Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown problem, BSODs on two computers, possible rootkit or worse?

Started by Aizekku , Dec 04 2017 06:44 PM

  • Please log in to reply

#1
Aizekku
Posted 04 December 2017 - 06:44 PM

Aizekku

    New Member

  • Member
  • Pip
  • 3 posts
Hello!
 
I'm far from being an expert when it comes to malware, but I'm a very proficient computer user and I know suspicious activity when I see it... 
 
Ever since around December 1st, I've been dealing with an infection of some sort on two different machines - my own desktop PC and a friend's laptop - both of which are bootable and usable but get BSODs very often and almost at random. I have a friend who had a badly infected laptop, which I cleaned up with Avast and Malwarebytes. I had agreed to backup her files, reformat the drive, and install Windows 10 instead of Windows 7. I took the hard drive out of the laptop and formatted it after connecting it to my own PC and making backups of important files. I then installed a version of Windows 10 on the laptop, using a USB keydrive.
 
There were multiple occasions in which I didn't consider that there might be some sort of lingering infection of the laptop (I had almost forgotten that it had been infected), and I had transferred files between the two machines frequently using USB drives, the laptop's own hard drive connected to my computer via USB, and a LAN cable bridging both machines directly. Oops.
 
Anyway, my own PC started crashing frequently not long after I started working on fixing up the laptop. It has never had an issue before and it's been at least a decade since I've had any lasting infection that I was aware of, and it seems almost impossible that this is a coincidence. I quickly realized that the laptop also had the same symptoms: at least 3 types of BSODs that are typically between 10 minutes and several hours apart. One is something like "CRITICAL STRUCTURE CORRUPTION," and another was "DRIVER IRQL NOT LESS OR EQUAL" and said that "kwwdapod.sys" had failed (a minute ago, I got the same error about "aswMBR.sys").
 
My working theory is that the infection originated from the laptop's hard drive before it was formatted, from some questionable software I downloaded to recover some corrupted files, or from something completely different. Regardless, it's quite an issue, and I've done lots of research, to no avail.
 
I decided to just focus on solving the issues on my desktop PC first, since the laptop is old and not as important. Malwarebytes found nothing after a full scan. Avast seems to be able to complete a "quick scan" but remains stuck at 0% for hours when I attempt to do a full system scan. I tried an Avast boot-time scan, which seemed to run fine, but does not detect anything. There is no way this is just a coincidence, though. The crashes surely come from either an infection or from inexplicably-corrupted system files.
 
I did a scan with tdsskiller and found a very suspicious driver that was hidden and had been created the same day I had started work on the laptop, called amdfx.sys. I understand the risks of deleting files like this, but I held my breath and decided to carefully remove it. I suspect this has helped somehow. I have otherwise tried to avoid touching any system files too much. I found several suspicious things with Pchunter and Gmer, which seem to be mostly gone now, but the BSODs persist - perhaps slightly less frequently, unless I'm imagining it. I noticed some odd behavior when I booted up the laptop that made me decide to do an MBR check on my desktop PC, which detected nonstandard code. I know that might have been normal, but I rewrote it to default using a Windows 10 installation disc and command prompt from the boot menu. I also tried using Avast's aswmbr.exe, but my PC instantly crashes when I click "Yes" when prompted if I wish to use Virtualization Technology for rootkit detection, which seems strange. Avast still will not do a full system scan after I boot, even after I reinstall Avast. 
 
I'm not entirely sure what I'm looking for, but there is a definite problem of some sort. I've probably made some mistakes, but I've handled it as well as I could and I am running out of ideas. Any help would be incredibly appreciated!
 
 
 
FRST Logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Isaac (administrator) on WINDOWS-M8GK56L (04-12-2017 16:19:20)
Running from C:\Users\42and_000\AppData\Local\Temp\scoped_dir7484_27194
Loaded Profiles: Isaac & Isaac 2 (Available Profiles: Isaac & Isaac 2)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.47\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-04] (AVAST Software)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-10-18] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\Run: [Spotify Web Helper] => C:\Users\42and_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-06-23] (Spotify Ltd)
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\MountPoints2: E - "E:\autorun.exe" 
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\MountPoints2: {1e06d39f-81ed-11e7-bfd8-90b11ca5fa1f} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\HYPERS~1.SCR [584192 2016-03-31] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9177fad2-2d39-40d0-aefa-16854a4a7493}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9177fad2-2d39-40d0-aefa-16854a4a7493}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af18d3d6-716d-4035-82c0-5ed5110bec8b}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f4bfffaa-cccc-4a70-a334-d8de9f4beb5e}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-1114006664-966733769-2668947745-1059\Software\Microsoft\Internet Explorer\Main,Start Page = www.dell.com
HKU\S-1-5-21-1114006664-966733769-2668947745-1059\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-01] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-01] (Oracle Corporation)
BHO: avast! Ad Blocker -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll [2013-02-18] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-02] (Oracle Corporation)
BHO-x32: avast! Ad Blocker -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll [2013-02-18] (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1466051146976
 
FireFox:
========
FF ProfilePath: C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default [2017-12-04]
FF Homepage: Mozilla\Firefox\Profiles\nlev5rvz.default -> hxxp://www.yahoo.com/
FF Extension: (Classic Theme Restorer) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-10-21] [Lagacy]
FF Extension: (Cookie AutoDelete) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-10-21]
FF Extension: (1-Click Dailymotion Video Downloader) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2016-04-27] [Lagacy]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-05-20] [Lagacy]
FF Extension: (Ghostery) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-09-01]
FF Extension: (Self-Destructing Cookies) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-03-25] [Lagacy]
FF Extension: (Ratings Preview for YouTube™) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-10-21]
FF Extension: (Private Tab) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-05-28] [Lagacy]
FF Extension: (SkipScreen) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2016-04-27] [Lagacy]
FF Extension: (Avast SafePrice) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-12-04]
FF Extension: (uBlock Origin) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-10-21]
FF Extension: (Avast Online Security) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-12-04]
FF Extension: (YouTube Auto Replay) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2016-04-27] [Lagacy]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\[email protected] [2017-10-21] [Lagacy]
FF Extension: (TV-Fox) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2016-07-25] [Lagacy]
FF Extension: (FT DeepDark) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-21] [Lagacy]
FF Extension: (All-in-One Gestures) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-26] [Lagacy]
FF Extension: (Video DownloadHelper) - C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-21] [Lagacy]
FF SearchPlugin: C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\searchplugins\startpage-ssl.xml [2014-08-07]
FF SearchPlugin: C:\Users\42and_000\AppData\Roaming\Mozilla\Firefox\Profiles\nlev5rvz.default\searchplugins\youtube-video-search.xml [2015-01-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-1114006664-966733769-2668947745-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\42and_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-16] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1114006664-966733769-2668947745-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-17] (Ubisoft)
StartMenuInternet: FIREFOX.EXE - C:\Users\42and_000\Desktop\Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default [2017-12-01]
CHR Extension: (Google Drive) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Search) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Video Downloader professional) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-16]
CHR Extension: (Video Downloader Pro) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2017-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-07]
CHR Extension: (Adblock Pro) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-25]
CHR Extension: (Gmail) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-09]
CHR Extension: (Chrome Media Router) - C:\Users\42and_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-07]
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx <not found>
 
