303 _____ () C:\Users\vanov\AppData\Local\debuggee.mdmp
2019-06-18 14:44 - 2019-06-18 14:44 - 000001536 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.cfg
2019-06-18 14:44 - 2019-06-18 14:44 - 000210944 _____ () C:\Users\vanov\AppData\Local\GfxMetrics.dat
2018-07-09 16:15 - 2018-07-23 19:53 - 000000002 _____ () C:\Users\vanov\AppData\Local\imw.ini
2018-09-29 08:00 - 2018-09-29 08:00 - 000000000 _____ () C:\Users\vanov\AppData\Local\oobelibMkey.log
2019-02-10 17:37 - 2019-02-10 17:37 - 000003283 _____ () C:\Users\vanov\AppData\Local\recently-used.xbel
2016-10-22 23:54 - 2019-07-19 12:18 - 000007633 _____ () C:\Users\vanov\AppData\Local\Resmon.ResmonCfg
2017-06-10 01:37 - 2017-07-05 16:05 - 000000000 _____ () C:\Users\vanov\AppData\Local\Temptable.xml
2016-10-13 14:55 - 2016-10-13 14:55 - 000000003 _____ () C:\Users\vanov\AppData\Local\updater.log
2016-10-13 14:55 - 2017-05-07 02:59 - 000000425 _____ () C:\Users\vanov\AppData\Local\UserProducts.xml
2018-06-02 21:35 - 2018-06-02 21:35 - 000000002 _____ () C:\Users\vanov\AppData\Local\WMI.ini
2019-08-11 19:26 - 2019-08-11 19:26 - 000000073 _____ () C:\Users\vanov\AppData\Local\WMI.rar

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2019
Ran by vanov (25-08-2019 17:08:03)
Running from C:\Users\vanov\Downloads
Windows 10 Pro Version 1803 17134.950 (X64) (2018-05-23 14:41:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3387545514-2906784231-2682514228-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3387545514-2906784231-2682514228-1006 - Limited - Enabled)
DefaultAccount (S-1-5-21-3387545514-2906784231-2682514228-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3387545514-2906784231-2682514228-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3387545514-2906784231-2682514228-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3387545514-2906784231-2682514228-1003 - Limited - Enabled)
vanov (S-1-5-21-3387545514-2906784231-2682514228-1001 - Administrator - Enabled) => C:\Users\vanov
WDAGUtilityAccount (S-1-5-21-3387545514-2906784231-2682514228-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.1.10 (x64) (HKLM\...\{EA922431-C5D8-4CAE-9A6D-6817195F7856}) (Version: 4.18.38047 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.10 (x64) (HKLM-x32\...\{81e87b8c-a24e-49e4-9a91-47b6d7aa52ff}) (Version: 1.1.10 - Microsoft Corporation)
µTorrent (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{5BA25292-92E0-4223-A14B-50DC60B2A6F9}) (Version: 4.2.6.1 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.48.1 - Bethesda Softworks)
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
ClipGrab 3.7.0 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CodeBlocks (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 79.4.143 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firefox Developer Edition 65.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
K-Lite Mega Codec Pack 13.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
LOOT version 0.13.6 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.6 - LOOT Team)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.400 (x64) (HKLM-x32\...\{341254ab-6143-402e-9b7e-944f8b63e97d}) (Version: 2.1.400 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.402 (x64) (HKLM-x32\...\{b415bfcd-0c1a-424c-93f3-03fd83fcc44e}) (Version: 2.1.402 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.403 (x64) (HKLM-x32\...\{2eabe091-c571-4b9d-bdaa-5df5d11c84d4}) (Version: 2.1.403 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.504 (x64) (HKLM-x32\...\{109e08a7-f849-4580-a683-c07ee8850a15}) (Version: 2.1.504 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.505 (x64) (HKLM-x32\...\{8a2d6b13-cb92-4cfe-a3e0-468e6cdd1e2e}) (Version: 2.1.505 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.508 (x64) (HKLM-x32\...\{0298bf05-e67a-4973-8ccc-7b13528189cb}) (Version: 2.1.508 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}) (Version: 4.7.03081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11901.20218 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{405252DC-ADF7-4BC8-95F5-F89DE513DD62}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{05FF71A6-FF76-4DB9-8A33-F23A2B0222BF}) (Version: 14.0.4079.2 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1104.625 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.43.28287 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION
Python 3.6.6 (64-bit) (HKU\.DEFAULT\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation)
Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
REDRAGON M711 (HKLM-x32\...\{308D16D5-04D3-4581-A245-3B53AEF0AF36}}_is1) (Version:  - )
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version:  - )
Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.4.2669 - TeamViewer)
TunnelBear (HKLM-x32\...\{5dbd322e-98b2-41c8-a2d9-d9f21423afa9}) (Version: 3.2.0.6 - TunnelBear)
TunnelBear (HKLM-x32\...\{EAF52E02-CC78-47F4-A304-F91FDB6A55D1}) (Version: 3.2.0.6 - TunnelBear) Hidden
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
Twitch (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{A3055644-FB53-420D-8724-EBEAB330D64F}) (Version: 3.0.3.0 - Microsoft Corporation) Hidden
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 2018.3.3f1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Enterprise 2017 (HKLM-x32\...\7dcb8def) (Version: 15.9.28307.770 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Profiler (HKLM-x32\...\{392FF347-E40D-4598-B31E-5332F6F761E2}) (Version: 1.6.4.31 - Xamarin, Inc.) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-11] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad]
Microsoft Wireless Display Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_3.4.137.1000_x64__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Mixplay for Mixer -> C:\Program Files\WindowsApps\39170Flydream.Mixer_2.1.4.0_x64__weq318ptssvpt [2019-01-11] (Flydream)
MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.6.0_x64__6bhtb546zcxnj [2019-08-01] (TuneIn) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Viber -> C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.1000_x86__p61zvh252yqyr [2018-07-09] (VIBER MEDIA S.à r.l.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{CE527B6C-CFD2-4CFC-AEC0-261FC6871E3D} -> [MEGAsync] => C:\Users\vanov\Documents\MEGAsync [2016-10-13 15:02]
CustomCLSID: HKU\S-1-5-21-3387545514-2906784231-2682514228-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vanov\Dropbox [2016-11-05 13:16]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll [2018-10-02] () [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-09-24] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\vanov\Desktop\GTASA.lnk -> C:\Program Files (x86)\Rockstar Games\GTA San Andreas\startup_SP.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) ==============

2019-08-22 10:47 - 2017-06-16 21:36 - 000062464 _____ () [File not signed] C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\HidDevice.dll
2018-10-02 19:10 - 2018-10-02 19:10 - 000598528 _____ () [File not signed] C:\Users\vanov\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-24 08:53 - 2016-09-24 08:53 - 000410112 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2019-08-22 10:47 - 2017-06-16 21:36 - 000143360 _____ (Holtek ) [File not signed] C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\HIDApi.dll
2018-01-11 18:39 - 2008-05-23 00:25 - 000043520 ____N (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll
2018-04-19 22:31 - 2018-04-19 22:31 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73235831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-25 16:19 - 2019-08-25 16:19 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2018-08-04 16:06 - 2019-08-25 16:26 - 000000502 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.29.72.49 DESKTOP-ME49L6T.mshome.net # 2024 8 5 23 14 26 16 843
37.0.186 Vlah.mshome.net # 2019 7 5 12 12 16 54 932

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft MPI\Bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Users\vanov\Anaconda3;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files\Git\cmd
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanov\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SOLIDWORKS 2016 Fast Start.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Idvsoft"
HKLM\...\StartupApproved\Run32: => "{7B4A50DE-E9A1-5D65-55A0-215372F9BAC3}"
HKLM\...\StartupApproved\Run32: => "wgpro"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Resilio Sync"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "Tonido"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "WallpaperEngine"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "DOS Host"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3387545514-2906784231-2682514228-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CBC4ECFC-1253-4674-B353-170019F9FABE}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [TCP Query User{0CAE0F34-1600-450D-A351-4C7FFCA72D07}C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\program files (x86)\dead island riptide\deadislandgame_x86_rwdi.exe (Techland) [File not signed]
FirewallRules: [{606F165A-4B31-49AA-98BC-5B91C73BBF4B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A49D5669-FA5A-4815-9969-3E22DB5A4E6B}] => (Block) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{48D65172-F07A-4E24-A3A1-434257A6061F}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{6A333921-4247-486B-98D0-F26FD40E857E}C:\users\vanov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vanov\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0CA9BCD8-5B1C-4D05-AAD4-21FFEAC84103}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{051C78D0-5A1A-4C2A-ABC4-9E558B976B5F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A975745F-869F-4081-92E4-0D42641FF6C4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{49E008DC-6AAB-4B12-BB7B-667F30068494}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9C253803-BC67-4081-8522-B3EC16A3E8DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B4452071-1EF5-4231-9AF6-B0CD14FD5FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6D4BA297-6C70-47C8-BD34-738B4942ACB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2E9CDF23-57FD-43DB-9D11-55A66C91F8FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{B06BD948-E650-4190-8E60-7CFADC294373}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{B385A51F-02CB-4784-A947-2C9ABF8BEEDD}C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe] => (Allow) C:\users\vanov\appdata\roaming\utorrent\updates\3.5.0_44294.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{2EB36B25-BECE-477F-B928-0C25780C1214}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{DCA5B283-BB01-4858-8CBF-F750BF1B73F5}C:\users\vanov\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\vanov\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{6BEEFA38-F710-4247-BF7A-AECB5E37937E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C5D7FAE5-7CB3-43C1-80F6-589907AD1A0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BCA6781A-E253-483F-8236-CAF546AAF80D}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D50DE039-DAA2-4B8B-B1FB-3E30BC30A796}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AFC23FCC-79E4-469A-8459-B169B2FA2252}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F672BF62-161A-4044-9A8B-508F12A99CA6}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{12F3F116-CCDB-40AC-92C7-2317A0EEA58F}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BE51A32F-9911-4F10-AECE-61E068713997}] => (Allow) C:\Users\vanov\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{09600C42-3BDF-4A0D-AFD5-17E90BC5FBDB}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [UDP Query User{AEB25E26-AED6-4979-830F-F77D85DB1B7F}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe (Big Huge Games) [File not signed]
FirewallRules: [{A3B4325B-9C2A-4EE8-A5DB-7B28A9060CC2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{A89516B1-966E-4D36-8C30-A7773EB1FCEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2FB602DE-06A3-46EA-9153-DDA0373E214D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{8F69FAB7-2111-4D65-8B95-ED7D5DF0F7DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{57117F18-C29B-4A60-B34A-DC7B2E36B83A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9BB0D09-102F-4855-8DC4-7BDE56ABFA0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BAC7F6A3-92EA-47D9-83DD-84940C070F4D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{05DF0A2C-1A93-46AE-800E-E12DE7F18FC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B392F4D1-9B62-4364-AEBD-094036DA8436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA2527F7-EF88-4694-81D1-CAD2BD759A31}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [UDP Query User{DA58CB7B-2521-453B-B120-F66DA955BB73}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{39401A26-306A-4DB0-A93D-CAC43C7A097F}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F7E79D3D-E5F7-4109-95B5-7C20900FDF5D}C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1568FFD9-4C45-4576-B4A8-68C07A9299DA}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{9E44EC29-3C66-478D-B43A-423E93469959}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe (AzureEngBuildCodeSign -> ) [File not signed]
FirewallRules: [{8B5A3536-E847-4803-B18A-35B8A2023C40}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A325237-3BEF-4A73-B668-4F52AAD6FE02}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8F8775A-CAC9-4454-9BC2-0BD382B4A538}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8341FC3-E365-4CE6-BA40-CC53396DF507}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{782D4882-D209-44E9-A3E9-1C7DCA561633}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B7CF33C8-CC19-4D73-AC61-7534E1B70E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A03282F2-8B2F-4A2E-A556-5A88124F408C}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{52DEFF6B-ACA0-4834-BD06-59E2D1959922}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF7AC6C4-3B90-43EF-B110-B54E08AFDF90}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E682C56C-4D3A-4B0C-9F61-0A9FD0C478C5}] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B53B0E11-4896-4DFF-A873-E3A08FFC028D}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E90BA3A-A433-4095-9F52-DC3CBDC31FD1}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3978B3AB-19C3-4271-AC81-2D11287E2358}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{DA86CB7A-F52F-475E-87F1-FF83B160A4DC}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{ED36F1A2-029C-4E96-A4A7-3B50FAFD18C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{994571E2-6DCD-4E06-9B39-3EF82FFFA7E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0D9FE4C-355C-4679-8B96-D713017DD607}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3483E3A-F2EB-4FDB-BBDC-879CC9507758}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9680FCD1-9E1C-41C4-9D19-CA30045AAB34}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{009FA2E4-5EC8-4DD7-B8E6-DE1CFBFAAAE2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{073CBEBB-07F2-4E61-8303-70FF7C396678}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{09216F82-B859-408E-BD97-6502299F1FDB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{9E1C0C65-F7B4-4509-9C3C-E7101F192CBC}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10 Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{87D431EF-B497-43B6-8ED7-D924043264F6}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{F8600454-929C-4C5B-A4B9-735526AB4E82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8DED0F5F-3C5B-4D35-A34F-E75EA8E3D10C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A22A8EAA-7F39-43A2-A949-300F89E6EE35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3A7FC6A7-DD9A-4A49-998F-9F7FE3D957EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{72158FD3-1F41-41A4-BC36-88B6890C372B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3096494B-B18E-45A5-AC31-8E890346AF86}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64FFD821-2BB2-48A1-8776-B1251C6E58D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{E66D8ED8-9BD5-4B64-ABCA-ABA4BA362666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{D8939A68-301B-484C-B6B5-D2E40C4EC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{50A71AD9-5716-4E59-B0FA-60DB0B812E06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{0ACEC78F-BAB5-4312-8B93-4A65F76E3257}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{673C04EA-918C-4A3B-8E12-0540FE7C12F4}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [TCP Query User{8AB680EA-0B2D-4A78-9D85-F506E39545A9}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7593ED52-0637-4704-A236-CE146B456EAB}C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{F54E6234-B579-424C-90B5-6DF36DC84DF0}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D3B7D8BF-45AD-4EFA-80F1-40AD7F4CDEDC}C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_4.22\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6261CD1F-8E24-4A22-A51B-394D99B7597A}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [DNS Server Forward Rule - TCP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 90dfef9f-4f4f-49bb-a2f2-b2fda236ea44 - 0] => (Allow) LPort=53
FirewallRules: [TCP Query User{4EE7E41B-7EDC-4527-BCB6-651EE8D3AABA}C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe No File
FirewallRules: [UDP Query User{C4429850-5807-43B9-9E8F-00CF05AF74C2}C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\users\vanov\downloads\might.and.magic.heroes.vii.v1.8\might.and.magic.heroes.vii.v1.8\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe No File
FirewallRules: [{E3EE784C-588B-4F90-AD2B-FCCA44340B57}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{98171D83-8871-4AFD-83B4-80B2F094A4D1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

23-08-2019 03:49:37 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2019 04:29:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2019 04:28:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/25/2019 04:27:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/25/2019 04:20:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/25/2019 04:17:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {233e23d8-7627-4354-8171-8c089ad08290}

Error: (08/25/2019 04:13:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/25/2019 04:13:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/25/2019 04:13:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code: