Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019 Ran by Andi (05-02-2019 22:10:03) Running from C:\Users\Andi\Desktop Windows 10 Pro Version 1803 17134.523 (X64) (2018-12-21 22:12:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3767782009-1498256844-1943205539-500 - Administrator - Disabled) Andi (S-1-5-21-3767782009-1498256844-1943205539-1001 - Administrator - Enabled) => C:\Users\Andi DefaultAccount (S-1-5-21-3767782009-1498256844-1943205539-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3767782009-1498256844-1943205539-1000 - Limited - Disabled) Guest (S-1-5-21-3767782009-1498256844-1943205539-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3767782009-1498256844-1943205539-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe After Effects CC 2019 (HKLM-x32\...\AEFT_16_0_1) (Version: 16.0.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated) Adobe Illustrator CC 2019 (HKLM-x32\...\ILST_23_0_1) (Version: 23.0.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF03}) (Version: 18.0 - Adobe Systems Incorporated) Antares Auto-Tune Evo TDM (HKLM-x32\...\{E43E5F45-E924-4D83-9DB9-8D74BCF7A9DD}) (Version: 6.00.0009 - Antares Audio Technologies) Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CPUID HWMonitor 1.38 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.38 - CPUID, Inc.) CrystalDiskMark 6.0.2 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.2 - Crystal Dew World) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0677 - Disc Soft Ltd) Discord (HKU\S-1-5-21-3767782009-1498256844-1943205539-1001\...\Discord) (Version: 0.0.304 - Discord Inc.) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.35 - NVIDIA Corporation) Hidden Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.) Driver Booster 6 (HKLM-x32\...\Driver Booster_is1) (Version: 6.2.0 - IObit) Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) Harbor (HKLM\...\efc2cb0a-fa35-5c41-8096-d150b1cb8e83) (Version: 1.0.3 - Tilted Phoques) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) MeldaProduction Audio Plugins 12 (HKLM-x32\...\MeldaProduction Audio Plugins 12) (Version: - MeldaProduction) Metro: Last Light Redux (HKU\S-1-5-21-3767782009-1498256844-1943205539-1001\...\425442388270645248) (Version: - ) Microsoft OneDrive (HKU\S-1-5-21-3767782009-1498256844-1943205539-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1089.1204 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang) Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla) NETGEAR WNDA3100v3 (HKLM-x32\...\{C9C6242C-F18D-4B9F-B000-BBE2E9960BA0}) (Version: 1.0.0.13 - NETGEAR) Hidden NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{C9C6242C-F18D-4B9F-B000-BBE2E9960BA0}) (Version: 1.0.0.13 - NETGEAR) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.35 - NVIDIA Corporation) NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation) NVIDIA Graphics Driver 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.35 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - ) qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project) Rainway (HKU\S-1-5-21-3767782009-1498256844-1943205539-1001\...\Rainway) (Version: 1.0.1 - Rainway, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) THPS2 Smaller EXE (HKLM-x32\...\THPS2 Smaller EXE_is1) (Version: - by Someone) Tony Hawk's Pro Skater 2 (HKLM-x32\...\Activision_THPS2UninstallKey) (Version: - ) Tony Hawk's Underground 2 (HKLM-x32\...\{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision) Hidden Tony Hawk's Underground 2 (HKLM-x32\...\InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision) UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 2017.4.15f1 - Unity Technologies ApS) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft) Visual Studio Community 2017 (HKLM-x32\...\8ccb5afe) (Version: 15.9.28307.222 - Microsoft Corporation) Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.16.15 - Black Tree Gaming Ltd.) vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden WeMod (HKU\S-1-5-21-3767782009-1498256844-1943205539-1001\...\WeMod) (Version: 5.4.2 - WeMod) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3767782009-1498256844-1943205539-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-12-11] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {21899877-99DA-40B1-9F58-F1460C001772} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {31294DFF-46E0-4AFA-8E76-DFDD8F23515F} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-fever308@ymail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {31C9D30F-69EF-49D7-AE45-E782F8DC1861} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3AA0E4BA-6ADC-44B5-9DFF-6B27239C23B0} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5801AAC0-D467-46D5-A10F-4E710BACFE4E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {63075562-008F-42A3-9693-EE823BDBE3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-21] (Google Inc -> Google Inc.) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] (Microsoft Windows -> ) Task: {7216AEF8-6F7A-4CB3-9E61-7869AB082F5D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8368248F-9655-4FDB-B0D8-93DDC4A3F1DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-21] (Google Inc -> Google Inc.) Task: {8F466B1E-11E8-4424-B637-2BFF55BCDF4E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (OOO Lightshot -> TODO: ) Task: {93B6079C-20BD-44C9-AEFB-CF385B7B4EAD} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AB5593E5-9528-4EA9-A46B-2A0FCFFC6328} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C95D04B8-0725-4855-A6D7-C6C8EB0500EE} - System32\Tasks\Driver Booster SkipUAC (Andi) => C:\Program Files (x86)\IObit\Driver Booster\6.2.0\DriverBooster.exe [2018-12-20] (IObit Information Technology -> IObit) Task: {CC907D18-57EC-4C07-AFFE-DD7A043159ED} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D8EDA008-1296-4AFF-AA52-EFD7F9FB1474} - System32\Tasks\update-S-1-5-21-3767782009-1498256844-1943205539-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (OOO Lightshot -> TODO: ) Task: {EAE02129-73A5-4EFF-BC1D-F79883BDC214} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EC23373F-54AD-4CF5-8DDF-46B1FAEC2DED} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EF68B6BC-9604-46E3-BC5F-90A5C890564D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F5AD3414-7E78-43CA-9FD6-A11575899622} - System32\Tasks\AndiRainwayService => C:\Users\Andi\AppData\Local\Rainway\app-1.0.3\LaunchRainway.exe [2019-02-03] (Rainway, Inc. -> Rainway, Inc.) Task: {FE65D905-2E99-4421-A327-96E18B077A94} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-02-05] (AVAST Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-3767782009-1498256844-1943205539-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-12-21 15:51 - 2018-12-06 04:13 - 001314672 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2019-01-31 00:27 - 2019-01-31 00:24 - 000354808 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe 2019-01-31 00:27 - 2019-01-31 00:24 - 001698296 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe 2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-23 00:43 - 2018-11-08 20:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-01-31 00:27 - 2019-01-31 00:24 - 000950264 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe 2019-01-08 20:34 - 2019-01-01 00:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-01-31 17:39 - 2019-01-31 17:41 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2019-01-31 17:39 - 2019-01-31 17:41 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll 2018-12-21 16:00 - 2018-12-21 16:01 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2019-01-31 17:39 - 2019-01-31 17:41 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2019-01-31 17:39 - 2019-01-31 17:41 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll 2019-01-31 17:39 - 2019-01-31 17:41 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll 2019-01-31 17:39 - 2019-01-31 17:41 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-12-21 16:00 - 2018-12-21 16:01 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll 2018-12-21 16:02 - 2018-12-21 16:02 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 2019-01-22 19:53 - 2019-01-22 19:53 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe 2019-01-22 19:53 - 2019-01-22 19:53 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll 2018-04-12 03:25 - 2018-04-12 03:25 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-12-21 16:00 - 2018-12-21 16:00 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-01-22 19:53 - 2019-01-22 19:53 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll 2019-01-22 19:53 - 2019-01-22 19:53 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll 2018-12-26 18:23 - 2018-12-26 18:23 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll 2018-12-26 18:23 - 2018-12-26 18:23 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll 2018-12-26 18:23 - 2018-12-26 18:23 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll 2019-01-09 20:14 - 2018-12-05 17:47 - 001066784 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll 2019-01-09 20:14 - 2018-11-19 18:56 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll 2019-01-09 04:57 - 2019-01-09 04:57 - 003082752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\DotNetCommon\fdeaff0e975a3bd961d59425cc459a8d\DotNetCommon.ni.dll 2019-01-09 20:14 - 2018-11-19 18:56 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll 2019-01-09 20:14 - 2018-11-19 18:56 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll 2018-12-21 15:45 - 2018-12-11 23:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-21 15:45 - 2018-12-11 23:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll 2019-01-08 20:52 - 2019-01-08 20:52 - 031312896 _____ () C:\Users\Andi\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.114\pepflashplayer.dll 2019-01-31 00:27 - 2019-01-31 00:24 - 000932856 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\plugins\corsair\cueextensions32.dll 2019-01-31 00:27 - 2019-01-31 00:24 - 085731816 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\libcef.dll 2019-01-31 00:27 - 2019-01-31 00:24 - 003879400 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\libglesv2.dll 2019-01-31 00:27 - 2019-01-31 00:24 - 000086504 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\libegl.dll 2018-12-21 15:51 - 2018-12-06 04:13 - 001032560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2019-01-16 20:50 - 2019-01-15 16:32 - 002000216 _____ () C:\Users\Andi\AppData\Local\Discord\app-0.0.304\ffmpeg.dll 2019-01-16 20:50 - 2019-01-15 16:32 - 004332376 _____ () C:\Users\Andi\AppData\Local\Discord\app-0.0.304\libglesv2.dll 2019-01-16 20:50 - 2019-01-15 16:32 - 000106328 _____ () C:\Users\Andi\AppData\Local\Discord\app-0.0.304\libegl.dll 2018-12-21 15:51 - 2018-12-05 17:47 - 000885536 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2018-12-21 15:51 - 2016-08-31 19:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2018-12-21 15:51 - 2019-02-02 11:33 - 002667296 _____ () C:\Program Files (x86)\Steam\video.dll 2018-12-21 15:51 - 2016-08-31 19:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2018-12-21 15:51 - 2016-08-31 19:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2018-12-21 15:51 - 2018-11-05 12:53 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2018-12-21 15:51 - 2018-11-05 12:53 - 000810784 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2018-12-21 15:51 - 2018-11-05 12:53 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2018-12-21 15:51 - 2018-11-05 12:53 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2018-12-21 15:51 - 2018-11-05 12:53 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2018-12-21 15:51 - 2019-02-02 11:33 - 001031456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2018-12-21 15:51 - 2016-07-04 16:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2019-01-16 20:50 - 2019-01-29 18:28 - 011345240 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_voice\discord_voice.node 2019-01-16 20:50 - 2019-01-16 20:50 - 001723224 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_utils\discord_utils.node 2019-01-16 20:50 - 2019-01-16 20:50 - 001762648 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_game_utils\discord_game_utils.node 2019-01-16 20:50 - 2019-01-16 20:50 - 002672984 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node 2019-01-16 20:50 - 2019-01-16 20:50 - 000837464 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node 2019-01-16 20:50 - 2019-01-16 20:50 - 000479064 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2019-01-16 20:50 - 2019-01-16 20:50 - 000553816 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_erlpack\discord_erlpack.node 2019-01-16 20:50 - 2019-01-16 20:50 - 009914712 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_cloudsync\discord_cloudsync.node 2019-01-16 20:50 - 2019-01-16 20:50 - 002909016 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_rpc\discord_rpc.node 2019-01-16 20:50 - 2019-01-16 20:50 - 001726296 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_overlay2\discord_overlay2.node 2019-01-16 20:50 - 2019-01-16 20:50 - 001266008 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_modules\discord_modules.node 2019-01-16 20:50 - 2019-01-16 20:50 - 022327128 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_dispatch\discord_dispatch.node 2019-01-16 20:50 - 2019-01-16 20:50 - 002947416 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_contact_import\discord_contact_import.node 2019-01-16 20:50 - 2019-01-16 20:50 - 001297752 _____ () \\?\C:\Users\Andi\AppData\Roaming\discord\0.0.304\modules\discord_vigilante\discord_vigilante.node 2019-01-16 20:50 - 2019-01-15 16:32 - 002269528 _____ () C:\Users\Andi\AppData\Local\Discord\app-0.0.304\swiftshader\libglesv2.dll 2019-01-16 20:50 - 2019-01-15 16:32 - 000132952 _____ () C:\Users\Andi\AppData\Local\Discord\app-0.0.304\swiftshader\libegl.dll 2018-02-21 16:51 - 2018-02-21 16:51 - 000122880 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\Ralink.dll 2012-11-21 18:26 - 2012-11-21 18:26 - 001204224 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\RaWLAPI.dll 2018-07-31 10:57 - 2018-07-31 10:57 - 081764304 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2018-07-31 10:57 - 2018-07-31 10:57 - 002257360 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\swiftshader\libglesv2.dll 2018-07-31 10:57 - 2018-07-31 10:57 - 000110552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\swiftshader\libegl.dll 2018-11-05 14:25 - 2018-11-05 14:25 - 000142888 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\fs-ext\build\Release\fs-ext.node 2018-11-05 14:25 - 2018-11-05 14:25 - 000278056 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2018-11-05 14:25 - 2018-11-05 14:25 - 000142888 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ref\build\Release\binding.node 2018-11-05 14:25 - 2018-11-05 14:25 - 000152616 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ffi\build\Release\ffi_bindings.node 2018-11-05 14:25 - 2018-11-05 14:25 - 000097320 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2018-11-05 14:25 - 2018-11-05 14:25 - 000110120 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\idle-gc\build\Release\idle-gc.node 2019-01-31 00:27 - 2019-01-31 00:24 - 002631672 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\ui32.exe 2019-01-31 00:27 - 2019-01-31 00:24 - 002834920 _____ () D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\assimp-vc140-mt32.dll 2018-12-21 15:51 - 2019-02-02 11:33 - 000419104 _____ () C:\Program Files (x86)\Steam\steam.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-11 17:38 - 2019-02-05 21:00 - 000000850 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\GtkSharp\2.12\bin HKU\S-1-5-21-3767782009-1498256844-1943205539-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andi\Videos\The Witcher 3\The Witcher 3 Screenshot 2019.01.12 - 21.57.39.11.png DNS Servers: 1.1.1.1 - 1.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{18A1C593-4155-41FD-8028-7A13CBC0FC61}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [{FFEEF391-CCC2-4FD6-A5E3-E6C9949CFD7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{F5BC7174-983C-4964-9C59-4F8B1AD0CA96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{D986CB92-7339-461B-AE8A-7CF929D97546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{FEBBB01C-C108-48E5-AD92-2932AF33C129}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4189FE33-14CA-4A9A-BC3F-01B2EC99AC0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{AA752A98-302F-4EAD-BA1C-87F417387608}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EA4C3876-4E84-4888-BC19-1B12D0135A1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{351C3F8A-BE2A-46B1-BB1F-992E67FB23ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{42D1797A-1B10-4419-9223-02B8CC8AD98B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{99124398-6511-404A-9EE5-7D0F140BF4CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{5BEDDFBA-D48B-451D-8F37-12410943BD9F}] => (Allow) H:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe No File FirewallRules: [{63BC1169-5648-4F20-A225-DE73B8A0A7DE}] => (Allow) H:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe No File FirewallRules: [{4EC51BE9-8063-4833-A43E-0F532AB1ACA2}] => (Allow) H:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe No File FirewallRules: [{FA8B57BF-51FE-45D2-A029-4A3AE68265E9}] => (Allow) H:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe No File FirewallRules: [{FEDA8EE3-85FD-4CD8-85ED-854FD9F84E32}] => (Allow) H:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe No File FirewallRules: [{63AE034A-8BB4-4022-8F72-F3E11982FE80}] => (Allow) H:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe No File FirewallRules: [{AE5F5122-2D15-4F46-9A03-09A5E69B5E25}] => (Allow) H:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe No File FirewallRules: [{C9F2F6D4-8B75-48E6-AD20-3CDA48591F07}] => (Allow) H:\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe No File FirewallRules: [{106E3D65-18D3-4336-AC54-3DB65CD3E1E7}] => (Allow) H:\SteamLibrary\steamapps\common\Slap City\Slap City.exe No File FirewallRules: [{5C7E57A3-8F51-4E61-BD96-BC860462C3C5}] => (Allow) H:\SteamLibrary\steamapps\common\Slap City\Slap City.exe No File FirewallRules: [{66FB17A9-1763-44CA-900A-E0AEE4BFBC9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{45665CED-A1D2-4DAC-8F9F-FB3330C74983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{26BC2B87-9673-440E-8404-ADF4DEC55AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe (Valve Corp. -> ) FirewallRules: [{65E3F2C0-7CAB-4309-9715-ED96F35916FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe (Valve Corp. -> ) FirewallRules: [{8106D115-13CC-4A64-8AD5-EF0C68CD6024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe (Valve Corp. -> ) FirewallRules: [{D970F8C9-6F03-439C-B36E-38669E633DBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe (Valve Corp. -> ) FirewallRules: [{B9DE0E88-71F7-42B4-B3F5-AC9F178FD451}] => (Allow) C:\Program Files (x86)\Spellbreak\launcher.exe No File FirewallRules: [{7D0E951C-B499-4576-844D-E1EE4D983F5A}] => (Allow) C:\Program Files (x86)\Spellbreak\launcher.exe No File FirewallRules: [TCP Query User{DB071EE8-7741-4DEB-85D0-128598DDF6C0}C:\program files (x86)\spellbreak\game_spellbreak_30270\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\spellbreak\game_spellbreak_30270\g3\binaries\win64\spellbreak.exe No File FirewallRules: [UDP Query User{797C7A95-4094-4894-9502-26DB892BC3EF}C:\program files (x86)\spellbreak\game_spellbreak_30270\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files (x86)\spellbreak\game_spellbreak_30270\g3\binaries\win64\spellbreak.exe No File FirewallRules: [{6D596C5E-D296-46E7-8733-2088908E310B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> ) FirewallRules: [{D391B3D2-4A49-4EDA-B59D-39DA8074DE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> ) FirewallRules: [{A4A6A9DC-049B-4772-93BA-3C041D0EEDF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () FirewallRules: [{0237EF31-3071-447D-A4E2-58151FE9EFBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () FirewallRules: [TCP Query User{A88E8148-EBF7-4261-82F2-3EC29E5D76C0}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{D48FB2FD-4D8F-4B1C-83CB-530222912838}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{BB3E4810-C1DD-40A6-9E42-4757CEFB4629}C:\program files\epic games\subnautica\subnautica.exe] => (Allow) C:\program files\epic games\subnautica\subnautica.exe () FirewallRules: [UDP Query User{047ED47B-86DB-40C1-9074-779E195029A2}C:\program files\epic games\subnautica\subnautica.exe] => (Allow) C:\program files\epic games\subnautica\subnautica.exe () FirewallRules: [{BE6E5066-5AEE-47B9-803A-528BA796786B}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{C6BF1C78-A54D-42A0-92C1-9ED943436ED1}] => (Block) C:\Program Files\Unity\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS) FirewallRules: [{ED424FBE-04D8-4502-80EE-63F827AAA49F}] => (Allow) C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [{BCD87972-2442-45AD-BBED-82C769B1E450}] => (Block) C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [{A9E3FF0A-0F5A-42FC-B8D3-3F798D8B05D2}] => (Allow) H:\SteamLibrary\steamapps\common\Mutant Football League\MFL.exe No File FirewallRules: [{152140AA-40B6-4125-80AA-A2D7FC19A956}] => (Allow) H:\SteamLibrary\steamapps\common\Mutant Football League\MFL.exe No File FirewallRules: [{0DD1930F-7E97-48A8-9117-C1F5B52B58AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 2\The Jackbox Party Pack 2.exe () FirewallRules: [{F0B228D1-0387-4634-828D-9A0A165E6BD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 2\The Jackbox Party Pack 2.exe () FirewallRules: [{01B60F88-9FB5-4B33-B6A0-C9FFFAE0D926}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe () FirewallRules: [{89E943DD-4675-4288-83AC-A7A89D309ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe () FirewallRules: [{2D93D9F6-B5A1-4AE2-8124-5A5270AE4A52}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () FirewallRules: [{8FA41ABC-E3C1-4441-AE97-E9600FC8BD07}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () FirewallRules: [{3A873A5B-0EC1-4F78-B135-E5B5D5510965}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{5636A7EC-CCB7-4F6A-80A1-086F4BBF2FC5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.0\DriverBooster.exe (IObit Information Technology -> IObit) FirewallRules: [{6C2A87A7-BE98-48AD-A0DB-B4632621662E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.0\DriverBooster.exe (IObit Information Technology -> IObit) FirewallRules: [{52EC335F-B21F-4A94-A9D8-5C7B854739BE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.0\DBDownloader.exe (IObit Information Technology -> IObit) FirewallRules: [{4AB1A581-8E0D-4902-AB96-5688D5DA0D9D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.0\DBDownloader.exe (IObit Information Technology -> IObit) FirewallRules: [{E4D9189B-F655-489D-82A8-701A9A1A58D8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.0\AutoUpdate.exe (IObit Information Technology -> IObit) FirewallRules: [{87103FC6-5E25-48D7-BEAC-DD58992AA136}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.2.0\AutoUpdate.exe (IObit Information Technology -> IObit) FirewallRules: [{BE130804-BFA5-4770-BA65-21F258A0E5E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{417C067C-B885-4D0D-A934-664C86A469FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{33F77B22-B92B-47B1-A4C6-E6454AB54FD5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7D7CFD1F-E76F-40F5-B465-D65401CD3E49}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{726B5CD4-9181-4A1C-80A0-18DCB90DFF06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) FirewallRules: [{755F0C56-0344-417D-898C-0583F1B34488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) FirewallRules: [{58F17B32-49A4-4474-81E6-BA97AF131286}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{89D41401-1742-4E3D-B3F2-312DD00C9844}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7630FC70-7441-4967-9806-B5EC341CCF73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CEFEEF21-983A-4D3E-B6F6-3795EA34AAD2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FC954EEA-278E-4725-BEE0-50D014C93B46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () FirewallRules: [{15B5B842-5A95-4D93-BA34-D76449BFB839}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () FirewallRules: [{822D23E0-8839-4061-80D7-F459557B9C91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe No File FirewallRules: [{810CE812-FB51-4E2D-B8B3-0BCDFE20EAC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe No File FirewallRules: [TCP Query User{076C8730-9FE4-407B-B40B-26F730F661C6}C:\program files (x86)\dap\dap.exe] => (Allow) C:\program files (x86)\dap\dap.exe (Speed-Bit LTD -> Speedbit Ltd.) FirewallRules: [UDP Query User{FD3373B1-52D1-4779-AEC7-9C96CDD75A58}C:\program files (x86)\dap\dap.exe] => (Allow) C:\program files (x86)\dap\dap.exe (Speed-Bit LTD -> Speedbit Ltd.) FirewallRules: [{88ECAB46-5265-4CF1-BAA5-9563788A512E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) FirewallRules: [{1365C2C3-A219-4F4B-8610-7A92884B5FBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) FirewallRules: [TCP Query User{AD03FE91-1186-4279-BCA3-50D9A5CB4492}C:\program files\tilted phoques\harbor\harbor.exe] => (Allow) C:\program files\tilted phoques\harbor\harbor.exe (Tilted Phoques) FirewallRules: [UDP Query User{33CB2201-E9B9-453D-9A08-17049E5E1559}C:\program files\tilted phoques\harbor\harbor.exe] => (Allow) C:\program files\tilted phoques\harbor\harbor.exe (Tilted Phoques) FirewallRules: [{1A258E8E-E91F-4C73-AD46-7676CC9B5F78}] => (Allow) D:\SteamLibrary\steamapps\common\Duck Game\DuckGame.exe (CORPTRON) FirewallRules: [{BE02138C-3D2E-433C-AC7C-75DFF583DC12}] => (Allow) D:\SteamLibrary\steamapps\common\Duck Game\DuckGame.exe (CORPTRON) FirewallRules: [{BF55F9DC-EA78-43E0-AE36-7A9421A214EB}] => (Allow) D:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> ) FirewallRules: [{9DC9359C-6365-4C0F-B721-6FEE5A233588}] => (Allow) D:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> ) FirewallRules: [{88FEFB28-EB9F-4BEB-B9D1-3291736ED8E9}] => (Allow) D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> ) FirewallRules: [{F95A18BD-7062-4409-87DC-CE7745345089}] => (Allow) D:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> ) FirewallRules: [{512BCA93-33CE-4CDC-B4B9-13EDE082D44A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe (Crytek GmbH) FirewallRules: [{BFCC4815-E646-436A-9462-CDF12A297C5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe (Crytek GmbH) FirewallRules: [{9DEBEE73-7D33-4D16-ADD8-49EDB997F2F1}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3D92161F-3F25-4D86-99E7-F6E173BEE21A}] => (Allow) C:\Program Files (x86)\Minsk\Backwoods.exe No File FirewallRules: [{84CC12D0-93BC-4578-BF6D-E550216A8DFC}] => (Allow) C:\Program Files (x86)\Petry\Backwoods.exe No File FirewallRules: [{6C5E6BD1-80A5-4E72-88CD-92411DABFA51}] => (Allow) C:\Program Files (x86)\disfiguring\Correspondent.exe No File FirewallRules: [{9802ADC4-D767-4395-9FF5-19616C62F799}] => (Allow) C:\Program Files (x86)\Petry\Correspondent.exe No File FirewallRules: [{C3D080FC-7496-46C1-B53A-1A7124D052A2}] => (Allow) C:\Users\Andi\AppData\Local\Rainway\app-1.0.3\Rainway.exe (Rainway, Inc. -> Rainway, Inc.) FirewallRules: [{6BDD2F16-A6D3-406F-97C3-19D534D5B490}] => (Allow) LPort=443 FirewallRules: [{21E98CE0-D687-4794-AB96-72E8A647BC79}] => (Allow) LPort=40136 FirewallRules: [{52085D51-5491-4736-910D-D5727A1F777D}] => (Allow) LPort=9 ==================== Restore Points ========================= 27-01-2019 17:11:19 Installed DirectX 29-01-2019 19:35:34 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 30-01-2019 19:45:39 Installed DirectX ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2019 09:57:56 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (02/05/2019 09:57:56 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (02/05/2019 07:13:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 63952297 Error: (02/05/2019 07:13:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 63952297 Error: (02/05/2019 07:13:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2019 01:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19969 Error: (02/05/2019 01:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 19969 Error: (02/05/2019 01:27:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (02/05/2019 09:58:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HGPNDE0) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-HGPNDE0\Andi SID (S-1-5-21-3767782009-1498256844-1943205539-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/05/2019 09:58:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HGPNDE0) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-HGPNDE0\Andi SID (S-1-5-21-3767782009-1498256844-1943205539-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/05/2019 09:57:50 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff801a01d8010, 0x00000000000000ff, 0x0000000000000000, 0xfffff801b24195ae). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 66adda81-6102-4e2d-8909-bd68c0965bc9. Error: (02/05/2019 09:57:39 PM) (Source: volmgr) (EventID: 161) (User: ) Description: Dump file creation failed due to error during dump creation. Error: (02/05/2019 09:57:42 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:52:06 PM on ‎2/‎5/‎2019 was unexpected. Error: (02/05/2019 09:53:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/05/2019 09:52:41 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HGPNDE0) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-HGPNDE0\Andi SID (S-1-5-21-3767782009-1498256844-1943205539-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/05/2019 09:52:39 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HGPNDE0) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DESKTOP-HGPNDE0\Andi SID (S-1-5-21-3767782009-1498256844-1943205539-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2019-02-05 20:50:38.434 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload.DV!bit&threatid=249578&enterprise=0 Name: TrojanDownloader:Win32/Adload.DV!bit ID: 249578 Severity: High Category: Trojan Downloader Path: file:_C:\Users\Andi\AppData\Local\Temp\Rar$EXa12472.42748\CCMaker.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\WinRAR\WinRAR.exe Signature Version: AV: 1.285.880.0, AS: 1.285.880.0, NIS: 1.285.880.0 Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4 Date: 2019-02-05 20:50:26.822 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload.DV!bit&threatid=249578&enterprise=0 Name: TrojanDownloader:Win32/Adload.DV!bit ID: 249578 Severity: High Category: Trojan Downloader Path: file:_C:\Users\Andi\AppData\Local\Temp\Rar$EXa12472.42748\CCMaker.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\WinRAR\WinRAR.exe Signature Version: AV: 1.285.880.0, AS: 1.285.880.0, NIS: 1.285.880.0 Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4 Date: 2019-02-05 20:50:15.072 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload.DV!bit&threatid=249578&enterprise=0 Name: TrojanDownloader:Win32/Adload.DV!bit ID: 249578 Severity: High Category: Trojan Downloader Path: file:_C:\Users\Andi\AppData\Local\Temp\Rar$DRa12472.41571\CCMaker.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\WinRAR\WinRAR.exe Signature Version: AV: 1.285.880.0, AS: 1.285.880.0, NIS: 1.285.880.0 Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4 Date: 2019-02-05 20:48:28.261 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload.DV!bit&threatid=249578&enterprise=0 Name: TrojanDownloader:Win32/Adload.DV!bit ID: 249578 Severity: High Category: Trojan Downloader Path: file:_C:\Users\Andi\AppData\Local\Temp\Rar$DRa12472.30893\CCMaker.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\WinRAR\WinRAR.exe Signature Version: AV: 1.285.880.0, AS: 1.285.880.0, NIS: 1.285.880.0 Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4 Date: 2019-02-05 20:47:42.214 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload.DV!bit&threatid=249578&enterprise=0 Name: TrojanDownloader:Win32/Adload.DV!bit ID: 249578 Severity: High Category: Trojan Downloader Path: file:_C:\Users\Andi\AppData\Local\Temp\Rar$DRa12472.26254\CCMaker.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\WinRAR\WinRAR.exe Signature Version: AV: 1.285.880.0, AS: 1.285.880.0, NIS: 1.285.880.0 Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4 Date: 2018-12-23 05:11:07.470 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.283.1272.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15500.2 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-12-23 00:36:59.000 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.283.1272.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15500.2 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally Date: 2018-12-23 00:36:58.990 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.283.1272.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15500.2 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally Date: 2018-12-23 00:36:58.990 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.283.1272.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15500.2 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally Date: 2018-12-23 00:36:46.964 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.263.48.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15500.2 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-02-05 22:07:47.479 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-02-05 22:07:47.478 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-02-05 22:07:46.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-02-05 22:07:46.809 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-02-05 22:07:45.092 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-02-05 22:07:45.091 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-02-05 22:07:44.926 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-02-05 22:07:44.925 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz Percentage of memory in use: 33% Total physical RAM: 16346.53 MB Available physical RAM: 10792.14 MB Total Virtual: 19034.53 MB Available Virtual: 10549.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.34 GB) (Free:239.84 GB) NTFS Drive d: (Ready Boost) (Fixed) (Total:13.41 GB) (Free:6.22 GB) NTFS \\?\Volume{c0af9860-7626-479b-8dbd-1fc8d4b1d2b5}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS \\?\Volume{351bb914-eee5-4c27-8b30-d1ae89793bbd}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 13.4 GB) (Disk ID: 66028AAD) Partition: GPT. ======================================================== Disk: 1 (Size: 476.9 GB) (Disk ID: 94A3DE8B) Partition: GPT. ==================== End of Addition.txt ============================