Opera: 
=======
OPR Extension: (Flash Master) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\cacfnookefkldifaigjdedpophfjkjeh [2017-10-21]
OPR Extension: (Ratings Preview for YouTube™) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2017-10-20]
OPR Extension: (Bookmark Lock) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\comgdpdblghhphamnlfjdmcpfekanbke [2017-10-28]
OPR Extension: (Extension source viewer) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddlapbbeiljnagpkdmfegipfkeebgmnm [2017-11-23]
OPR Extension: (Vanilla Cookie Manager) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\gieohaicffldbmiilohhggbidhephnjj [2017-10-10]
OPR Extension: (Avast Online Security) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-10]
OPR Extension: (Private Video Downloader) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ijeobnknkapadljpcbamidbdoankakaa [2017-11-23]
OPR Extension: (Download Chrome Extension) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-12-01]
OPR Extension: (Video Downloader professional) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2017-11-23]
OPR Extension: (Video DownloadHelper) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-10-10]
OPR Extension: (Ghostery) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-12-01]
OPR Extension: (Stormcrow) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2017-11-13]
OPR Extension: (FastestTube - YouTube Video Downloader) - C:\Users\42and_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag [2017-12-01]
StartMenuInternet: (HKLM) Operabeta - C:\Program Files\Opera beta\Launcher.exe
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files\Opera developer\Launcher.exe
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-07-03] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-04] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2017-05-09] (BitRaider, LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-09-19] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120032 2017-10-04] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3000168 2017-10-04] (Electronic Arts)
S3 PRMonitorService; C:\Program Files (x86)\Personal Renamer\PRService1.exe [58368 2010-11-25] (VC) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-04] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-04] (AVAST Software)
R3 axscsibus; C:\WINDOWS\System32\drivers\axscsibus.sys [30352 2016-11-15] (Alcohol Soft Development Team)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
S3 lehidmini; C:\WINDOWS\System32\drivers\leath_hid.sys [39704 2012-07-02] (Atheros)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-12-03] (Malwarebytes)
R1 mrxsmb22; C:\WINDOWS\System32\drivers\mrxsmb22.sys [56824 2017-12-01] (Windows ® Win 7 DDK provider) [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-09-19] (NVIDIA Corporation)
S3 qca_shb; C:\WINDOWS\System32\drivers\qca_shb.sys [99328 2012-07-02] (Qualcomm Atheros Communications Inc.) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [196040 2017-09-13] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-09-13] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [138432 2017-09-13] (Oracle Corporation)
S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [45168 2014-03-06] (Shaul Eizikovich)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 YMIDUSBW; C:\WINDOWS\system32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-04 16:19 - 2017-12-04 16:19 - 000000000 ____D C:\FRST
2017-12-04 16:18 - 2017-12-04 16:18 - 002391552 _____ (Farbar) C:\Users\42and_000\Desktop\FRST64.exe
2017-12-04 16:09 - 2017-12-04 16:10 - 000578892 _____ C:\WINDOWS\Minidump\120417-34250-01.dmp
2017-12-04 12:11 - 2017-12-04 12:11 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-04 02:22 - 2017-12-04 16:19 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-12-04 02:22 - 2017-12-04 02:22 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-12-04 02:22 - 2017-12-04 02:22 - 000001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-12-04 02:22 - 2017-12-04 02:22 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\AVAST Software
2017-12-04 02:21 - 2017-12-04 02:22 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-04 02:21 - 2017-12-04 02:21 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-04 02:21 - 2017-12-04 02:21 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-04 02:21 - 2017-12-04 02:21 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-12-04 02:21 - 2017-12-04 02:21 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-12-04 02:21 - 2017-12-04 02:21 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-04 02:21 - 2017-12-04 02:21 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-12-04 02:21 - 2017-12-04 02:21 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-12-04 02:21 - 2017-12-04 02:21 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-12-04 02:21 - 2017-12-04 02:20 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-04 02:21 - 2017-12-04 02:20 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-12-04 02:21 - 2017-12-04 02:20 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-12-04 02:21 - 2017-12-04 02:20 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-12-04 02:21 - 2017-12-04 02:20 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-12-04 02:20 - 2017-12-04 02:20 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-04 02:17 - 2017-12-04 02:19 - 000017060 _____ C:\Users\42and_000\Desktop\MBRCheck_12.04.17_02.17.44.txt
2017-12-04 01:56 - 2017-12-04 01:57 - 000000000 ____D C:\Users\42and_000\Desktop\Recovery Essentials
2017-12-04 01:33 - 2017-12-04 01:34 - 000016836 _____ C:\Users\42and_000\Desktop\MBRCheck_12.04.17_01.33.24.txt
2017-12-04 01:31 - 2017-12-04 01:32 - 000596124 _____ C:\WINDOWS\Minidump\120417-36515-01.dmp
2017-12-04 01:29 - 2017-12-04 01:29 - 000561196 _____ C:\WINDOWS\Minidump\120417-36218-01.dmp
2017-12-04 01:26 - 2017-12-04 01:27 - 000091260 _____ C:\TDSSKiller.3.1.0.15_04.12.2017_01.26.30_log.txt
2017-12-04 01:23 - 2017-12-04 01:25 - 000098576 _____ C:\TDSSKiller.3.1.0.15_04.12.2017_01.23.39_log.txt
2017-12-04 01:17 - 2017-12-04 01:24 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-12-04 01:14 - 2017-12-04 01:23 - 000150858 _____ C:\TDSSKiller.3.1.0.15_04.12.2017_01.14.12_log.txt
2017-12-04 01:13 - 2017-12-04 01:14 - 004922400 _____ (AO Kaspersky Lab) C:\Users\42and_000\Desktop\tdsskiller.exe
2017-12-04 00:56 - 2017-12-04 02:32 - 000000000 ____D C:\Users\42and_000\Desktop\PCHunter_free
2017-12-04 00:55 - 2017-12-04 00:55 - 005908597 _____ C:\Users\42and_000\Desktop\PCHunter_free.zip
2017-12-04 00:36 - 2017-12-04 00:37 - 000554740 _____ C:\WINDOWS\Minidump\120417-30734-01.dmp
2017-12-03 23:41 - 2017-12-03 23:41 - 000380928 _____ C:\Users\42and_000\Desktop\f9lpic3r.exe
2017-12-03 23:33 - 2017-12-04 00:34 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-03 23:33 - 2017-12-04 00:29 - 000000000 ____D C:\Users\42and_000\Desktop\mbar
2017-12-03 23:33 - 2017-12-04 00:29 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-03 23:33 - 2017-12-03 23:33 - 014178840 _____ (Malwarebytes Corp.) C:\Users\42and_000\Desktop\mbar-1.10.3.1001.exe
2017-12-03 23:33 - 2017-12-03 23:33 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\56412493.sys
2017-12-03 23:25 - 2017-12-03 23:25 - 000533908 _____ C:\WINDOWS\Minidump\120317-30000-01.dmp
2017-12-03 23:22 - 2017-12-03 23:23 - 000546964 _____ C:\WINDOWS\Minidump\120317-28828-01.dmp
2017-12-03 23:21 - 2017-12-03 23:21 - 005200384 _____ (AVAST Software) C:\Users\42and_000\Desktop\aswmbr.exe
2017-12-03 23:16 - 2017-12-03 23:18 - 000019086 _____ C:\Users\42and_000\Desktop\MBRCheck_12.03.17_23.16.47.txt
2017-12-03 23:16 - 2017-12-03 23:16 - 000080384 _____ C:\Users\42and_000\Desktop\MBRCheck.exe
2017-12-03 22:24 - 2017-12-03 22:25 - 000000000 ____D C:\Users\42and_000\Desktop\Windows_7_Loader
2017-12-03 22:24 - 2017-12-03 22:24 - 002883863 _____ C:\Users\42and_000\Desktop\Windows_7_Loader.zip
2017-12-03 21:58 - 2017-12-03 21:58 - 000463500 _____ C:\WINDOWS\Minidump\120317-32484-01.dmp
2017-12-03 18:53 - 2017-12-03 18:54 - 000455836 _____ C:\WINDOWS\Minidump\120317-30703-01.dmp
2017-12-03 17:54 - 2017-12-03 17:54 - 000471076 _____ C:\WINDOWS\Minidump\120317-30203-01.dmp
2017-12-03 16:41 - 2017-12-03 16:41 - 000463972 _____ C:\WINDOWS\Minidump\120317-29968-01.dmp
2017-12-03 15:34 - 2017-12-03 15:39 - 000000000 ____D C:\Users\42and_000\Desktop\sw revisited ntsc dvd-5
2017-12-03 15:23 - 2017-12-03 15:30 - 147235103 _____ C:\Users\42and_000\Desktop\sw revisited ntsc dvd-5.zip
2017-12-03 09:19 - 2017-12-03 09:19 - 000450444 _____ C:\WINDOWS\Minidump\120317-30250-01.dmp
2017-12-03 08:34 - 2017-12-03 08:35 - 000462700 _____ C:\WINDOWS\Minidump\120317-36453-01.dmp
2017-12-03 01:55 - 2017-12-03 01:55 - 000005095 _____ C:\Users\42and_000\Desktop\download.jfif
2017-12-03 00:48 - 2017-12-03 00:48 - 000000165 ____H C:\Users\42and_000\Desktop\~$Twelve Monkeys.pptx
2017-12-03 00:47 - 2017-12-03 00:47 - 000463540 _____ C:\WINDOWS\Minidump\120317-27203-01.dmp
2017-12-02 22:42 - 2017-12-02 22:43 - 000458276 _____ C:\WINDOWS\Minidump\120217-34515-01.dmp
2017-12-02 22:40 - 2017-12-02 22:40 - 000460252 _____ C:\WINDOWS\Minidump\120217-27421-01.dmp
2017-12-02 22:07 - 2017-12-02 22:07 - 000456428 _____ C:\WINDOWS\Minidump\120217-27437-01.dmp
2017-12-02 21:32 - 2017-12-02 21:32 - 000450084 _____ C:\WINDOWS\Minidump\120217-28078-01.dmp
2017-12-02 21:25 - 2017-12-02 21:25 - 000002664 _____ C:\Users\42and_000\Desktop\Windows 7 USB DVD Download Tool.lnk
2017-12-02 21:25 - 2017-12-02 21:25 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-12-02 21:25 - 2017-12-02 21:25 - 000000000 ____D C:\Users\42and_000\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-12-02 21:24 - 2017-12-02 21:24 - 002721168 _____ (Microsoft Corporation) C:\Users\42and_000\Desktop\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2017-12-02 19:53 - 2017-12-02 19:54 - 000459644 _____ C:\WINDOWS\Minidump\120217-29953-01.dmp
2017-12-02 18:17 - 2017-12-02 18:17 - 000443412 _____ C:\WINDOWS\Minidump\120217-28609-01.dmp
2017-12-02 15:15 - 2017-12-02 15:15 - 000441372 _____ C:\WINDOWS\Minidump\120217-29781-01.dmp
2017-12-02 13:41 - 2017-12-02 13:41 - 000460092 _____ C:\WINDOWS\Minidump\120217-37750-01.dmp
2017-12-02 13:22 - 2017-12-02 13:22 - 000459700 _____ C:\WINDOWS\Minidump\120217-118609-01.dmp
2017-12-02 12:32 - 2017-12-02 12:33 - 000460244 _____ C:\WINDOWS\Minidump\120217-33171-01.dmp
2017-12-02 10:42 - 2017-12-02 10:42 - 000477252 _____ C:\WINDOWS\Minidump\120217-26640-01.dmp
2017-12-02 09:28 - 2017-12-02 09:28 - 000459428 _____ C:\WINDOWS\Minidump\120217-27843-01.dmp
2017-12-02 07:39 - 2017-12-02 07:39 - 000453460 _____ C:\WINDOWS\Minidump\120217-45359-01.dmp
2017-12-02 07:03 - 2017-12-02 07:04 - 000464900 _____ C:\WINDOWS\Minidump\120217-28687-01.dmp
2017-12-02 05:11 - 2017-12-02 05:11 - 000000000 ___HD C:\$SysReset
2017-12-02 02:54 - 2017-12-02 02:55 - 000474276 _____ C:\WINDOWS\Minidump\120217-58578-01.dmp
2017-12-02 01:57 - 2017-12-02 01:57 - 000462028 _____ C:\WINDOWS\Minidump\120217-37625-01.dmp
2017-12-02 01:40 - 2017-12-02 01:40 - 244431952 _____ (AVAST Software) C:\Users\42and_000\Desktop\avast_free_antivirus_setup_offline.exe
2017-12-02 01:21 - 2017-12-02 01:22 - 000466012 _____ C:\WINDOWS\Minidump\120217-40578-01.dmp
2017-12-02 01:20 - 2017-12-02 01:20 - 000000000 ____D C:\Program Files\iTunes
2017-12-02 01:16 - 2017-12-02 01:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-02 00:33 - 2017-12-02 00:33 - 000468876 _____ C:\WINDOWS\Minidump\120217-28015-01.dmp
2017-12-01 23:05 - 2017-12-01 23:06 - 000000000 ____D C:\Users\42and_000\Desktop\twelve-monkeys-12-monkeys_english-1069349
2017-12-01 23:05 - 2017-12-01 23:05 - 000055268 _____ C:\Users\42and_000\Desktop\twelve-monkeys-12-monkeys_english-1069349.zip
2017-12-01 22:56 - 2017-12-01 22:56 - 000458300 _____ C:\WINDOWS\Minidump\120117-28078-02.dmp
2017-12-01 21:47 - 2017-12-01 21:48 - 000455508 _____ C:\WINDOWS\Minidump\120117-28062-01.dmp
2017-12-01 19:20 - 2017-12-04 16:09 - 1032995867 _____ C:\WINDOWS\MEMORY.DMP
2017-12-01 19:20 - 2017-12-01 19:22 - 000465244 _____ C:\WINDOWS\Minidump\120117-30390-01.dmp
2017-12-01 19:16 - 2017-12-02 01:35 - 000000000 ____D C:\Users\42and_000\Documents\CCleanerBackup
2017-12-01 17:51 - 2017-12-01 17:51 - 000000000 ____D C:\Users\42and_000\Desktop\twelve-monkeys-12-monkeys_english-1593661
2017-12-01 17:48 - 2017-12-01 17:48 - 000053731 _____ C:\Users\42and_000\Desktop\twelve-monkeys-12-monkeys_english-1593661.zip
2017-12-01 17:20 - 2017-12-04 00:37 - 003484072 _____ C:\WINDOWS\KeyHook64.dll
2017-12-01 16:04 - 2017-12-01 16:05 - 000000000 ____D C:\Users\42and_000\Desktop\DVD Files
2017-12-01 14:45 - 2017-12-01 14:45 - 000056824 ____H (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrxsmb22.sys
2017-12-01 11:18 - 2017-12-01 11:19 - 000000229 _____ C:\Users\42and_000\Documents\License1.reg
2017-12-01 11:17 - 2017-12-01 11:17 - 000000430 _____ C:\Users\42and_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2.lnk
2017-12-01 00:18 - 2017-12-03 02:14 - 000330704 _____ C:\Users\42and_000\Desktop\Twelve Monkeys.pptx
2017-11-30 00:38 - 2017-12-03 22:03 - 000000000 ____D C:\Users\42and_000\Desktop\New folder
2017-11-28 22:20 - 2017-12-01 16:05 - 000000000 ____D C:\Users\42and_000\Desktop\Song
2017-11-28 07:39 - 2017-11-28 07:39 - 000000000 ____D C:\Users\42and_000\Documents\MyHeritage
2017-11-28 07:39 - 2017-11-28 07:39 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\MyHeritage
2017-11-28 07:39 - 2017-11-28 07:39 - 000000000 ____D C:\ProgramData\MyHeritage
2017-11-28 00:58 - 2017-11-28 01:51 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\ImgBurn
2017-11-28 00:03 - 2017-11-28 01:14 - 000000000 ____D C:\Users\42and_000\Desktop\PS1
2017-11-27 22:16 - 2017-11-27 22:39 - 000000000 ____D C:\Users\42and_000\Desktop\PS2
2017-11-27 21:00 - 2017-11-27 21:00 - 000000000 ____D C:\Program Files (x86)\MSECache
2017-11-24 14:50 - 2017-11-24 14:50 - 000000000 ____D C:\Users\42and_000\AppData\Local\Fallout3
2017-11-23 22:04 - 2017-11-23 22:04 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-11-23 20:26 - 2017-11-23 20:26 - 000000000 ____D C:\Users\42and_000\Documents\Audacity
2017-11-23 20:10 - 2017-11-23 22:29 - 000001350 _____ C:\Users\42and_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\audacity.lnk
2017-11-23 19:53 - 2017-11-23 19:53 - 004979346 _____ C:\Users\42and_000\Desktop\Milky Chance - Stolen Dance (Album Version).m4a
2017-11-18 16:37 - 2017-11-18 16:37 - 000000000 ____D C:\Users\42and_000\Desktop\PRG007
2017-11-18 16:30 - 2017-11-18 16:34 - 000000000 ____D C:\Users\42and_000\Desktop\PRG006
2017-11-17 18:42 - 2017-11-17 18:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-17 18:42 - 2017-10-27 10:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-17 18:42 - 2017-09-13 17:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-17 18:42 - 2017-09-13 17:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-17 18:42 - 2017-09-13 17:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-17 18:42 - 2017-09-13 17:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-15 16:09 - 2017-11-15 16:09 - 000000000 ____D C:\Users\42and_000\AppData\LocalLow\YandereDev
2017-11-15 15:04 - 2017-11-15 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-14 15:29 - 2017-11-01 23:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 15:29 - 2017-11-01 22:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-14 15:29 - 2017-11-01 22:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 15:29 - 2017-11-01 22:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-14 15:29 - 2017-11-01 22:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 15:29 - 2017-11-01 22:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-14 15:29 - 2017-11-01 22:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-14 15:29 - 2017-11-01 22:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 15:29 - 2017-11-01 22:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-14 15:29 - 2017-11-01 22:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-14 15:29 - 2017-11-01 22:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-14 15:29 - 2017-11-01 22:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 15:29 - 2017-11-01 22:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-14 15:29 - 2017-11-01 22:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-14 15:29 - 2017-11-01 22:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-14 15:29 - 2017-11-01 22:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 15:29 - 2017-11-01 22:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-14 15:29 - 2017-11-01 22:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-14 15:29 - 2017-11-01 22:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-14 15:29 - 2017-11-01 22:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 15:29 - 2017-11-01 22:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-14 15:29 - 2017-11-01 22:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 15:29 - 2017-11-01 22:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 15:29 - 2017-11-01 22:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-14 15:29 - 2017-11-01 22:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-14 15:29 - 2017-11-01 22:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 15:29 - 2017-11-01 22:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-14 15:29 - 2017-11-01 22:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 15:29 - 2017-10-25 01:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 15:29 - 2017-10-15 09:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-14 15:29 - 2017-10-15 08:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-14 15:29 - 2017-10-15 08:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-14 15:29 - 2017-10-15 08:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-14 15:29 - 2017-10-15 08:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-14 15:29 - 2017-10-15 08:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-14 15:29 - 2017-10-15 08:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-14 15:29 - 2017-10-15 08:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-14 15:28 - 2017-11-01 23:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-14 15:28 - 2017-11-01 22:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-14 15:28 - 2017-11-01 22:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-14 15:28 - 2017-11-01 22:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-14 15:28 - 2017-11-01 22:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-14 15:28 - 2017-11-01 22:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-14 15:28 - 2017-11-01 22:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-14 15:28 - 2017-11-01 22:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-14 15:28 - 2017-11-01 22:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-14 15:28 - 2017-11-01 22:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 15:28 - 2017-11-01 22:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 15:28 - 2017-11-01 22:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 15:28 - 2017-11-01 22:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-14 15:28 - 2017-11-01 22:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-14 15:28 - 2017-11-01 22:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-14 15:28 - 2017-11-01 22:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 15:28 - 2017-11-01 22:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-14 15:28 - 2017-11-01 22:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-14 15:28 - 2017-11-01 22:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-14 15:28 - 2017-11-01 22:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-14 15:28 - 2017-11-01 22:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-14 15:28 - 2017-10-15 09:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-14 15:28 - 2017-10-15 09:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-14 15:28 - 2017-10-15 08:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-14 15:28 - 2017-10-15 08:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-14 15:28 - 2017-10-15 08:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-14 15:28 - 2017-10-15 08:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-14 15:25 - 2017-11-01 23:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-14 15:25 - 2017-11-01 22:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-14 15:25 - 2017-11-01 22:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-14 15:25 - 2017-11-01 22:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-14 15:25 - 2017-11-01 22:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-14 15:25 - 2017-11-01 22:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-14 15:25 - 2017-11-01 22:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 15:24 - 2017-11-01 23:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 15:24 - 2017-11-01 23:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 15:24 - 2017-11-01 23:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 15:24 - 2017-11-01 23:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-14 15:24 - 2017-11-01 23:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-14 15:24 - 2017-11-01 23:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-14 15:24 - 2017-11-01 23:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 15:24 - 2017-11-01 23:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-14 15:24 - 2017-11-01 22:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 15:24 - 2017-11-01 22:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-14 15:24 - 2017-11-01 22:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-14 15:24 - 2017-11-01 22:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-14 15:24 - 2017-11-01 22:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-14 15:24 - 2017-11-01 22:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-14 15:24 - 2017-11-01 22:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-14 15:24 - 2017-11-01 22:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-14 15:24 - 2017-11-01 22:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-14 15:24 - 2017-11-01 22:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 15:24 - 2017-11-01 22:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-14 15:24 - 2017-11-01 22:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-14 15:24 - 2017-11-01 22:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-14 15:24 - 2017-11-01 22:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-14 15:24 - 2017-11-01 22:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-14 15:24 - 2017-11-01 22:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-14 15:24 - 2017-11-01 22:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-14 15:24 - 2017-11-01 22:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-14 15:24 - 2017-11-01 22:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-14 15:24 - 2017-11-01 22:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-14 15:24 - 2017-11-01 22:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-14 15:24 - 2017-11-01 22:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-14 15:24 - 2017-11-01 22:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 15:24 - 2017-11-01 22:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-14 15:24 - 2017-11-01 22:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-14 15:24 - 2017-11-01 22:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-14 15:24 - 2017-11-01 22:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-14 15:24 - 2017-11-01 22:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 15:24 - 2017-11-01 22:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-14 15:24 - 2017-11-01 22:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-14 15:24 - 2017-11-01 22:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-14 15:24 - 2017-11-01 22:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-14 15:24 - 2017-11-01 22:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 15:24 - 2017-11-01 22:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 15:24 - 2017-11-01 22:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 15:24 - 2017-11-01 22:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-14 15:24 - 2017-11-01 22:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-14 15:24 - 2017-11-01 22:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 15:24 - 2017-11-01 22:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 15:24 - 2017-11-01 22:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 15:24 - 2017-10-15 08:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-14 15:24 - 2017-10-15 08:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-14 15:24 - 2017-10-15 08:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-14 15:24 - 2017-10-15 08:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-14 15:24 - 2017-10-15 08:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-14 15:24 - 2017-10-15 08:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-14 15:24 - 2017-10-15 08:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-14 15:24 - 2017-10-15 08:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-14 15:24 - 2017-10-15 08:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-14 15:24 - 2017-10-15 08:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-14 15:23 - 2017-11-01 23:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-14 15:23 - 2017-11-01 23:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-14 15:23 - 2017-11-01 23:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 15:23 - 2017-11-01 23:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-14 15:23 - 2017-11-01 23:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 15:23 - 2017-11-01 23:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-14 15:23 - 2017-11-01 23:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-14 15:23 - 2017-11-01 23:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 15:23 - 2017-11-01 23:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-14 15:23 - 2017-11-01 23:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-14 15:23 - 2017-11-01 23:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-14 15:23 - 2017-11-01 23:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-14 15:23 - 2017-11-01 23:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-14 15:23 - 2017-11-01 23:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-14 15:23 - 2017-11-01 23:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-14 15:23 - 2017-11-01 22:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 15:23 - 2017-11-01 22:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-14 15:23 - 2017-11-01 22:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-14 15:23 - 2017-11-01 22:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-14 15:23 - 2017-11-01 22:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-14 15:23 - 2017-11-01 22:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-14 15:23 - 2017-11-01 22:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 15:23 - 2017-11-01 22:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-14 15:23 - 2017-11-01 22:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-14 15:23 - 2017-11-01 22:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-14 15:23 - 2017-11-01 22:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 15:23 - 2017-11-01 22:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-14 15:23 - 2017-11-01 22:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-14 15:23 - 2017-11-01 22:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-14 15:23 - 2017-11-01 22:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-14 15:23 - 2017-11-01 22:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-14 15:23 - 2017-11-01 22:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-14 15:23 - 2017-11-01 22:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-14 15:23 - 2017-11-01 22:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 15:23 - 2017-11-01 22:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 15:23 - 2017-11-01 22:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-14 15:23 - 2017-11-01 22:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-14 15:23 - 2017-11-01 22:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 15:23 - 2017-11-01 22:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-14 15:23 - 2017-11-01 22:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-14 15:23 - 2017-11-01 22:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 15:23 - 2017-10-15 08:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-14 15:23 - 2017-10-15 08:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-14 15:23 - 2017-10-15 08:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-14 15:23 - 2017-10-15 08:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-14 15:23 - 2017-10-15 08:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-14 15:23 - 2017-10-15 08:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-14 15:23 - 2017-10-15 08:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 15:23 - 2017-10-15 08:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-14 15:22 - 2017-11-01 23:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-14 15:22 - 2017-11-01 23:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-14 15:22 - 2017-11-01 23:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 15:22 - 2017-11-01 23:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-14 15:22 - 2017-11-01 23:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-14 15:22 - 2017-11-01 23:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-14 15:22 - 2017-11-01 23:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-14 15:22 - 2017-11-01 23:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-14 15:22 - 2017-11-01 23:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-14 15:22 - 2017-11-01 23:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-14 15:22 - 2017-11-01 23:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-14 15:22 - 2017-11-01 23:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 15:22 - 2017-11-01 23:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-14 15:22 - 2017-11-01 23:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-14 15:22 - 2017-11-01 23:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-14 15:22 - 2017-11-01 23:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 15:22 - 2017-11-01 23:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-14 15:22 - 2017-11-01 23:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 15:22 - 2017-11-01 23:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-14 15:22 - 2017-11-01 23:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 15:22 - 2017-11-01 22:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-14 15:22 - 2017-11-01 22:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-14 15:22 - 2017-11-01 22:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-14 15:22 - 2017-11-01 22:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-14 15:22 - 2017-11-01 22:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-14 15:22 - 2017-10-15 08:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-14 15:22 - 2017-10-15 08:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-14 15:22 - 2017-10-15 08:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-14 15:22 - 2017-10-15 08:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-13 16:33 - 2017-11-13 16:33 - 000000000 ____D C:\Users\Isaac 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-13 16:32 - 2017-11-13 16:32 - 000000000 ____D C:\Users\Isaac 2\AppData\Roaming\WinRAR
2017-11-13 16:11 - 2017-03-18 14:57 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\setth.exe
2017-11-13 16:06 - 2017-03-18 14:57 - 000273920 _____ (Microsoft Corporation) C:\sethc.exe
2017-11-13 11:14 - 2017-11-13 11:14 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1114006664-966733769-2668947745-1059
2017-11-13 11:08 - 2017-11-13 11:10 - 000000000 ____D C:\Users\Isaac 2\AppData\Local\NVIDIA Corporation
2017-11-13 11:08 - 2017-11-13 11:08 - 000000000 ____D C:\Users\Isaac 2\AppData\Local\CEF
2017-11-13 11:07 - 2017-11-13 11:07 - 000000000 ____D C:\Users\Isaac 2\AppData\Local\ConnectedDevicesPlatform
2017-11-13 11:06 - 2017-11-13 11:06 - 000000020 ___SH C:\Users\Isaac 2\ntuser.ini
2017-11-13 04:26 - 2017-11-13 04:26 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-13 04:26 - 2017-11-13 04:26 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-13 04:26 - 2017-11-13 04:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-13 04:26 - 2017-11-13 04:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-11-12 18:31 - 2016-03-31 16:34 - 000584192 _____ C:\WINDOWS\system32\Hyperspace.scr
2017-11-09 04:40 - 2017-11-09 04:40 - 036248176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 029279672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 000624240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000989808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000940984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000514672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000054192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001108408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001039800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000748144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000607160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 040246384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 035165624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 004210288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 003623024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 023474480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 019212720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 013379352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 010986768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 000633256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 001154296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000902312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000810304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 013994136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 011891200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001351792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001342008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001062920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001056720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 000648728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-04 16:15 - 2017-06-28 04:36 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-04 16:10 - 2017-06-28 04:38 - 000000000 ____D C:\Users\42and_000
2017-12-04 16:09 - 2017-08-01 11:28 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-04 16:09 - 2017-06-28 05:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-04 16:02 - 2017-06-28 04:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-04 11:47 - 2017-03-18 05:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-04 05:21 - 2013-10-21 13:15 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-04 02:22 - 2017-06-17 16:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-12-04 02:20 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-04 02:06 - 2013-09-03 17:26 - 000000000 ____D C:\Users\42and_000\AppData\Local\ElevatedDiagnostics
2017-12-04 01:56 - 2014-10-10 22:50 - 000000000 ____D C:\Users\42and_000\Downloads\bt
2017-12-04 01:23 - 2016-07-11 14:57 - 000000000 ____D C:\Users\42and_000\AppData\Local\CrashDumps
2017-12-03 23:56 - 2013-07-11 01:26 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\vlc
2017-12-03 22:00 - 2014-12-12 00:42 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-03 15:42 - 2015-04-11 13:51 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\dvdcss
2017-12-03 05:47 - 2017-03-18 15:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-02 22:29 - 2015-06-15 10:16 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-02 12:17 - 2013-10-06 21:52 - 000000000 ____D C:\Program Files (x86)\Activision
2017-12-02 04:10 - 2017-06-28 04:38 - 000000000 ____D C:\Users\Isaac 2
2017-12-02 02:18 - 2013-11-05 18:56 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-02 01:18 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-02 01:11 - 2017-02-01 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-12-02 01:11 - 2016-11-17 15:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-02 01:11 - 2015-02-13 23:26 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-12-02 01:11 - 2015-02-13 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-02 01:11 - 2013-10-01 21:26 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-01 18:58 - 2017-06-18 22:17 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-01 18:58 - 2016-03-01 06:28 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\TeamViewer
2017-12-01 18:35 - 2016-08-17 21:58 - 000000000 ____D C:\Program Files (x86)\Tor Browser
2017-12-01 15:58 - 2013-10-21 13:17 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151216560535904
2017-12-01 13:36 - 2013-07-22 23:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2017-12-01 00:25 - 2013-07-09 16:54 - 000000000 ____D C:\Users\42and_000\AppData\Local\Packages
2017-12-01 00:14 - 2013-08-26 21:13 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-30 16:21 - 2017-10-27 19:02 - 000000000 ____D C:\Users\42and_000\Desktop\Discovery
2017-11-30 16:10 - 2013-07-13 21:32 - 000000000 ____D C:\Users\42and_000\AppData\Roaming\Audacity
2017-11-28 22:21 - 2017-06-28 04:59 - 000005858 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-28 11:38 - 2017-10-11 21:05 - 000000000 ____D C:\Users\42and_000\Desktop\Teya
2017-11-24 14:50 - 2013-07-09 23:30 - 000000000 ____D C:\Users\42and_000\Documents\My Games
2017-11-24 14:38 - 2017-03-01 12:56 - 000000000 ____D C:\Users\42and_000\Desktop\For School
2017-11-23 22:31 - 2017-09-13 01:49 - 000000000 ____D C:\Program Files (x86)\Audacity 2.1.3
2017-11-23 22:05 - 2017-06-28 04:36 - 000849474 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2017-11-23 22:05 - 2017-06-28 04:36 - 000165026 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2017-11-23 22:05 - 2017-06-28 04:36 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2017-11-23 22:05 - 2017-06-28 04:36 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2017-11-23 22:04 - 2017-06-28 04:35 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-23 21:39 - 2014-09-06 15:26 - 000000000 ____D C:\Users\42and_000\Documents\Bandicam
2017-11-23 18:18 - 2017-10-08 20:49 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1507517389
2017-11-23 18:18 - 2017-10-08 20:49 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-11-23 18:18 - 2017-10-08 20:49 - 000000000 ____D C:\Program Files\Opera
2017-11-21 21:47 - 2013-08-10 21:43 - 000029696 _____ C:\Users\42and_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-20 21:30 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-20 20:52 - 2017-10-13 19:39 - 000000000 ____D C:\Users\42and_000\Downloads\TVM_ASTER
2017-11-17 23:08 - 2016-04-15 15:29 - 000000000 ____D C:\Users\42and_000\AppData\Local\NVIDIA
2017-11-17 18:43 - 2017-06-28 04:36 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-17 18:43 - 2016-09-09 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-17 18:40 - 2017-06-28 04:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-17 18:40 - 2017-06-28 04:36 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-17 07:33 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-16 21:46 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-15 23:39 - 2017-06-28 05:04 - 000004552 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-15 23:39 - 2017-06-28 05:04 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-15 23:39 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 23:39 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 15:05 - 2015-06-15 09:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-14 17:52 - 2016-02-13 07:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-14 17:49 - 2017-06-28 04:32 - 005046048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 17:46 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 17:46 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-14 17:46 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-14 17:46 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-14 17:46 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-14 15:44 - 2013-08-13 16:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-14 15:36 - 2017-10-10 23:26 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 15:36 - 2013-07-10 13:49 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-14 04:18 - 2014-11-21 18:50 - 000000000 ____D C:\ProgramData\Skype
2017-11-13 20:05 - 2017-10-17 13:23 - 000023112 ____H C:\Users\42and_000\Desktop\~WRL2176.tmp
2017-11-13 16:33 - 2013-07-24 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-13 16:32 - 2016-04-18 10:26 - 000000000 ____D C:\Users\Isaac 2\AppData\Local\Packages
2017-11-13 16:08 - 2016-04-18 16:20 - 000000000 ____D C:\Users\Isaac 2\AppData\Local\MicrosoftEdge
2017-11-13 16:02 - 2017-06-28 05:04 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 16:02 - 2017-06-28 05:04 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 11:25 - 2017-03-18 15:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-13 11:25 - 2017-03-18 15:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-11-13 11:14 - 2016-04-18 10:29 - 000002371 _____ C:\Users\Isaac 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-13 11:14 - 2016-04-18 10:29 - 000000000 ___RD C:\Users\Isaac 2\OneDrive
2017-11-13 11:12 - 2016-04-18 10:28 - 000000000 ____D C:\Users\Isaac 2\AppData\Local\Dropbox
2017-11-13 10:59 - 2016-09-09 23:24 - 000000390 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2017-11-13 10:59 - 2015-06-15 09:12 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-11-13 10:59 - 2015-06-15 09:12 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-11-13 10:59 - 2013-07-09 17:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-12 14:11 - 2017-10-17 23:42 - 000002588 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-11-12 14:11 - 2017-10-10 23:06 - 000003306 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1507698360
2017-11-12 14:11 - 2017-10-10 23:03 - 000003316 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1507698212
2017-11-12 14:11 - 2017-09-13 21:07 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-07-27 04:05 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1114006664-966733769-2668947745-1002
2017-11-12 14:11 - 2017-06-28 05:04 - 000003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-11-12 14:11 - 2017-06-28 05:04 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-06-28 05:04 - 000003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-11-12 14:11 - 2017-06-28 05:04 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1114006664-966733769-2668947745-1050
2017-11-12 14:11 - 2017-06-28 05:04 - 000002748 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1114006664-966733769-2668947745-500
2017-11-12 14:11 - 2017-06-28 05:04 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002596 _____ C:\WINDOWS\System32\Tasks\[email protected]
2017-11-12 14:11 - 2017-06-28 05:04 - 000002494 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2017-11-12 14:11 - 2017-06-28 05:04 - 000002400 _____ C:\WINDOWS\System32\Tasks\DriverToolkit Autorun
2017-11-12 14:11 - 2017-06-28 05:04 - 000002180 _____ C:\WINDOWS\System32\Tasks\{B0CD8B6F-6242-43D3-8875-B546A801F713}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002180 _____ C:\WINDOWS\System32\Tasks\{0E90B821-61CF-4670-B84D-0AD0BDC1E354}
2017-11-12 14:11 - 2017-06-28 05:04 - 000002080 _____ C:\WINDOWS\System32\Tasks\{C8BB1D76-9B82-4AC8-8899-C452752EC81E}
2017-11-12 14:11 - 2017-06-28 05:04 - 000001974 _____ C:\WINDOWS\System32\Tasks\{D2E90D36-A223-43D2-BF72-013B3FDEDF37}
2017-11-12 14:11 - 2017-06-28 05:04 - 000001970 _____ C:\WINDOWS\System32\Tasks\{E26D4F8A-B245-4074-B0D7-45E249850A55}
2017-11-11 03:58 - 2016-12-07 18:13 - 000000000 ____D C:\Users\42and_000\AppData\LocalLow\Mozilla
2017-11-11 03:35 - 2013-07-22 14:39 - 000000000 ____D C:\Users\42and_000\AppData\Local\WMTools Downloaded Files
2017-11-09 04:38 - 2017-05-19 17:03 - 001624168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2017-05-19 17:03 - 000233904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-11-09 04:25 - 2017-05-19 16:47 - 004533184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-09 04:25 - 2017-05-19 16:47 - 003859848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-09 03:57 - 2017-05-19 13:22 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-04 19:40 - 2017-03-18 15:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 19:40 - 2017-03-18 15:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-12-15 04:47 - 2013-12-15 04:45 - 004804670 _____ (tk102) C:\Program Files (x86)\kse_333.exe
2015-02-27 23:44 - 2011-07-27 03:40 - 005512538 _____ () C:\Program Files (x86)\Photobooth.exe
2013-11-13 21:54 - 2014-01-07 05:33 - 000000568 _____ () C:\Users\42and_000\AppData\Roaming\AutoGK.ini
2014-09-06 15:22 - 2014-09-06 15:22 - 000000057 _____ () C:\Users\42and_000\AppData\Roaming\Camdata.ini
2014-09-06 15:22 - 2014-09-06 15:22 - 000000408 _____ () C:\Users\42and_000\AppData\Roaming\CamLayout.ini
2014-09-06 15:22 - 2014-09-06 15:22 - 000000408 _____ () C:\Users\42and_000\AppData\Roaming\CamShapes.ini
2014-09-06 14:19 - 2014-09-06 15:22 - 000004534 _____ () C:\Users\42and_000\AppData\Roaming\CamStudio.cfg
2014-09-06 15:19 - 2014-09-06 15:19 - 000000098 _____ () C:\Users\42and_000\AppData\Roaming\CamStudio.Producer.command
2014-09-06 15:20 - 2014-09-06 15:20 - 000000000 _____ () C:\Users\42and_000\AppData\Roaming\CamStudio.Producer.Data.ini
2014-09-06 15:20 - 2014-09-06 15:20 - 000001206 _____ () C:\Users\42and_000\AppData\Roaming\CamStudio.Producer.ini
2016-04-30 17:09 - 2016-04-30 17:10 - 000276306 _____ () C:\Users\42and_000\AppData\Roaming\File.jar
2014-12-16 15:49 - 2014-12-19 00:31 - 000000143 _____ () C:\Users\42and_000\AppData\Roaming\mbam.context.scan
2014-09-06 14:18 - 2014-09-06 15:17 - 000000096 _____ () C:\Users\42and_000\AppData\Roaming\version2.xml
2013-08-10 21:43 - 2017-11-21 21:47 - 000029696 _____ () C:\Users\42and_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-04 10:32 - 2014-05-26 22:39 - 000056472 _____ (Microsoft Corporation) C:\Users\42and_000\AppData\Local\Microsoft.exe
 
Some files in TEMP:
====================
2017-12-01 01:08 - 2003-08-27 02:47 - 000286720 _____ (Electronic Arts, Inc.) C:\Users\42and_000\AppData\Local\Temp\eauninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-28 08:07
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Isaac (04-12-2017 16:22:26)
Running from C:\Users\42and_000\AppData\Local\Temp\scoped_dir7484_27194
Windows 10 Home Version 1703 15063.726 (X64) (2017-06-28 11:16:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1114006664-966733769-2668947745-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1114006664-966733769-2668947745-1060 - Limited - Enabled)
DefaultAccount (S-1-5-21-1114006664-966733769-2668947745-503 - Limited - Disabled)
Guest (S-1-5-21-1114006664-966733769-2668947745-501 - Limited - Enabled)
Isaac (S-1-5-21-1114006664-966733769-2668947745-1002 - Administrator - Enabled) => C:\Users\42and_000
Isaac 2 (S-1-5-21-1114006664-966733769-2668947745-1059 - Administrator - Enabled) => C:\Users\Isaac 2
UpdatusUser (S-1-5-21-1114006664-966733769-2668947745-1048 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Reflector Desktop (HKLM-x32\...\{067796E0-7973-4882-BB41-FE94453D4CAA}) (Version: 8.2.0.7 - Red Gate Software Ltd)
[MH] Star Wars Rogue Squadron 3D (HKLM-x32\...\{133DAA85-9CAC-4102-A33B-21701368DD4A}) (Version: 1.3 - Maverick Hunters)
1.0.2 (HKLM-x32\...\{18C94B21-9C7B-11D0-933A-00608CEA7318}_is1) (Version: 1.0.2 - microprose)
7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Active@ File Recovery 15 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 15 - LSoft Technologies Inc)
Adobe After Effects CS5.5 (HKLM-x32\...\{E82097B9-A3B8-404A-9A92-AC16A8AC9576}) (Version: 10.5 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Any Video Converter Professional 5.0.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed ® III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
ASTER-V7 (HKLM\...\{FAE1618B-B66C-48B4-B183-7553B9FB0B38}) (Version: 1.0.0 - IBIK)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0 - shockingsoft.com)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
avast! Ad Blocker (HKLM-x32\...\{021C6667-63D3-4416-B537-865E77F4DF4F}) (Version: 1.0.0.0 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.2.1195 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
BC-Mod Installer .NET - FINAL Version (HKLM-x32\...\BC-Mod Installer .NET) (Version:  - )
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.12.3 - Bethesda Softworks)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Convergence (HKLM-x32\...\Convergence) (Version:  - )
Creation Kit: Skyrim (HKLM-x32\...\Creation Kit: Skyrim) (Version:  - Bethesda Softworks)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Converter 2.1 (HKLM-x32\...\DDS Converter 2.1) (Version:  - )
Deep Space Nine  The Fallen (HKLM-x32\...\{783E0AD7-C128-4398-9F74-99D3EFF2875D}) (Version:  - )
Defcon v1.43 en-AU rtl (HKLM-x32\...\Defcon_is1) (Version:  - Introversion Software Ltd)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Discord (HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Empire at War Forces of Corruption Mappack 7.00  (HKLM-x32\...\Empire at War Forces of Corruption Mappack) (Version: 7.00 - Petroglyph Games Inc.)
ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
File Scavenger 3.2 (en) (HKLM-x32\...\QueTek File Scavenger 3.2 (en)) (Version: 3.2.24.0 - QueTek Consulting Corporation)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fleet Operations version 3.2.7 (HKLM-x32\...\{F00C56DC-3121-42BC-A4CB-9233D2265EB5}_is1) (Version: 3.2.7 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.0 - Ellora Assets Corporation)
GameRanger (HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\GameRanger) (Version:  - GameRanger Technologies)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
GtkRadiant-1.4.0  (HKLM-x32\...\{F3AE7331-7851-424E-BFD5-B46E8DA3F0D6}) (Version:  - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 10.0.0 - JPEXS)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)
Macromedia Flash 5 (HKLM-x32\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Digital Image Library 9 (HKLM-x32\...\PictureIt_POD_v9) (Version: 9.00.0000 - Microsoft Corporation)
Microsoft Digital Image Pro 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1114006664-966733769-2668947745-1059\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKVToolNix 6.5.0 (HKLM-x32\...\MKVToolNix) (Version: 6.5.0 - Moritz Bunkus)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MultitrackStudio Lite 8.3.1 (64-bit) (HKLM\...\MultitrackStudio64_is1) (Version:  - Bremmers Audio Design)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6280.92 - PC-Doctor, Inc.)
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.12 - Black Tree Gaming)
nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
Opera Stable 49.0.2725.47 (HKLM-x32\...\Opera 49.0.2725.47) (Version: 49.0.2725.47 - Opera Software)
Oracle VM VirtualBox 5.1.28 (HKLM\...\{11BAF690-37C7-4A56-B518-3696BD15592F}) (Version: 5.1.28 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.3.59240 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Personal Renamer (HKLM-x32\...\{D29BA5EE-70F9-475E-9B32-A1091716E271}) (Version: 3.0 - Balisteor)
PEXD (HKLM-x32\...\{39AB5850-7045-4A73-BE59-75E35ECE8667}) (Version: 1.0.0 - None provided)
PowerDirector (HKLM\...\{2599B6F1-92AC-472C-BE60-9F17565E4938}) (Version: 11.0 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QMP3Gain 0.9.0 (HKLM-x32\...\QMP3Gain) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Ron's Editor (Remove Only) (HKLM-x32\...\Ron's Editor_is1) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
SketchUp 2013 (HKLM-x32\...\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}) (Version: 13.0.3689 - Trimble Navigation Limited)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.5 - SourceTec Software Co., LTD)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Spotify (HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Star Trek (HKLM-x32\...\Star Trek_is1) (Version:  - Namco Bandai)
Star Trek Armada II (HKLM-x32\...\Star Trek Armada II) (Version:  - )
Star Trek Bridge Commander (HKLM-x32\...\Bridge Commander) (Version:  - )
Star Trek Legacy (HKLM-x32\...\{287A4E96-AC57-4A19-9B51-C5EED2EAB382}) (Version: 1.00.0000 - Bethesda Softworks)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Star Trek Starfleet Command III (HKLM-x32\...\Star Trek Starfleet Command III) (Version:  - )
Star Trek Voyager Elite Force (HKLM-x32\...\Star Trek Voyager Elite Force) (Version:  - )
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II Mod Tools (HKLM-x32\...\{F7D0A1C2-9CBA-4207-8138-DE9DDBFCFAA3}) (Version: 1.0 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
Star Wars JK II Jedi Outcast (HKLM-x32\...\{8681B1E6-CD96-46EF-9065-CE0D1085ED99}) (Version: 1.0 - LucasArts)
Star Wars Knights of the Old Republic (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: 1.0 - LucasArts)
Star Wars Movie Duels - Version 1.01 (HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\Star Wars Movie Duels - Version 1.01) (Version:  - )
Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - LucasArts)
Star Wars Starfighter (HKLM-x32\...\{0C321D1F-2262-42C2-94C5-5E5765507C72}) (Version:  - )
Star Wars X-Wing Alliance (HKLM-x32\...\{7AD8FE70-1A35-492C-9AA8-E9F9C1833040}) (Version: 1.0.0.0 - LucasArts, Totally Games)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Star Wars: The Force Unleashed 2 (HKLM-x32\...\Star Wars: The Force Unleashed 2_is1) (Version: 1.0 - LucasArts)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
STARWARS: The Battle of Endor version 2.1 (HKLM-x32\...\STARWARS: The Battle of Endor v2.1_is1) (Version:  - Bruno R. Marcos)
STARWARS: The Battle of Yavin version 1.1 (HKLM-x32\...\STARWARS: The Battle of Yavin v1.1_is1) (Version:  - Bruno R. Marcos)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Edit 3.3.9 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.9.2149 - Nikse)
Subtitle Workshop 6.0a (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
SWiX 1.3.0.1927 (HKLM-x32\...\SWiX_is1) (Version: 1.3.0.1927 - RichMedia Lab, Inc.)
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.5 - Synthesia LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Total War Shogun 2 Complete Edition version 1.1.0.0 (HKLM-x32\...\Total War Shogun 2 Complete Edition_is1) (Version: 1.1.0.0 - Sega)
ULTIMATE UNIVERSE 1.0 FULL VERSION (HKLM-x32\...\ULTIMATE UNIVERSE 1.0 FULL VERSION) (Version:  - )
Unity (HKLM-x32\...\Unity) (Version: 2017.1.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
Yamaha USB-MIDI Driver (HKLM\...\{18369253-E53F-4A47-818E-082DFB950872}) (Version: 3.1.2.3 - Yamaha Corporation) Hidden
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{18369253-E53F-4A47-818E-082DFB950872}) (Version: 3.1.2.3 - Yamaha Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-04] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-04] (AVAST Software)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-04] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {031E77E5-51E3-4DFA-AF5F-3550AD4840AE} - System32\Tasks\Opera scheduled Autoupdate 1507698360 => C:\Program Files\Opera beta\launcher.exe
Task: {07171B10-D1E6-472F-8475-9539C99E497C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {07D5EE9A-F01B-44C5-AA3D-1E59D8AA85CA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {0AE3CB06-6331-4DAB-9793-221C55A114B1} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-12-13] ()
Task: {2E881B29-E67E-4D8D-9E01-D0DFC312A421} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {33C3EB86-27D1-4D85-BD42-C231E99577E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {40D21A79-C11E-4F7B-80D0-D8D9BCA5062B} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {5C1430C3-D2F4-480E-84B3-206481069B30} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {5CCA4E72-0DAC-4C40-846D-29C544971932} - System32\Tasks\{B0CD8B6F-6242-43D3-8875-B546A801F713} => C:\WINDOWS\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {5EAB3088-4D48-43DD-9DBD-B5EEDF0D3FDC} - System32\Tasks\Opera scheduled Autoupdate 1507698212 => C:\Program Files\Opera developer\launcher.exe
Task: {5FDCB577-9F41-4C6D-B927-DF815110B812} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6A57B288-9695-4E49-AFA6-C336588D0A65} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {79CCE00C-3A8C-4CFB-9DB3-C28D42FEDF9B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-09-19] (NVIDIA Corporation)
Task: {7D65D85E-4861-423C-8501-286ADCD1EFD7} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {7FE35BCB-262B-4E1D-B861-4F3D4F94039C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-04] (AVAST Software)
Task: {85EDB8AD-49DB-49AF-B610-3C104BAC37B2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {8CEB30CB-96BF-49B0-8231-0C84DDB3A6CB} - System32\Tasks\{0E90B821-61CF-4670-B84D-0AD0BDC1E354} => C:\WINDOWS\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {8DC5C602-E970-4C17-A7F3-072B572EAD01} - System32\Tasks\{E26D4F8A-B245-4074-B0D7-45E249850A55} => C:\windows\system32\pcalua.exe -a L:\Setup.exe -d L:\
Task: {97DF9ADE-5DEA-4343-A9DD-0E9E625D1474} - System32\Tasks\{D2E90D36-A223-43D2-BF72-013B3FDEDF37} => C:\windows\system32\pcalua.exe -a N:\AUTORUN.EXE -d N:\
Task: {9FF85301-1228-4040-8E2A-6E4E47EF7B4B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-09-19] (NVIDIA Corporation)
Task: {A24F09FC-748C-46EF-8F44-E5F18FDD20CF} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1114006664-966733769-2668947745-1002
Task: {AA9E4978-E117-4CE6-B162-57A4F255E5A0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-09-19] (NVIDIA Corporation)
Task: {AB66A1FD-DBC7-4B13-A172-FC3D8157703E} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {AF7C9642-6538-4E8D-9993-EB76F0C3CF77} - System32\Tasks\{C8BB1D76-9B82-4AC8-8899-C452752EC81E} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\42and_000\Desktop\ACB\SETUP.EXE -d C:\Users\42and_000\Desktop\ACB
Task: {C4125301-97C7-4D2E-9E2F-B1CD6CC6C420} - System32\Tasks\Opera scheduled Autoupdate 1507517389 => C:\Program Files\Opera\launcher.exe [2017-11-23] (Opera Software)
Task: {D08D5466-46B4-4626-9FC2-62916FFD45F2} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {D4ABA7B0-7F5F-4E60-B594-6BD305CBA834} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DA0B26F9-7B18-4F9C-9809-DD255709AB71} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E0F979F7-A34A-42B0-86CE-3918EE0B1621} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-14] (Microsoft Corporation)
Task: {E56F63D1-DAB8-47F5-AAE1-D7B8030A9254} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {E6E5D858-7D5C-4087-8E6F-AD3374AD88AD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {EAA72F0D-2F61-44D2-81CC-639887CAA2CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {FDD1D40E-E731-40C9-A430-F4FBF2239F4F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 14:58 - 2017-03-18 14:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-01-13 12:56 - 2017-01-13 12:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-09 09:27 - 2017-09-19 01:23 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-11-06 17:03 - 2012-09-11 23:14 - 000390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-18 14:59 - 2017-03-18 20:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-30 11:58 - 2017-11-30 11:59 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 11:58 - 2017-11-30 11:59 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 11:58 - 2017-11-30 11:59 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 11:58 - 2017-11-30 11:59 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-23 18:18 - 2017-11-23 18:18 - 102314792 _____ () C:\Program Files\Opera\49.0.2725.47\opera_browser.dll
2017-11-23 18:18 - 2017-11-23 18:18 - 004328744 _____ () C:\Program Files\Opera\49.0.2725.47\libglesv2.dll
2017-11-23 18:18 - 2017-11-23 18:18 - 000109352 _____ () C:\Program Files\Opera\49.0.2725.47\libegl.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000059040 _____ () c:\program files\avast software\avast\module_lifetime.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000167096 _____ () c:\program files\avast software\avast\JsonRpcServer.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000237808 _____ () c:\program files\avast software\avast\event_routing_rpc.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000244584 _____ () c:\program files\avast software\avast\tasks_core.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000151104 _____ () c:\program files\avast software\avast\network_notifications.dll
2017-12-04 06:44 - 2017-12-04 06:44 - 005892848 _____ () c:\program files\avast software\avast\defs\17120402\algo.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000710056 _____ () c:\program files\avast software\avast\ffl2.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000245608 _____ () c:\program files\avast software\avast\streamback.dll
2017-12-04 02:21 - 2017-12-04 02:21 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-04 02:20 - 2017-12-04 02:20 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-09-09 09:27 - 2017-09-19 01:23 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\42and_000\10330385_237685733099680_313928488603830953_n.jpg:com.dropbox.attributes [420]
AlternateDataStreams: C:\Users\42and_000\Desktop\20938980_1456695624423251_131122973_n2.jpg:SummaryInformation [151]
AlternateDataStreams: C:\Users\42and_000\Desktop\20938980_1456695624423251_131122973_n2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\42and_000\Desktop\23030585_358391741282334_451577503_o.png:SummaryInformation [151]
AlternateDataStreams: C:\Users\42and_000\Desktop\23030585_358391741282334_451577503_o.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\42and_000\Desktop\23030585_358391741282334_451577503_o2.jpg:SummaryInformation [151]
AlternateDataStreams: C:\Users\42and_000\Desktop\23030585_358391741282334_451577503_o2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\42and_000\Desktop\23030585_358391741282334_451577503_o2.png:SummaryInformation [151]
AlternateDataStreams: C:\Users\42and_000\Desktop\23030585_358391741282334_451577503_o2.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\42and_000\Desktop\3UXLAel6.png:SummaryInformation [151]
AlternateDataStreams: C:\Users\42and_000\Desktop\3UXLAel6.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\42and_000\Desktop\Kano.Shuuya.full.1657364.jpg:SummaryInformation [151]
AlternateDataStreams: C:\Users\42and_000\Desktop\Kano.Shuuya.full.1657364.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\42and_000\AppData\Local\502bQYMSiDBnU:P7lrltusurS8nfBeuJPJ2 [2082]
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7 [135]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57912081.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57912081.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\Software\Classes\exefile:  <==== ATTENTION
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\Software\Classes\.exe: exefile =>  <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\radicalplay.com -> radicalplay.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2017-09-28 16:02 - 000000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\42and_000\Desktop\3UXLAel6.png
HKU\S-1-5-21-1114006664-966733769-2668947745-1059\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1114006664-966733769-2668947745-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{31944E41-46E3-4CD0-B630-4B2E01A5FECF}C:\program files (x86)\defcon\defcon.exe] => (Allow) C:\program files (x86)\defcon\defcon.exe
FirewallRules: [TCP Query User{80011CF7-CF83-4940-823B-21D17276A3AB}C:\program files (x86)\defcon\defcon.exe] => (Allow) C:\program files (x86)\defcon\defcon.exe
FirewallRules: [{89AF760E-B11B-47E0-991A-89F01C0B2287}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B7258AEE-7B42-461C-8A18-238E5923300B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0912EBEF-F88C-4375-9D93-E78653A9F81F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{728E53FA-11A8-49AE-AACA-F10777139516}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{1CA73DA3-8715-4AE2-B620-9F129C3BE01B}C:\program files (x86)\the elder scrolls v skyrim special edition\creationkit.exe] => (Allow) C:\program files (x86)\the elder scrolls v skyrim special edition\creationkit.exe
FirewallRules: [TCP Query User{68BB0F8D-2A8F-4694-9D25-D3C458B8FE25}C:\program files (x86)\the elder scrolls v skyrim special edition\creationkit.exe] => (Allow) C:\program files (x86)\the elder scrolls v skyrim special edition\creationkit.exe
FirewallRules: [{D4B0F2F6-4405-4209-B06D-866C256C0FDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7B714758-26F7-4C7E-85AE-73650BA7B86F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B0997905-728A-4A6E-A75F-7D87D8DCC8FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4F94FDB1-B2B8-413C-A922-1EF4E1DD1D83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{48BB4C40-A85F-4C3C-A1EA-7CABD396A928}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{311097BA-E2FE-4324-A35D-6128FDEBCB23}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{3281A46C-9F1A-43D0-9F39-924C3AA8076C}C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe] => (Allow) C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe
FirewallRules: [TCP Query User{0AB5D140-8A4A-4CFF-B4CA-1EFA4158F872}C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe] => (Allow) C:\program files (x86)\the elder scrolls v skyrim\creationkit.exe
FirewallRules: [UDP Query User{BF694BDD-9F45-44FA-BAF5-42B9CB680DCF}C:\program files (x86)\sega\total war shogun 2 complete edition\shogun2.exe] => (Allow) C:\program files (x86)\sega\total war shogun 2 complete edition\shogun2.exe
FirewallRules: [TCP Query User{A2E65622-971B-47DB-85A2-1C85256D1CE4}C:\program files (x86)\sega\total war shogun 2 complete edition\shogun2.exe] => (Allow) C:\program files (x86)\sega\total war shogun 2 complete edition\shogun2.exe
FirewallRules: [UDP Query User{A9B0FBC1-3F9D-4A06-967D-DC979CB0B569}C:\users\42and_000\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\42and_000\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{9606BCF1-DAFE-4796-AC0A-366DF96DE6A0}C:\users\42and_000\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\42and_000\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{0096EFC7-C422-4AF1-8F43-2718761267BA}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{32F39DE5-AAF6-4A03-BAA4-080B1DE28222}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{B506CAC2-510D-46CA-BDD3-C64926E188B8}] => (Allow) %ProgramFiles% (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1sp.exe
FirewallRules: [{824562AA-97E9-4A25-9245-63F4FB3D4D16}] => (Allow) %ProgramFiles% (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe
FirewallRules: [{AAAF1CF7-6E78-4723-B619-048FF42568E8}] => (Allow) %ProgramFiles% (x86)\Microsoft Games\Age of Empires II\empires2.EXE
FirewallRules: [{4C7975D4-3F91-4FF1-ADF2-EEC16FA809E7}] => (Allow) %ProgramFiles% (x86)\Microsoft Games\Age of Empires II\empires2.EXE
FirewallRules: [UDP Query User{5A4CB663-EFB1-4721-A801-344105973368}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{CD55A054-57B5-4F5A-8A4E-6050636C33C2}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [{4AC1ECC8-C9D5-4A65-8D2C-467B891DD49A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{344E8CFE-14F2-4642-9E29-E071CEE9DA1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{AA481A76-140F-447F-8A08-F1A26E44FDB2}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{419711D2-0DEA-4B6A-B019-E6BCCB896590}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{5A8ECBED-9B8D-4891-9433-076AB2CCAFB1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8488FCF4-3D59-463E-A964-CA27B8696D42}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5B6A8D6D-AD7C-485E-AF7F-9A71F56E9A1B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{25D54588-647C-4A2B-8239-B929FA33BE54}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{488B6A5C-4980-4B45-803E-9DD7E87A6126}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{31873E7E-73A6-4D32-96D0-DEE78457E3DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{1E45D5E4-04D2-45D2-8980-6EA01642F7DB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9C0E3D3E-D2AF-4D0B-9364-24D3BFFE714E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{49DC6ABB-BDE0-4A04-B98B-2F4DCCCC7A55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F44BB509-211D-456A-B8D9-55D3FF18A825}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{A6A2566A-1B4E-41EE-B018-468358969B97}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{866FFF0C-8B42-4DE8-BBE9-176C9DCA4F0C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{71F62694-A889-46D0-A446-1628A33FEBD7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{02F55BC1-6986-4BFD-BD6F-FF9875B96030}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{978F2293-0C11-4003-A94D-77F1ED02AAD2}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe
FirewallRules: [TCP Query User{3F0BE251-1926-4E46-9F99-7C48FDA406B5}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe
FirewallRules: [UDP Query User{AA645256-EE1C-4EF9-AB0E-FDFF26C935F5}C:\program files (x86)\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe] => (Allow) C:\program files (x86)\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe
FirewallRules: [TCP Query User{2A36AA44-0689-4E25-AC78-B1FA9166604D}C:\program files (x86)\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe] => (Allow) C:\program files (x86)\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe
FirewallRules: [{01B441D5-DE3C-42F9-9DE4-009A9EEB705D}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{F0CC5957-4D9A-4AB4-9CB7-77816713C086}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{13534C15-2F5E-4B44-9A64-2858A2A94BC8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{63C0FCE2-80C4-419C-B7A9-D921EED35161}] => (Allow) LPort=2869
FirewallRules: [{482689C2-CB09-4082-9C7D-D8DF9469765F}] => (Allow) LPort=1900
FirewallRules: [{669461A9-A60E-438E-B8ED-972C1B0C8F5A}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{BDF0A02C-A0F2-4E85-A0BC-8856D25A9583}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{3BFC1EE3-BDE1-438E-AA08-972214ACBDBD}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{62F9CB89-0417-4C2A-AE23-70A0217AD053}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [TCP Query User{5B96A38B-148B-4069-B968-B5B43E6D1E46}J:\games\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Allow) J:\games\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [UDP Query User{C4E0202C-E882-4160-AB4B-56FEF952F9A8}J:\games\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Allow) J:\games\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [TCP Query User{AFB95CDD-4D2A-4086-BE4E-CFC6109FB159}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{8DBFDF8E-46EB-4400-A608-8191DE3D9A69}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{2777E010-F98C-416B-A63D-95372533D09A}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{8B2C47E4-C4BF-47BA-8C9C-90364C1D7B03}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{9CE65CF5-8760-4003-8DE9-4ED2A6A4886C}C:\users\42and_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\42and_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{713C721F-EA0A-4C12-86C0-5E8D06ABB26B}C:\users\42and_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\42and_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0FAC354D-12AF-4942-A8EE-613F16A46829}C:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [UDP Query User{7F45C813-FBBA-49B7-92A6-79C4B5A5BD41}C:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe
FirewallRules: [TCP Query User{5E7FC8AF-A9EB-441C-A0AA-D59A684FA5D3}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{F589335B-A5B5-4384-A45C-71BD28CD9E18}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [{9ECC10A6-6F48-4502-BA1D-E5F838E49C80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0DA814B1-A64D-4379-A2BA-80621D81BF76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{12BF3E26-DB53-4884-BAA7-31B3ABD3F3B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2BFF146C-10F7-415B-80A4-26BBE55EF3B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ECDD5EEC-72BF-43CB-AC91-4E2D9B01B240}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP QUERY USER{442E1BB4-851A-4EF0-9C81-1E45696E0B18}C:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS BATTLEFRONT II\GAMEDATA\BATTLEFRONTII.EXE] => (Allow) C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [UDP QUERY USER{7CCE5D78-B3C5-4FE9-8D76-3D8A976A13C4}C:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS BATTLEFRONT II\GAMEDATA\BATTLEFRONTII.EXE] => (Allow) C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe
FirewallRules: [{DD7FB31E-480B-45CC-A1E2-4410323F5C9C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{143BB080-708D-4DCB-8F90-AFF07D404126}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{66EC4B88-212B-4463-9BD8-75AF4708EE35}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BBA3593C-18C9-41F6-B6B9-9536C8D06B63}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C3DF09E3-EEFE-4635-8502-B20AE29CA4A1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{2D5BB540-B38C-42FA-BB44-D3949373CDE4}] => (Allow) C:\Program Files\Opera\49.0.2725.39\opera.exe
FirewallRules: [{5165F6E7-DB9B-4C59-B27E-12B7ED584401}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{B39EBEDC-ECF9-47FB-B300-EB8BB4DFED0A}] => (Allow) E:\Games\Fallout 3\GeMM\fomm.exe
FirewallRules: [{482CB31E-9B69-4565-A388-78E3BF90618E}] => (Allow) E:\Games\Fallout 3\GeMM\fomm.exe
 
==================== Restore Points =========================
 
01-12-2017 19:17:22 Removed The Saboteur™
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/04/2017 02:35:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PCHunter64.exe version 1.0.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1790
 
Start Time: 01d36cda6a424240
 
Termination Time: 36518
 
Application Path: C:\Users\42and_000\Desktop\PCHunter_free\PCHunter64.exe
 
Report Id: 31bfe097-7bee-41f0-bf37-401d9760dd6c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/04/2017 02:08:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-M8GK56L)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/04/2017 01:23:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: {2766CA96-764D-4783-A691-63EFB66419B2}.exe, version: 3.1.0.15, time stamp: 0x58f5cf94
Faulting module name: {2766CA96-764D-4783-A691-63EFB66419B2}.exe, version: 3.1.0.15, time stamp: 0x58f5cf94
Exception code: 0x40000015
Fault offset: 0x0014376c
Faulting process id: 0x157c
Faulting application start time: 0x01d36ccf7c1ae72e
Faulting application path: C:\Users\42AND_~1\AppData\Local\Temp\{6D26E628-F8D5-40E7-852A-535A2EF285E6}\{2766CA96-764D-4783-A691-63EFB66419B2}.exe
Faulting module path: C:\Users\42AND_~1\AppData\Local\Temp\{6D26E628-F8D5-40E7-852A-535A2EF285E6}\{2766CA96-764D-4783-A691-63EFB66419B2}.exe
Report Id: 5ceb878d-2bbc-454b-8ab8-13a6ab7bcb5f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/04/2017 01:01:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PCHunter64.exe version 1.0.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2140
 
Start Time: 01d36ccd7c9effa4
 
Termination Time: 18
 
Application Path: C:\Users\42and_000\Desktop\PCHunter_free\PCHunter64.exe
 
Report Id: 9406c88b-8ee1-44a0-9206-4f4ddc007548
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/04/2017 12:59:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PCHunter64.exe version 1.0.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 27bc
 
Start Time: 01d36ccd003bd2b7
 
Termination Time: 20
 
Application Path: C:\Users\42and_000\Desktop\PCHunter_free\PCHunter64.exe
 
Report Id: 45c82682-910e-445c-a37b-d205e4f08e68
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/04/2017 12:41:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: f9lpic3r.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: f9lpic3r.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008de57
Faulting process id: 0xab8
Faulting application start time: 0x01d36cca5e6b4d7e
Faulting application path: C:\Users\42and_000\Desktop\f9lpic3r.exe
Faulting module path: C:\Users\42and_000\Desktop\f9lpic3r.exe
Report Id: a0fd21fa-52e4-4fcf-8322-d886bf88d176
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/03/2017 10:00:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Exception code: 0xc0000005
Fault offset: 0x00000000001b6596
Faulting process id: 0xae8
Faulting application start time: 0x01d36cb471727726
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 00b6d75a-726f-45f6-b0d2-19066499aa62
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/03/2017 09:52:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Exception code: 0xc0000005
Fault offset: 0x00000000001b6596
Faulting process id: 0x1640
Faulting application start time: 0x01d36cb350c447ef
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: c4963f20-0041-4d65-aada-114dca6a69a5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/02/2017 09:25:19 PM) (Source: MsiInstaller) (EventID: 11712) (User: WINDOWS-M8GK56L)
Description: Product: Windows 7 USB/DVD Download Tool -- Error 1712. One or more of the files required to restore your computer to its previous state could not be found. Restoration will not be possible.
 
Error: (12/02/2017 09:25:19 PM) (Source: MsiInstaller) (EventID: 11712) (User: WINDOWS-M8GK56L)
Description: Product: Windows 7 USB/DVD Download Tool -- Error 1712. One or more of the files required to restore your computer to its previous state could not be found. Restoration will not be possible.
 
 
System errors:
=============
Error: (12/04/2017 04:10:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/04/2017 04:10:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (12/04/2017 04:10:42 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xffff820129971010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80037738bc8). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: d03f8225-3209-49a1-8a28-227937f7dba9.
 
Error: (12/04/2017 04:10:14 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-M8GK56L)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user WINDOWS-M8GK56L\Isaac SID (S-1-5-21-1114006664-966733769-2668947745-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/04/2017 04:10:13 PM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-M8GK56L)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user WINDOWS-M8GK56L\Isaac SID (S-1-5-21-1114006664-966733769-2668947745-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/04/2017 04:09:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (12/04/2017 04:09:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:07:57 PM on ‎12/‎4/‎2017 was unexpected.
 
Error: (12/04/2017 12:09:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/04/2017 12:09:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (12/04/2017 12:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-04 02:17:35.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 02:17:35.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 01:49:21.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 01:49:21.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 01:33:22.759
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 01:33:22.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 01:26:30.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 01:26:30.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 00:56:05.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-12-04 00:56:05.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 42%
Total physical RAM: 8153.03 MB
Available physical RAM: 4688.48 MB
Total Virtual: 12751.03 MB
Available Virtual: 9034.57 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.07 GB) (Free:64.45 GB) NTFS
Drive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.27 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:42.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AB297F61)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Aizekku, 04 December 2017 - 07:00 PM.

  • 0

Advertisements

#2
RKinner
Posted 05 December 2017 - 05:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Let's see what is going on:

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

 

Uninstall:

Origin

Bonjour

Java 7 Update 76
Java 8 Update 121 (64-bit)
Java 8 Update 121
Java 8 Update 131
Java 8 Update 45
Java 8 Update 65
Java 8 Update 91 (64-bit)

Java SE Development Kit 8 Update 121 (64-bit)

Malwarebytes


  • 0

#3
Aizekku
Posted 05 December 2017 - 05:42 PM

Aizekku

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here it is.
 
It seems to confirm that most or all of the random crashes have stopped since I removed that suspicious "amdfx.sys" file, but they still occur when I perform more specific options, such as using certain programs and performing scans, and Avast is still not fully usable.
 
I also reinstalled Avast so that I could attempt scans in Safe Mode using their command line interface. Should I have that uninstalled as well?
 
 
 
==================================================
Dump File         : 120517-28875-01.dmp
Crash Time        : 12/5/2017 12:04:34 AM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : ffff8881`4334e010
Parameter 2       : 00000000`000000ff
Parameter 3       : 00000000`00000000
Parameter 4       : fffff801`897595ae
Caused By Driver  : aswMBR.sys
Caused By Address : aswMBR.sys+95ae
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120517-28875-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 450,964
Dump File Time    : 12/5/2017 12:06:04 AM
==================================================
 
==================================================
Dump File         : 120417-31843-01.dmp
Crash Time        : 12/4/2017 11:44:30 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : ffff8081`648ed010
Parameter 2       : 00000000`000000ff
Parameter 3       : 00000000`00000000
Parameter 4       : fffff803`49c195ae
Caused By Driver  : aswMBR.sys
Caused By Address : aswMBR.sys+95ae
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120417-31843-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 590,148
Dump File Time    : 12/4/2017 11:46:18 PM
==================================================
 
==================================================
Dump File         : 120417-28375-01.dmp
Crash Time        : 12/4/2017 6:54:43 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : ffffab80`ed2ec010
Parameter 2       : 00000000`000000ff
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`2dc595ae
Caused By Driver  : aswMBR.sys
Caused By Address : aswMBR.sys+95ae
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120417-28375-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 613,268
Dump File Time    : 12/4/2017 6:57:35 PM
==================================================
 
==================================================
Dump File         : 120417-34250-01.dmp
Crash Time        : 12/4/2017 4:08:38 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : ffff8201`29971010
Parameter 2       : 00000000`000000ff
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`37738bc8
Caused By Driver  : kwwdapod.sys
Caused By Address : kwwdapod.sys+8bc8
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120417-34250-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 578,892
Dump File Time    : 12/4/2017 4:10:42 PM
==================================================
 
==================================================
Dump File         : 120417-36515-01.dmp
Crash Time        : 12/4/2017 1:30:34 AM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff1c4`04a59bc0
Parameter 2       : 00000000`00000000
Parameter 3       : fffff800`49f68a56
Parameter 4       : 00000000`00000009
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120417-36515-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 596,124
Dump File Time    : 12/4/2017 1:32:22 AM
==================================================
 
==================================================
Dump File         : 120417-30734-01.dmp
Crash Time        : 12/4/2017 12:35:41 AM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : ffffa401`e4b4e010
Parameter 2       : 00000000`000000ff
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`79a48bc8
Caused By Driver  : kwwdapod.sys
Caused By Address : kwwdapod.sys+8bc8
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120417-30734-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 554,740
Dump File Time    : 12/4/2017 12:37:33 AM
==================================================
 
==================================================
Dump File         : 120317-30000-01.dmp
Crash Time        : 12/3/2017 11:24:24 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff6fb`7dbed800
Parameter 2       : 00000000`00000000
Parameter 3       : fffff801`b9f378be
Parameter 4       : 00000000`00000002
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-30000-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 533,908
Dump File Time    : 12/3/2017 11:25:49 PM
==================================================
 
==================================================
Dump File         : 120317-28828-01.dmp
Crash Time        : 12/3/2017 11:21:48 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff6fb`7dbedb90
Parameter 2       : 00000000`00000000
Parameter 3       : fffff800`948078be
Parameter 4       : 00000000`00000002
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-28828-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 546,964
Dump File Time    : 12/3/2017 11:23:01 PM
==================================================
 
==================================================
Dump File         : 120317-32484-01.dmp
Crash Time        : 12/3/2017 9:57:06 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a01ed8`c188b879
Parameter 2       : b3b72b5f`140a0de4
Parameter 3       : fffff803`f7170000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-32484-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 463,500
Dump File Time    : 12/3/2017 9:58:45 PM
==================================================
 
==================================================
Dump File         : 120317-30703-01.dmp
Crash Time        : 12/3/2017 6:52:26 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fddd9`86e0a4fa
Parameter 2       : b3b6ea5f`d961fa65
Parameter 3       : fffff801`54a00000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-30703-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 455,836
Dump File Time    : 12/3/2017 6:54:28 PM
==================================================
 
==================================================
Dump File         : 120317-30203-01.dmp
Crash Time        : 12/3/2017 5:53:12 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39ff65c`6a3786f3
Parameter 2       : b3b702e2`bcb9c88e
Parameter 3       : fffff801`e2f60000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-30203-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 471,076
Dump File Time    : 12/3/2017 5:54:29 PM
==================================================
 
==================================================
Dump File         : 120317-29968-01.dmp
Crash Time        : 12/3/2017 4:40:38 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fd15b`473816fa
Parameter 2       : b3b6dde1`99ba5895
Parameter 3       : fffff803`f3400000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-29968-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 463,972
Dump File Time    : 12/3/2017 4:41:47 PM
==================================================
 
==================================================
Dump File         : 120317-30250-01.dmp
Crash Time        : 12/3/2017 9:18:13 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a00062`9168b5d8
Parameter 2       : b3b70ce8`e3eaf783
Parameter 3       : fffff801`afaf0000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-30250-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 450,444
Dump File Time    : 12/3/2017 9:19:25 AM
==================================================
 
==================================================
Dump File         : 120317-36453-01.dmp
Crash Time        : 12/3/2017 8:33:28 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a00165`f9e98504
Parameter 2       : b3b70dec`4c6bc6af
Parameter 3       : fffff808`5c970000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-36453-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 462,700
Dump File Time    : 12/3/2017 8:35:19 AM
==================================================
 
==================================================
Dump File         : 120317-27203-01.dmp
Crash Time        : 12/3/2017 12:46:28 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a00759`b23a085a
Parameter 2       : b3b713e0`04bb5db5
Parameter 3       : fffff808`d0c00000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120317-27203-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 463,540
Dump File Time    : 12/3/2017 12:47:45 AM
==================================================
 
==================================================
Dump File         : 120217-34515-01.dmp
Crash Time        : 12/2/2017 10:41:44 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fef64`94f23520
Parameter 2       : b3b6fbea`e7738a7b
Parameter 3       : fffff80e`f3170000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-34515-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 458,276
Dump File Time    : 12/2/2017 10:43:06 PM
==================================================
 
==================================================
Dump File         : 120217-27421-01.dmp
Crash Time        : 12/2/2017 10:39:07 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a026e5`6263e4fe
Parameter 2       : b3b7336b`b4e53a59
Parameter 3       : fffff800`bdc40000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-27421-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 460,252
Dump File Time    : 12/2/2017 10:40:15 PM
==================================================
 
==================================================
Dump File         : 120217-27437-01.dmp
Crash Time        : 12/2/2017 10:06:24 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fcae4`74a7c5f9
Parameter 2       : b3b6d76a`c7291b64
Parameter 3       : fffff807`d9b70000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-27437-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 456,428
Dump File Time    : 12/2/2017 10:07:58 PM
==================================================
 
==================================================
Dump File         : 120217-28078-01.dmp
Crash Time        : 12/2/2017 9:31:17 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fd459`5c0a855e
Parameter 2       : b3b6e0df`ae8cc709
Parameter 3       : fffff80e`05170000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-28078-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 450,084
Dump File Time    : 12/2/2017 9:32:42 PM
==================================================
 
==================================================
Dump File         : 120217-29953-01.dmp
Crash Time        : 12/2/2017 7:52:44 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a01e64`f977fc3f
Parameter 2       : b3b72aeb`4bfa3dea
Parameter 3       : fffff800`dfcd0000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-29953-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 459,644
Dump File Time    : 12/2/2017 7:54:01 PM
==================================================
 
==================================================
Dump File         : 120217-28609-01.dmp
Crash Time        : 12/2/2017 6:15:57 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fd4e0`2a0995bf
Parameter 2       : b3b6e166`7c8aeb1a
Parameter 3       : fffff802`d0170000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-28609-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 443,412
Dump File Time    : 12/2/2017 6:17:30 PM
==================================================
 
==================================================
Dump File         : 120217-29781-01.dmp
Crash Time        : 12/2/2017 3:14:02 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fbf58`e4a8b73f
Parameter 2       : b3b6cbdf`372af8da
Parameter 3       : fffff805`16180000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-29781-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 441,372
Dump File Time    : 12/2/2017 3:15:28 PM
==================================================
 
==================================================
Dump File         : 120217-37750-01.dmp
Crash Time        : 12/2/2017 1:39:57 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fd7e6`91fdc5de
Parameter 2       : b3b6e46c`e47f1b49
Parameter 3       : fffff80b`3f390000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-37750-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 460,092
Dump File Time    : 12/2/2017 1:41:57 PM
==================================================
 
==================================================
Dump File         : 120217-118609-01.dmp
Crash Time        : 12/2/2017 1:19:25 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39febd8`9468b516
Parameter 2       : b3b6f85e`e6ea0a81
Parameter 3       : fffff805`6c920000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-118609-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 459,700
Dump File Time    : 12/2/2017 1:22:47 PM
==================================================
 
==================================================
Dump File         : 120217-33171-01.dmp
Crash Time        : 12/2/2017 12:31:36 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fd0df`b906558d
Parameter 2       : b3b6dd66`0b87aae8
Parameter 3       : fffff805`32c00000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-33171-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 460,244
Dump File Time    : 12/2/2017 12:33:05 PM
==================================================
 
==================================================
Dump File         : 120217-26640-01.dmp
Crash Time        : 12/2/2017 10:40:55 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a00858`a0eaa5a2
Parameter 2       : b3b714de`f36a7dcd
Parameter 3       : fffff80e`57440000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-26640-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 477,252
Dump File Time    : 12/2/2017 10:42:44 AM
==================================================
 
==================================================
Dump File         : 120217-27843-01.dmp
Crash Time        : 12/2/2017 9:27:12 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fde5d`7b6f164f
Parameter 2       : b3b6eae3`cdf06bba
Parameter 3       : fffff807`10cc0000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-27843-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 459,428
Dump File Time    : 12/2/2017 9:28:25 AM
==================================================
 
==================================================
Dump File         : 120217-45359-01.dmp
Crash Time        : 12/2/2017 7:37:42 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fcfe5`9135150b
Parameter 2       : b3b6dc6b`e3b66a76
Parameter 3       : fffff809`d8800000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-45359-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 453,460
Dump File Time    : 12/2/2017 7:39:17 AM
==================================================
 
==================================================
Dump File         : 120217-28687-01.dmp
Crash Time        : 12/2/2017 7:02:32 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fec62`bc53f5dd
Parameter 2       : b3b6f8e9`0ed54b38
Parameter 3       : fffff80a`5bb90000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-28687-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 464,900
Dump File Time    : 12/2/2017 7:04:42 AM
==================================================
 
==================================================
Dump File         : 120217-58578-01.dmp
Crash Time        : 12/2/2017 2:53:04 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fcae8`4b70762b
Parameter 2       : b3b6d76e`9df1cb86
Parameter 3       : fffff801`c2030000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-58578-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 474,276
Dump File Time    : 12/2/2017 2:55:15 AM
==================================================
 
==================================================
Dump File         : 120217-37625-01.dmp
Crash Time        : 12/2/2017 1:55:51 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39ff459`52c9e825
Parameter 2       : b3b700df`a54b3d90
Parameter 3       : fffff80d`f0f00000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-37625-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 462,028
Dump File Time    : 12/2/2017 1:57:40 AM
==================================================
 
==================================================
Dump File         : 120217-40578-01.dmp
Crash Time        : 12/2/2017 1:20:22 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a00265`0574a71c
Parameter 2       : b3b70eeb`57f6e8c7
Parameter 3       : fffff804`438c0000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-40578-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 466,012
Dump File Time    : 12/2/2017 1:22:06 AM
==================================================
 
==================================================
Dump File         : 120217-28015-01.dmp
Crash Time        : 12/2/2017 12:32:05 AM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a3a024da`c9c80561
Parameter 2       : b3b73161`1c4a46fc
Parameter 3       : fffff804`78e20000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120217-28015-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 468,876
Dump File Time    : 12/2/2017 12:33:28 AM
==================================================
 
==================================================
Dump File         : 120117-28078-02.dmp
Crash Time        : 12/1/2017 10:55:03 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fe1dd`dcacb868
Parameter 2       : b3b6ee64`2f2e0dd3
Parameter 3       : fffff803`1c9a0000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120117-28078-02.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 458,300
Dump File Time    : 12/1/2017 10:56:58 PM
==================================================
 
==================================================
Dump File         : 120117-28062-01.dmp
Crash Time        : 12/1/2017 9:46:02 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fced9`bcc0752f
Parameter 2       : b3b6db60`0f41ca9a
Parameter 3       : fffff809`8cba0000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120117-28062-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 455,508
Dump File Time    : 12/1/2017 9:48:02 PM
==================================================
 
==================================================
Dump File         : 120117-30390-01.dmp
Crash Time        : 12/1/2017 7:19:33 PM
Bug Check String  : 
Bug Check Code    : 0x00000109
Parameter 1       : a39fc65d`1af10749
Parameter 2       : b3b6d2e3`6d7348e4
Parameter 3       : fffff80c`6a560000
Parameter 4       : 00000000`00000019
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+16c580
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 10.0.15063.726 (WinBuild.160101.0800)
Processor         : x64
Crash Address     : ntoskrnl.exe+16c580
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\120117-30390-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 15063
Dump File Size    : 465,244
Dump File Time    : 12/1/2017 7:22:17 PM
==================================================
 

Edited by Aizekku, 05 December 2017 - 06:38 PM.

  • 0

#4
RKinner
Posted 05 December 2017 - 07:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Normally when we see a lot of known good files in BSODs it's heat related or perhaps bad memory

 

the exception to known good files is kwwdapod.sys which is almost certainly malware.  It's possible that an infection is working the CPU so hard that things are getting hot.  Let's look for kwwdapod.sys:

 

Start up FRST but don't hit SCAN.  Instead type:

 

kwwdapod.sys

 

in its Search Box then hit Search Registry.  You will get one file.  Please post it.  Repeat but this time hit Search Files.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#5
Aizekku
Posted 07 December 2017 - 10:03 AM

Aizekku

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Is "kwwdapod.sys" part of GMER? If so, something else is interfering with normal processes, causing crashes, as well as causing scans to cause crashes and keeping Avast from completing scans.
 
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by Isaac (07-12-2017 08:17:35)
Running from C:\Users\42and_000\Desktop
Boot Mode: Normal
 
================== Search Registry: "kwwdapod.sys" ===========
 
 
====== End of Search ======
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by Isaac (07-12-2017 08:38:44)
Running from C:\Users\42and_000\Desktop
Boot Mode: Normal
 
================== Search Files: "kwwdapod.sys" =============
 
C:\Users\42and_000\AppData\Local\Temp\kwwdapod.sys
[2017-12-04 16:05][2017-12-04 16:05] 000056584 _____ (GMER) A822B9E6EEDF69211013E192967BF523 [File not signed]
 
 
====== End of Search ======

 

 

 

 

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 89.68 52 K 8 K 0
opera.exe 4.24 1,024,580 K 118,192 K 7412 Opera Internet Browser Opera Software (Verified) Opera Software AS
procexp64.exe 1.49 34,388 K 68,960 K 13788 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.93 0 K 0 K n/a Hardware Interrupts and DPCs
explorer.exe 0.82 87,656 K 114,144 K 5940 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.65 86,496 K 57,868 K 1096 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
WINWORD.EXE 0.44 39,520 K 74,892 K 9700 Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
opera.exe 0.30 288,184 K 313,640 K 14872 Opera Internet Browser Opera Software (Verified) Opera Software AS
NVDisplay.Container.exe 0.25 23,252 K 18,652 K 1980 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
opera.exe 0.23 320,196 K 252,216 K 9996 Opera Internet Browser Opera Software (Verified) Opera Software AS
System 0.22 264 K 57,396 K 4
csrss.exe 0.15 2,824 K 3,796 K 972 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
opera.exe 0.12 256,352 K 284,676 K 11956 Opera Internet Browser Opera Software (Verified) Opera Software AS
FRST64.exe 0.07 25,208 K 26,980 K 1384 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
svchost.exe 0.06 13,704 K 13,256 K 3528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
opera.exe 0.05 107,896 K 81,536 K 4188 Opera Internet Browser Opera Software (Verified) Opera Software AS
nvcontainer.exe 0.04 9,096 K 16,524 K 3436 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
opera.exe 0.03 614,924 K 299,064 K 5608 Opera Internet Browser Opera Software (Verified) Opera Software AS
AppleMobileDeviceService.exe 0.02 3,692 K 7,176 K 9288 MobileDeviceService Apple Inc. (Verified) Apple Inc.
NVIDIA Web Helper.exe 0.02 29,736 K 1,856 K 2288 NVIDIA Web Helper Service Node.js (Verified) NVIDIA Corporation
opera.exe 0.01 376,644 K 378,348 K 9964 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 0.01 99,264 K 95,672 K 14456 Opera Internet Browser Opera Software (Verified) Opera Software AS
Dropbox.exe 0.01 165,328 K 103,012 K 2764 Dropbox Dropbox, Inc. (Verified) Dropbox
opera.exe 0.01 81,952 K 93,708 K 5176 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 0.01 144,848 K 79,812 K 11372 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 0.01 76,688 K 101,136 K 5152 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 0.01 119,724 K 153,272 K 2276 Opera Internet Browser Opera Software (Verified) Opera Software AS
AvastUI.exe 0.01 23,816 K 42,420 K 7864 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
AvastSvc.exe 0.01 321,692 K 39,664 K 2700 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
opera.exe 0.01 85,988 K 47,412 K 9732 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 0.01 135,000 K 89,164 K 8552 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 0.01 99,796 K 117,164 K 6424 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 139,160 K 111,504 K 8664 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 79,784 K 53,132 K 7932 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 158,560 K 75,624 K 14812 Opera Internet Browser Opera Software (Verified) Opera Software AS
lsass.exe < 0.01 6,268 K 11,724 K 224 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
opera.exe < 0.01 93,464 K 56,524 K 9408 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 97,976 K 53,472 K 2352 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 81,692 K 76,648 K 10640 Opera Internet Browser Opera Software (Verified) Opera Software AS
svchost.exe < 0.01 108,852 K 109,208 K 3484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswidsagenta.exe < 0.01 85,940 K 78,272 K 6312 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
services.exe < 0.01 4,532 K 7,788 K 284 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
opera.exe < 0.01 79,016 K 37,824 K 9736 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 81,800 K 115,100 K 14300 Opera Internet Browser Opera Software (Verified) Opera Software AS
svchost.exe < 0.01 2,188 K 4,884 K 1036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
opera.exe < 0.01 74,768 K 41,380 K 9284 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 91,316 K 51,232 K 12348 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 74,608 K 101,248 K 10556 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 98,120 K 99,792 K 8208 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 122,832 K 52,248 K 10756 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 127,544 K 52,652 K 10412 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 69,836 K 95,604 K 8288 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 90,004 K 54,804 K 2936 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe < 0.01 69,628 K 49,396 K 11692 Opera Internet Browser Opera Software (Verified) Opera Software AS
svchost.exe < 0.01 2,464 K 5,844 K 2968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ApplicationFrameHost.exe < 0.01 13,032 K 26,460 K 3192 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 11,348 K 20,044 K 836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
opera.exe < 0.01 71,388 K 48,616 K 11212 Opera Internet Browser Opera Software (Verified) Opera Software AS
TeamViewer_Service.exe < 0.01 4,876 K 9,624 K 3684 TeamViewer 10 TeamViewer GmbH (Verified) TeamViewer
SecurityHealthService.exe < 0.01 2,720 K 7,228 K 3572 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
AAM Updates Notifier.exe < 0.01 4,792 K 812 K 6132 AAM Updates Notifier Application Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
svchost.exe < 0.01 12,096 K 9,748 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,400 K 12,092 K 4380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WUDFHost.exe 2,100 K 5,352 K 1724 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,720 K 9,180 K 14092 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,444 K 6,960 K 676 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,332 K 3,828 K 980 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
wimserv.exe 37,012 K 580 K 5800 Wimfltr v2 extractor Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 8,100 K 17,088 K 4772 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 5,640 K 13,884 K 10532 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettings.exe Suspended 27,164 K 31,808 K 5024 Settings Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 17,380 K 18,156 K 1960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,096 K 11,884 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,376 K 5,752 K 1544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,676 K 6,976 K 1936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,844 K 17,368 K 3392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,736 K 9,852 K 1604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,944 K 11,744 K 1372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,236 K 7,208 K 1448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,912 K 7,996 K 1280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,476 K 9,668 K 1188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,568 K 18,936 K 3476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,088 K 14,144 K 3164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,148 K 5,588 K 9896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,640 K 9,640 K 2268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,080 K 9,972 K 2584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,568 K 8,612 K 2408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,096 K 5,708 K 3288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,152 K 7,400 K 1760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,636 K 4,324 K 2400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,548 K 6,820 K 4140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,756 K 17,228 K 3384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,904 K 5,876 K 1744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,564 K 7,436 K 6816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,580 K 8,008 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,824 K 12,512 K 6344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,348 K 17,232 K 864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 968 K 2,472 K 784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,204 K 6,692 K 1152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,564 K 3,744 K 1236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,164 K 5,272 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,448 K 3,588 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,412 K 4,884 K 1484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,352 K 3,760 K 1752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,844 K 6,424 K 1844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,068 K 4,856 K 1880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,820 K 5,652 K 1888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,836 K 9,604 K 2688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,572 K 4,040 K 2420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,004 K 14,772 K 3400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 3,560 K 3408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,400 K 5,892 K 3468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,368 K 6,916 K 3492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,676 K 9,636 K 3860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,344 K 3,400 K 4036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,248 K 14,632 K 4416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,784 K 6,276 K 4480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,280 K 21,848 K 4488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,332 K 12,236 K 4936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,824 K 5,132 K 5028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,824 K 5,068 K 5036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,988 K 7,872 K 5244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,980 K 12,364 K 6012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,236 K 7,124 K 8148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,200 K 16,248 K 7164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,256 K 11,844 K 10092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,852 K 6,412 K 5688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,708 K 5,016 K 10444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,740 K 4,952 K 10500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,704 K 4,532 K 13568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,660 K 5,620 K 4740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,820 K 8,160 K 3204 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2,952 K 6,496 K 9740 Print driver host for applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 496 K 768 K 528 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 10,208 K 18,880 K 5372 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 7,396 K 26,024 K 4428 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 65,088 K 54,680 K 7144 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 2,420 K 2,624 K 7608 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 95,780 K 69,588 K 7104 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 37,892 K 31,000 K 11260 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 15,648 K 36,860 K 5928 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 4,736 K 8,656 K 7964 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,700 K 4,236 K 2084 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,404 K 4,152 K 3444 RichVideo Module (Verified) CyberLink
RAVBg64.exe 6,184 K 7,284 K 2256 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,828 K 7,028 K 7992 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 3,448 K 11,004 K 8528 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
opera.exe 48,800 K 42,592 K 9024 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 82,044 K 82,188 K 1572 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 75,744 K 74,516 K 6660 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 37,612 K 23,800 K 5048 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 35,572 K 23,332 K 2468 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 35,768 K 36,164 K 1328 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 37,268 K 26,064 K 9084 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 48,788 K 49,240 K 7204 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 61,332 K 59,564 K 7280 Opera Internet Browser Opera Software (Verified) Opera Software AS
opera.exe 28,344 K 16,612 K 6040 Opera Internet Browser Opera Software (Verified) Opera Software AS
NvTelemetryContainer.exe 4,908 K 9,264 K 3668 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
NVDisplay.Container.exe 4,696 K 9,080 K 1664 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
nvcontainer.exe 24,964 K 23,336 K 6968 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
notepad.exe 2,748 K 11,296 K 10852 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 2,864 K 16,060 K 13552 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 3,044 K 16,864 K 12512 Notepad Microsoft Corporation (Verified) Microsoft Windows
msdtc.exe 3,136 K 7,212 K 12084 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
Memory Compression 2,116 K 804,896 K 3872
glcnd.exe Suspended 145,936 K 52,904 K 14156 Windows Reader Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
fontdrvhost.exe 17,060 K 9,104 K 824 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 10,804 K 2,420 K 804 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 2,072 K 220 K 4564 Dropbox Update Dropbox, Inc. (Verified) Dropbox
Dropbox.exe 2,116 K 6,340 K 12680 Dropbox Dropbox, Inc. (Verified) Dropbox
Dropbox.exe 1,640 K 5,664 K 13680 Dropbox Dropbox, Inc. (Verified) Dropbox
dllhost.exe 4,136 K 9,756 K 11084 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,340 K 7,364 K 7216 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DbxSvc.exe 2,756 K 4,676 K 14412 Dropbox Service Dropbox, Inc. (Verified) Dropbox
dasHost.exe 5,540 K 9,488 K 2900 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,892 K 3,704 K 888 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 1,672 K 252 K 8612 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 10,888 K 18,044 K 10244 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
 
 
 
 
 
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       528 N/A                                         
csrss.exe                      888 N/A                                         
csrss.exe                      972 N/A                                         
wininit.exe                    980 N/A                                         
winlogon.exe                   676 N/A                                         
services.exe                   284 N/A                                         
lsass.exe                      224 KeyIso, SamSs, VaultSvc                     
svchost.exe                    784 PlugPlay                                    
svchost.exe                    836 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
fontdrvhost.exe                824 N/A                                         
fontdrvhost.exe                804 N/A                                         
svchost.exe                    828 RpcEptMapper, RpcSs                         
svchost.exe                   1036 LSM                                         
dwm.exe                       1096 N/A                                         
svchost.exe                   1152 NcbService                                  
svchost.exe                   1236 hidserv                                     
svchost.exe                   1280 TimeBrokerSvc                               
svchost.exe                   1288 lmhosts                                     
svchost.exe                   1340 ProfSvc                                     
svchost.exe                   1372 Schedule                                    
svchost.exe                   1400 EventLog                                    
svchost.exe                   1448 UserManager                                 
svchost.exe                   1456 wudfsvc                                     
svchost.exe                   1484 nsi                                         
svchost.exe                   1544 Dhcp                                        
svchost.exe                   1604 NlaSvc                                      
NVDisplay.Container.exe       1664 NVDisplay.ContainerLocalSystem              
WUDFHost.exe                  1724 N/A                                         
svchost.exe                   1744 EventSystem                                 
svchost.exe                   1752 Themes                                      
svchost.exe                   1760 netprofm                                    
svchost.exe                   1844 SENS                                        
svchost.exe                   1880 AudioEndpointBuilder                        
svchost.exe                   1888 FontCache                                   
svchost.exe                   1936 Dnscache                                    
svchost.exe                   1960 BFE, CoreMessagingRegistrar, MpsSvc         
svchost.exe                   1188 Audiosrv                                    
NVDisplay.Container.exe       1980 N/A                                         
RtkAudioService64.exe         2084 RtkAudioService                             
RAVBg64.exe                   2256 N/A                                         
svchost.exe                   2268 StateRepository                             
svchost.exe                   2400 DusmSvc                                     
svchost.exe                   2408 Wcmsvc                                      
svchost.exe                   2584 WlanSvc                                     
svchost.exe                   2688 ShellHWDetection                            
AvastSvc.exe                  2700 avast! Antivirus                            
svchost.exe                   2420 DeviceAssociationService                    
dasHost.exe                   2900 N/A                                         
svchost.exe                   2968 SSDPSRV                                     
svchost.exe                   3164 tiledatamodelsvc                            
spoolsv.exe                   3204 Spooler                                     
svchost.exe                   3288 LanmanWorkstation                           
svchost.exe                   3384 DiagTrack                                   
svchost.exe                   3392 Winmgmt                                     
svchost.exe                   3400 WpnService                                  
svchost.exe                   3408 TrkWks                                      
nvcontainer.exe               3436 NvContainerLocalSystem                      
RichVideo64.exe               3444 RichVideo64                                 
svchost.exe                   3468 stisvc                                      
svchost.exe                   3476 DPS                                         
svchost.exe                   3484 SysMain                                     
svchost.exe                   3492 PcaSvc                                      
SecurityHealthService.exe     3572 SecurityHealthService                       
NvTelemetryContainer.exe      3668 NvTelemetryContainer                        
TeamViewer_Service.exe        3684 TeamViewer                                  
svchost.exe                   3860 iphlpsvc                                    
Memory Compression            3872 N/A                                         
svchost.exe                   4036 WdiServiceHost                              
svchost.exe                   4140 LanmanServer                                
svchost.exe                   4416 CDPUserSvc_12f4f3                           
sihost.exe                    4428 N/A                                         
svchost.exe                   4480 FDResPub                                    
svchost.exe                   4488 WpnUserService_12f4f3                       
DropboxUpdate.exe             4564 N/A                                         
taskhostw.exe                 4772 N/A                                         
svchost.exe                   4936 TokenBroker                                 
svchost.exe                   5028 Browser                                     
svchost.exe                   5036 PolicyAgent                                 
svchost.exe                   5244 HomeGroupProvider                           
explorer.exe                  5940 N/A                                         
svchost.exe                   6012 CDPSvc                                      
svchost.exe                   6344 CryptSvc                                    
nvcontainer.exe               6968 N/A                                         
SearchUI.exe                  7104 N/A                                         
ShellExperienceHost.exe       7144 N/A                                         
RuntimeBroker.exe             5928 N/A                                         
SettingSyncHost.exe           7608 N/A                                         
RtkNGUI64.exe                 7964 N/A                                         
RAVBg64.exe                   7992 N/A                                         
svchost.exe                   8148 Netman                                      
aswidsagenta.exe              6312 aswbIDSAgent                                
svchost.exe                   6816 wscsvc                                      
AvastUI.exe                   7864 N/A                                         
svchost.exe                   7164 OneSyncSvc_12f4f3,                          
                                   PimIndexMaintenanceSvc_12f4f3,              
                                   UnistoreSvc_12f4f3, UserDataSvc_12f4f3      
svchost.exe                   3528 DoSvc                                       
NVIDIA Web Helper.exe         2288 N/A                                         
conhost.exe                   8612 N/A                                         
AppleMobileDeviceService.     9288 Apple Mobile Device Service                 
svchost.exe                  10092 StorSvc                                     
dllhost.exe                   7216 N/A                                         
svchost.exe                    864 LicenseManager                              
svchost.exe                   5688 DsSvc                                       
ApplicationFrameHost.exe      3192 N/A                                         
svchost.exe                   9896 WinHttpAutoProxySvc                         
svchost.exe                   4380 wlidsvc                                     
opera.exe                     9996 N/A                                         
opera.exe                     5608 N/A                                         
opera.exe                     9084 N/A                                         
opera.exe                     1572 N/A                                         
opera.exe                     9964 N/A                                         
opera.exe                     2468 N/A                                         
opera.exe                     7280 N/A                                         
opera.exe                     7204 N/A                                         
opera.exe                     6660 N/A                                         
opera.exe                     1328 N/A                                         
opera.exe                     6424 N/A                                         
opera.exe                     4188 N/A                                         
opera.exe                     9024 N/A                                         
opera.exe                     6040 N/A                                         
opera.exe                     9408 N/A                                         
opera.exe                     2352 N/A                                         
opera.exe                     5048 N/A                                         
opera.exe                     7932 N/A                                         
opera.exe                     5152 N/A                                         
opera.exe                     9732 N/A                                         
opera.exe                     9736 N/A                                         
WINWORD.EXE                   9700 N/A                                         
splwow64.exe                  9740 N/A                                         
opera.exe                     8552 N/A                                         
svchost.exe                  10444 Appinfo                                     
SystemSettings.exe            5024 N/A                                         
opera.exe                    10756 N/A                                         
opera.exe                     7412 N/A                                         
opera.exe                     9284 N/A                                         
opera.exe                     5176 N/A                                         
opera.exe                    10412 N/A                                         
opera.exe                    11212 N/A                                         
AAM Updates Notifier.exe      6132 N/A                                         
opera.exe                    11692 N/A                                         
opera.exe                    11372 N/A                                         
opera.exe                    12348 N/A                                         
taskhostw.exe                10532 N/A                                         
opera.exe                    10640 N/A                                         
notepad.exe                  10852 N/A                                         
wimserv.exe                   5800 N/A                                         
dllhost.exe                  11084 COMSysApp                                   
msdtc.exe                    12084 MSDTC                                       
SearchIndexer.exe            11260 WSearch                                     
DbxSvc.exe                   14412 DbxSvc                                      
Dropbox.exe                   2764 N/A                                         
Dropbox.exe                  12680 N/A                                         
Dropbox.exe                  13680 N/A                                         
opera.exe                     2936 N/A                                         
svchost.exe                  10500 p2pimsvc                                    
svchost.exe                  13568 PNRPsvc                                     
opera.exe                     8664 N/A                                         
opera.exe                     8208 N/A                                         
glcnd.exe                    14156 N/A                                         
opera.exe                    14812 N/A                                         
opera.exe                    14456 N/A                                         
FRST64.exe                    1384 N/A                                         
notepad.exe                  13552 N/A                                         
opera.exe                     2276 N/A                                         
opera.exe                    14872 N/A                                         
opera.exe                    14300 N/A                                         
notepad.exe                  12512 N/A                                         
opera.exe                     8288 N/A                                         
opera.exe                    10556 N/A                                         
opera.exe                    11956 N/A                                         
procexp.exe                   8528 N/A                                         
procexp64.exe                13788 N/A                                         
notepad.exe                  13124 N/A                                         
WmiPrvSE.exe                 12256 N/A                                         
WmiPrvSE.exe                 12764 N/A                                         
SearchProtocolHost.exe       14164 N/A                                         
SearchFilterHost.exe          8536 N/A                                         
WmiApSrv.exe                  5360 wmiApSrv                                    
smartscreen.exe               5600 N/A                                         
audiodg.exe                  14724 N/A                                         
dllhost.exe                  15224 N/A                                         
dllhost.exe                  13512 N/A                                         
cmd.exe                       4560 N/A                                         
conhost.exe                   9164 N/A                                         
tasklist.exe                 15356 N/A                                         
 

Attached File  WINDOWS-M8GK56L.txt   115.57KB   257 downloads


  • 0

#6
RKinner
Posted 07 December 2017 - 11:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Appears to be a gmer driver.  Did you run GMER?  Do you have the log?

 

Proc Exp is not showing heavy CPU loading.  Speccy claims the CPU is not hot.  I would run a memory test to rule out bad RAM:

 

http://www.thewindow...ol-in-windows-7

 

Have you run a boot-time scan with Avast?

 

It takes like 6 hours so I usually let it run at night.

 

Will aswMBR run?

Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

 

 

 



Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP